Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Quot_466378-09.exe

Overview

General Information

Sample Name:Quot_466378-09.exe
Analysis ID:385943
MD5:2e25f6173ef97a1511c8cc555df962ba
SHA1:b673c538655452e575ca290199cc2795dab7a39f
SHA256:42b24542fa7aa0e423fe98ae7f4676c3b490d30ef2cbaa68a8ce41ddbe9e4534
Infos:

Most interesting Screenshot:

Detection

MassLogger RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AntiVM3
Yara detected MassLogger RAT
May check the online IP address of the machine
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Startup

  • System is w10x64
  • Quot_466378-09.exe (PID: 2100 cmdline: 'C:\Users\user\Desktop\Quot_466378-09.exe' MD5: 2E25F6173EF97A1511C8CC555DF962BA)
    • schtasks.exe (PID: 6368 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: MassLogger

{"Version": " v3.0.7563.31381", "FtpEnable": "false", "FtpHost": "null", "FtpUser": "null", "FtpPass": "null", "FtpPort": "21", "EmailEnable": "true", "EmailAddress": "jrepublic@keithwilliamgroup.com", "EmailSendTo": "jrepublic@keithwilliamgroup.com", "EmailPass": "[5K%E!Tp3[UZC", "EmailPort": "587", "EmailSsl": "True", "EmailClient": "mail.privateemail.com", "PanelEnable": "false", "PanelHost": "null", "ExitAfterDelivery": "false", "SelfDestruct": "false", "Mutex": "Rwbbvff", "EnableMutex": "false", "EnableAntiSandboxie": "false", "EnableAntiVMware": "false", "EnableAntiDebugger": "false", "EnableWDExclusion": "false", "EnableSearchAndUpload": "false", "EnableKeylogger": "true", "EnableBrowserRecovery": "true", "EnableScreenshot": "false", "EnableForceUac": "false", "EnableBotKiller": "false", "EnableDeleteZoneIdentifier": "false", "EnableMemoryScan": "false", "EnableAntiHoneypot": "false", "EnableOnlySendWhenPassword": "true", "ExectionDelay": "1", "SendingInterval": "1", "EnableDownloader": "false", "DownloaderUrl": "Crizp", "DownloaderFilename": "Thuocfx", "DownloaderOnce": "false", "EnableBinder": "false", "BinderBytes": "AAAAAAAA", "BinderName": "Nhwsufe_Nraotd", "BinderOnce": "false", "EnableInstall": "false", "InstallFolder": "%AppData%", "InstallSecondFolder": "Fafhhdkyp", "InstallFile": "Ldstwm"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
      • 0x81c:$op1: 04 1E FE 02 04 16 FE 01 60
      • 0x6ad:$op2: 00 17 03 1F 20 17 19 15 28
      • 0x10ff:$op3: 00 04 03 69 91 1B 40
      • 0x1fb0:$op3: 00 04 03 69 91 1B 40
      00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
        00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
        • 0x1d6864:$op1: 04 1E FE 02 04 16 FE 01 60
        • 0x63bc6c:$op1: 04 1E FE 02 04 16 FE 01 60
        • 0x1d66f5:$op2: 00 17 03 1F 20 17 19 15 28
        • 0x63bafd:$op2: 00 17 03 1F 20 17 19 15 28
        • 0x1d7147:$op3: 00 04 03 69 91 1B 40
        • 0x1d7ff8:$op3: 00 04 03 69 91 1B 40
        • 0x63c54f:$op3: 00 04 03 69 91 1B 40
        • 0x63d400:$op3: 00 04 03 69 91 1B 40
        Click to see the 7 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.Quot_466378-09.exe.3ce6e48.2.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
          6.2.Quot_466378-09.exe.400000.0.unpackQuasar_RAT_1Detects Quasar RATFlorian Roth
          • 0xa1c:$op1: 04 1E FE 02 04 16 FE 01 60
          • 0x8ad:$op2: 00 17 03 1F 20 17 19 15 28
          • 0x12ff:$op3: 00 04 03 69 91 1B 40
          • 0x21b0:$op3: 00 04 03 69 91 1B 40
          6.2.Quot_466378-09.exe.400000.0.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
            0.2.Quot_466378-09.exe.3d67468.3.raw.unpackQuasar_RAT_1Detects Quasar RATFlorian Roth
            • 0x3e5804:$op1: 04 1E FE 02 04 16 FE 01 60
            • 0x3e5695:$op2: 00 17 03 1F 20 17 19 15 28
            • 0x3e60e7:$op3: 00 04 03 69 91 1B 40
            • 0x3e6f98:$op3: 00 04 03 69 91 1B 40
            0.2.Quot_466378-09.exe.3d67468.3.raw.unpackJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
              Click to see the 2 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Scheduled temp file as task from temp locationShow sources
              Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\Quot_466378-09.exe' , ParentImage: C:\Users\user\Desktop\Quot_466378-09.exe, ParentProcessId: 2100, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp', ProcessId: 6368

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpMalware Configuration Extractor: MassLogger {"Version": " v3.0.7563.31381", "FtpEnable": "false", "FtpHost": "null", "FtpUser": "null", "FtpPass": "null", "FtpPort": "21", "EmailEnable": "true", "EmailAddress": "jrepublic@keithwilliamgroup.com", "EmailSendTo": "jrepublic@keithwilliamgroup.com", "EmailPass": "[5K%E!Tp3[UZC", "EmailPort": "587", "EmailSsl": "True", "EmailClient": "mail.privateemail.com", "PanelEnable": "false", "PanelHost": "null", "ExitAfterDelivery": "false", "SelfDestruct": "false", "Mutex": "Rwbbvff", "EnableMutex": "false", "EnableAntiSandboxie": "false", "EnableAntiVMware": "false", "EnableAntiDebugger": "false", "EnableWDExclusion": "false", "EnableSearchAndUpload": "false", "EnableKeylogger": "true", "EnableBrowserRecovery": "true", "EnableScreenshot": "false", "EnableForceUac": "false", "EnableBotKiller": "false", "EnableDeleteZoneIdentifier": "false", "EnableMemoryScan": "false", "EnableAntiHoneypot": "false", "EnableOnlySendWhenPassword": "true", "ExectionDelay": "1", "SendingInterval": "1", "EnableDownloader": "false", "DownloaderUrl": "Crizp", "DownloaderFilename": "Thuocfx", "DownloaderOnce": "false", "EnableBinder": "false", "BinderBytes": "AAAAAAAA", "BinderName": "Nhwsufe_Nraotd", "BinderOnce": "false", "EnableInstall": "false", "InstallFolder": "%AppData%", "InstallSecondFolder": "Fafhhdkyp", "InstallFile": "Ldstwm"}
              Multi AV Scanner detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Roaming\LmiSveQi.exeMetadefender: Detection: 21%Perma Link
              Source: C:\Users\user\AppData\Roaming\LmiSveQi.exeReversingLabs: Detection: 65%
              Multi AV Scanner detection for submitted fileShow sources
              Source: Quot_466378-09.exeVirustotal: Detection: 60%Perma Link
              Source: Quot_466378-09.exeMetadefender: Detection: 21%Perma Link
              Source: Quot_466378-09.exeReversingLabs: Detection: 65%
              Source: Quot_466378-09.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: Quot_466378-09.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Networking:

              barindex
              May check the online IP address of the machineShow sources
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: C:\Users\user\Desktop\Quot_466378-09.exeDNS query: name: api.ipify.org
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: api.ipify.orgConnection: Keep-Alive
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: fUsage: https://www.youtube.com/watch?v=Qxk6cu21JSg equals www.youtube.com (Youtube)
              Source: unknownDNS traffic detected: queries for: api.ipify.org
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.org/
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: http://api.ipify.orgD
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: Quot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: Quot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.239744218.00000000080B5000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: Quot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
              Source: Quot_466378-09.exe, 00000000.00000003.240123865.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comOlk
              Source: Quot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.coma
              Source: Quot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcom
              Source: Quot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcomF
              Source: Quot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
              Source: Quot_466378-09.exe, 00000000.00000003.239499557.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd#lO
              Source: Quot_466378-09.exe, 00000000.00000003.239641105.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdlm
              Source: Quot_466378-09.exe, 00000000.00000003.240370227.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comed
              Source: Quot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comessed
              Source: Quot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgreta
              Source: Quot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comgrita
              Source: Quot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comituo
              Source: Quot_466378-09.exe, 00000000.00000003.239187124.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comsiefOlk
              Source: Quot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comuj
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: Quot_466378-09.exe, 00000000.00000003.235916125.000000000807A000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnG
              Source: Quot_466378-09.exe, 00000000.00000003.241217841.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.237708764.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: Quot_466378-09.exe, 00000000.00000003.239045901.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/#lO
              Source: Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/1l=
              Source: Quot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/8lD
              Source: Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Olk
              Source: Quot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0
              Source: Quot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
              Source: Quot_466378-09.exe, 00000000.00000003.236641430.00000000080AC000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/l
              Source: Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/lm
              Source: Quot_466378-09.exe, 00000000.00000003.236641430.00000000080AC000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/n-u
              Source: Quot_466378-09.exe, 00000000.00000003.240903567.00000000080AE000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.
              Source: Quot_466378-09.exe, 00000000.00000003.241061599.0000000008093000.00000004.00000001.sdmpString found in binary or memory: http://www.monotype.R
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: Quot_466378-09.exe, 00000000.00000003.236032290.0000000008079000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.
              Source: Quot_466378-09.exe, 00000000.00000003.236032290.0000000008079000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.#
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/watch?v=Qxk6cu21JSg
              Source: Quot_466378-09.exe, 00000000.00000002.268134442.0000000000EE9000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
              Source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
              Source: 6.2.Quot_466378-09.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
              Source: 0.2.Quot_466378-09.exe.3d67468.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
              Source: 0.2.Quot_466378-09.exe.3ce6e48.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012022080_2_01202208
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012004700_2_01200470
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_01200FB00_2_01200FB0
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012031500_2_01203150
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012017F10_2_012017F1
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_01209B600_2_01209B60
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012020410_2_01202041
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012040880_2_01204088
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012040980_2_01204098
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_01200F1B0_2_01200F1B
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_01204ED90_2_01204ED9
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012030C30_2_012030C3
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012052C80_2_012052C8
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012052D80_2_012052D8
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012054690_2_01205469
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_012054780_2_01205478
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_01209B500_2_01209B50
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B155A40_2_04B155A4
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B1C1600_2_04B1C160
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B1C1500_2_04B1C150
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_017F08206_2_017F0820
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_017F5C476_2_017F5C47
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_017F04D86_2_017F04D8
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_017F04C96_2_017F04C9
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_017F08136_2_017F0813
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_034822886_2_03482288
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_034819B86_2_034819B8
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_0348AB8B6_2_0348AB8B
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_0348AB986_2_0348AB98
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_034857786_2_03485778
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_034816706_2_03481670
              Source: Quot_466378-09.exe, 00000000.00000002.278461604.0000000005E20000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMajorRevision.exe< vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.282564626.0000000009660000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamemscorrc.dllT vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.267789126.0000000000884000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDH/f7.exeF vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: OriginalFilename vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameMetroFramework.dll> vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: OriginalFilename" vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.278985246.0000000006190000.00000002.00000001.sdmpBinary or memory string: System.OriginalFileName vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.278432380.0000000005B30000.00000002.00000001.sdmpBinary or memory string: originalfilename vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.278432380.0000000005B30000.00000002.00000001.sdmpBinary or memory string: OriginalFilenamepropsys.dll.mui@ vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000000.00000002.268134442.0000000000EE9000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000006.00000000.262780503.0000000000FD4000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameDH/f7.exeF vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000006.00000002.506492542.0000000006DA9000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Quot_466378-09.exe
              Source: Quot_466378-09.exe, 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilename" vs Quot_466378-09.exe
              Source: Quot_466378-09.exeBinary or memory string: OriginalFilenameDH/f7.exeF vs Quot_466378-09.exe
              Source: Quot_466378-09.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
              Source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 6.2.Quot_466378-09.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.Quot_466378-09.exe.3d67468.3.raw.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: 0.2.Quot_466378-09.exe.3ce6e48.2.raw.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
              Source: Quot_466378-09.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: LmiSveQi.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/3@2/1
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile created: C:\Users\user\AppData\Roaming\LmiSveQi.exeJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeMutant created: \Sessions\1\BaseNamedObjects\lyBmVHenljRsBputjU
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_01
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile created: C:\Users\user\AppData\Local\Temp\tmp776F.tmpJump to behavior
              Source: Quot_466378-09.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Quot_466378-09.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM WIN32_PROCESSOR
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile read: C:\Windows\win.iniJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Quot_466378-09.exeVirustotal: Detection: 60%
              Source: Quot_466378-09.exeMetadefender: Detection: 21%
              Source: Quot_466378-09.exeReversingLabs: Detection: 65%
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile read: C:\Users\user\Desktop\Quot_466378-09.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Quot_466378-09.exe 'C:\Users\user\Desktop\Quot_466378-09.exe'
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp'
              Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Users\user\Desktop\Quot_466378-09.exe {path}
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Users\user\Desktop\Quot_466378-09.exe {path}Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Quot_466378-09.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Quot_466378-09.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
              Source: Quot_466378-09.exeStatic file information: File size 1579008 > 1048576
              Source: Quot_466378-09.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x180c00
              Source: Quot_466378-09.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

              Data Obfuscation:

              barindex
              Yara detected Costura Assembly LoaderShow sources
              Source: Yara matchFile source: 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 2100, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 6432, type: MEMORY
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_00704351 push eax; ret 0_2_0070439C
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_007024D6 push ecx; iretd 0_2_007024D7
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_007027D7 push 86DF6B68h; retf 0_2_007027E7
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_00702B83 push ebx; iretd 0_2_00702C24
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_0070558A pushfd ; retf 0_2_00705592
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B12404 push E802005Eh; ret 0_2_04B12409
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B13452 pushfd ; ret 0_2_04B13459
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B140A0 push esp; retf 0_2_04B140A1
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 0_2_04B111B9 push eax; mov dword ptr [esp], edx0_2_04B111CC
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_00E527D7 push 86DF6B68h; retf 6_2_00E527E7
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_00E524D6 push ecx; iretd 6_2_00E524D7
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_00E52B83 push ebx; iretd 6_2_00E52C24
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_00E5558A pushfd ; retf 6_2_00E55592
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_00E54351 push eax; ret 6_2_00E5439C
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_0348DA8C push FFFFFF8Bh; retf 6_2_0348DA8F
              Source: C:\Users\user\Desktop\Quot_466378-09.exeCode function: 6_2_0348FF2E push es; ret 6_2_0348FF30
              Source: initial sampleStatic PE information: section name: .text entropy: 7.58063381917
              Source: initial sampleStatic PE information: section name: .text entropy: 7.58063381917
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile created: C:\Users\user\AppData\Roaming\LmiSveQi.exeJump to dropped file

              Boot Survival:

              barindex
              Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp'
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Yara detected AntiVM3Show sources
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 2100, type: MEMORY
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_VideoController
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3600000Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599656Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599500Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599156Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598985Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598860Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598750Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598641Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598485Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598078Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597797Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597656Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597547Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597188Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597047Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596906Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596750Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596469Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596094Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595985Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595860Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594125Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593781Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593672Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593500Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593375Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593266Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593156Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593016Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592578Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592094Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3591235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3591110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWindow / User API: threadDelayed 4516Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWindow / User API: threadDelayed 4842Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 3220Thread sleep time: -31500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 4380Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -21213755684765971s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3600000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3599844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3599656s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3599500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3599360s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3599156s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598985s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598860s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598641s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598485s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598360s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3598078s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597953s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597797s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597656s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597547s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597360s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597188s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3597047s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596906s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596750s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596610s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596469s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596360s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3596094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595985s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595860s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595735s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595610s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595235s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3595110s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594953s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594735s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594610s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594235s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3594125s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593953s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593781s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593672s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593500s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593375s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593266s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593156s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3593016s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3592578s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3592453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3592344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3592203s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3592094s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3591235s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3591110s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590953s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590735s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590610s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590235s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3590110s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589953s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589844s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589735s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589610s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589453s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exe TID: 7020Thread sleep time: -3589344s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM WIN32_PROCESSOR
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 31500Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3600000Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599656Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599500Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3599156Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598985Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598860Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598750Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598641Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598485Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3598078Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597797Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597656Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597547Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597188Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3597047Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596906Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596750Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596469Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596360Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3596094Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595985Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595860Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3595110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3594125Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593781Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593672Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593500Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593375Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593266Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593156Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3593016Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592578Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592203Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3592094Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3591235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3591110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590344Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590235Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3590110Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589953Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589844Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589735Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589610Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589453Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeThread delayed: delay time: 3589344Jump to behavior
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIOData Source=localhost\sqlexpress;Initial Catalog=dbSMS;Integrated Security=True
              Source: Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpBinary or memory string: vmware
              Source: Quot_466378-09.exe, 00000006.00000002.505288561.00000000059F8000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
              Source: Quot_466378-09.exe, 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmpBinary or memory string: EnableAntiVMware
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: VMWARE
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\Enum
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
              Source: Quot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmpBinary or memory string: vmwareNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeMemory allocated: page read and write | page guardJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp'Jump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeProcess created: C:\Users\user\Desktop\Quot_466378-09.exe {path}Jump to behavior
              Source: Quot_466378-09.exe, 00000006.00000002.500403716.0000000001CC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: Quot_466378-09.exe, 00000006.00000002.500403716.0000000001CC0000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: Quot_466378-09.exe, 00000006.00000002.500403716.0000000001CC0000.00000002.00000001.sdmpBinary or memory string: SProgram Managerl
              Source: Quot_466378-09.exe, 00000006.00000002.500403716.0000000001CC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd,
              Source: Quot_466378-09.exe, 00000006.00000002.500403716.0000000001CC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Users\user\Desktop\Quot_466378-09.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Users\user\Desktop\Quot_466378-09.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Quot_466378-09.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Quot_466378-09.exe, 00000006.00000002.499843011.00000000015D8000.00000004.00000020.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\Quot_466378-09.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct

              Stealing of Sensitive Information:

              barindex
              Yara detected MassLogger RATShow sources
              Source: Yara matchFile source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 2100, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 6432, type: MEMORY
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3ce6e48.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.Quot_466378-09.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3d67468.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3ce6e48.2.raw.unpack, type: UNPACKEDPE
              Tries to harvest and steal browser information (history, passwords, etc)Show sources
              Source: C:\Users\user\Desktop\Quot_466378-09.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Tries to steal Mail credentials (via file access)Show sources
              Source: C:\Users\user\Desktop\Quot_466378-09.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
              Source: Yara matchFile source: 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 6432, type: MEMORY

              Remote Access Functionality:

              barindex
              Yara detected MassLogger RATShow sources
              Source: Yara matchFile source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 2100, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Quot_466378-09.exe PID: 6432, type: MEMORY
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3ce6e48.2.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 6.2.Quot_466378-09.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3d67468.3.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 0.2.Quot_466378-09.exe.3ce6e48.2.raw.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation121Scheduled Task/Job1Process Injection12Masquerading1OS Credential Dumping1Security Software Discovery341Remote ServicesEmail Collection1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsScheduled Task/Job1Boot or Logon Initialization ScriptsScheduled Task/Job1Disable or Modify Tools1Input Capture1Process Discovery2Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion141Security Account ManagerVirtualization/Sandbox Evasion141SMB/Windows Admin SharesArchive Collected Data1Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSApplication Window Discovery1Distributed Component Object ModelData from Local System1Scheduled TransferApplication Layer Protocol2SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information2LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing2Cached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery15Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Quot_466378-09.exe60%VirustotalBrowse
              Quot_466378-09.exe27%MetadefenderBrowse
              Quot_466378-09.exe66%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\LmiSveQi.exe27%MetadefenderBrowse
              C:\Users\user\AppData\Roaming\LmiSveQi.exe66%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              6.2.Quot_466378-09.exe.400000.0.unpack100%AviraHEUR/AGEN.1139343Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://www.monotype.R0%Avira URL Cloudsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.fontbureau.comsiefOlk0%Avira URL Cloudsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.tiro.com0%URL Reputationsafe
              http://www.fontbureau.comessed0%URL Reputationsafe
              http://www.fontbureau.comessed0%URL Reputationsafe
              http://www.fontbureau.comessed0%URL Reputationsafe
              http://www.fontbureau.comessed0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.goodfont.co.kr0%URL Reputationsafe
              http://www.founder.com.cn/cnG0%Avira URL Cloudsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.sajatypeworks.com0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.typography.netD0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://fontfabrik.com0%URL Reputationsafe
              http://www.fontbureau.comgrita0%URL Reputationsafe
              http://www.fontbureau.comgrita0%URL Reputationsafe
              http://www.fontbureau.comgrita0%URL Reputationsafe
              http://www.fontbureau.comgrita0%URL Reputationsafe
              http://api.ipify.orgD0%URL Reputationsafe
              http://api.ipify.orgD0%URL Reputationsafe
              http://api.ipify.orgD0%URL Reputationsafe
              http://api.ipify.orgD0%URL Reputationsafe
              http://www.fontbureau.comgreta0%URL Reputationsafe
              http://www.fontbureau.comgreta0%URL Reputationsafe
              http://www.fontbureau.comgreta0%URL Reputationsafe
              http://www.fontbureau.comgreta0%URL Reputationsafe
              http://www.fontbureau.comcom0%URL Reputationsafe
              http://www.fontbureau.comcom0%URL Reputationsafe
              http://www.fontbureau.comcom0%URL Reputationsafe
              http://www.fontbureau.comcom0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/n-u0%Avira URL Cloudsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/Y00%URL Reputationsafe
              http://www.fontbureau.comed0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/1l=0%Avira URL Cloudsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.sandoll.co.kr0%URL Reputationsafe
              http://www.tiro.#0%Avira URL Cloudsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.urwpp.deDPlease0%URL Reputationsafe
              http://www.fontbureau.comdlm0%Avira URL Cloudsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.zhongyicts.com.cn0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.sakkal.com0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/#lO0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/lm0%Avira URL Cloudsafe
              http://www.galapagosdesign.com/0%URL Reputationsafe
              http://www.galapagosdesign.com/0%URL Reputationsafe
              http://www.galapagosdesign.com/0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comF0%URL Reputationsafe
              http://www.fontbureau.comituo0%Avira URL Cloudsafe
              http://www.fontbureau.comuj0%Avira URL Cloudsafe
              http://www.fontbureau.comd#lO0%Avira URL Cloudsafe
              http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
              http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
              http://www.fontbureau.coma0%URL Reputationsafe
              http://www.fontbureau.coma0%URL Reputationsafe
              http://www.fontbureau.coma0%URL Reputationsafe
              http://www.fontbureau.comd0%URL Reputationsafe
              http://www.fontbureau.comd0%URL Reputationsafe
              http://www.fontbureau.comd0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              elb097307-934924932.us-east-1.elb.amazonaws.com
              		54.225.165.85
              		truefalse
                		high
                api.ipify.org
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://api.ipify.org/false
                    		high

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.fontbureau.com/designersGQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                      		high
                      http://www.fontbureau.com/designers/?Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                        		high
                        http://www.monotype.RQuot_466378-09.exe, 00000000.00000003.241061599.0000000008093000.00000004.00000001.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.founder.com.cn/cn/bTheQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers?Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                          		high
                          http://www.fontbureau.comsiefOlkQuot_466378-09.exe, 00000000.00000003.239187124.00000000080AE000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.tiro.comQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designersQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.comessedQuot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.goodfont.co.krQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cnGQuot_466378-09.exe, 00000000.00000003.235916125.000000000807A000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.sajatypeworks.comQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.typography.netDQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.founder.com.cn/cn/cTheQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.galapagosdesign.com/staff/dennis.htmQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://fontfabrik.comQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comgritaQuot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://api.ipify.orgDQuot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comgretaQuot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.comcomQuot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.jiyu-kobo.co.jp/n-uQuot_466378-09.exe, 00000000.00000003.236641430.00000000080AC000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.fontbureau.com/Quot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/DPleaseQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/Y0Quot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comedQuot_466378-09.exe, 00000000.00000003.240370227.00000000080AE000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/1l=Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fonts.comQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                		high
                                http://www.sandoll.co.krQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.tiro.#Quot_466378-09.exe, 00000000.00000003.236032290.0000000008079000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.urwpp.deDPleaseQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.comdlmQuot_466378-09.exe, 00000000.00000003.239641105.00000000080AE000.00000004.00000001.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.zhongyicts.com.cnQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQuot_466378-09.exe, 00000000.00000002.268570380.0000000002B11000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.sakkal.comQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/#lOQuot_466378-09.exe, 00000000.00000003.239045901.00000000080AE000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/lmQuot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.apache.org/licenses/LICENSE-2.0Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.fontbureau.comQuot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpfalse
                                      		high
                                      http://www.galapagosdesign.com/Quot_466378-09.exe, 00000000.00000003.241217841.00000000080AE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comFQuot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.239283146.00000000080AE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comituoQuot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.comujQuot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.fontbureau.comd#lOQuot_466378-09.exe, 00000000.00000003.239499557.00000000080AE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.jiyu-kobo.co.jp/jp/Quot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comaQuot_466378-09.exe, 00000000.00000003.250068812.00000000080AE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comdQuot_466378-09.exe, 00000000.00000003.239661339.00000000080AE000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.carterandcone.comlQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.fontbureau.comOlkQuot_466378-09.exe, 00000000.00000003.240123865.00000000080AE000.00000004.00000001.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://api.ipify.orgQuot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.tiro.Quot_466378-09.exe, 00000000.00000003.236032290.0000000008079000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/8lDQuot_466378-09.exe, 00000000.00000003.238084992.00000000080AE000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fontbureau.com/designers/cabarga.htmlNQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.founder.com.cn/cnQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.fontbureau.com/designers/frere-jones.htmlQuot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.239744218.00000000080B5000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.jiyu-kobo.co.jp/OlkQuot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.monotype.Quot_466378-09.exe, 00000000.00000003.240903567.00000000080AE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.comcomFQuot_466378-09.exe, 00000000.00000003.240415845.00000000080AE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/Quot_466378-09.exe, 00000000.00000003.237364020.00000000080AE000.00000004.00000001.sdmp, Quot_466378-09.exe, 00000000.00000003.237708764.00000000080AE000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.jiyu-kobo.co.jp/lQuot_466378-09.exe, 00000000.00000003.236641430.00000000080AC000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            http://www.fontbureau.com/designers8Quot_466378-09.exe, 00000000.00000002.282310763.0000000009282000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.youtube.com/watch?v=Qxk6cu21JSgQuot_466378-09.exe, 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmpfalse
                                                		high

                                                Contacted IPs

                                                • No. of IPs < 25%
                                                • 25% < No. of IPs < 50%
                                                • 50% < No. of IPs < 75%
                                                • 75% < No. of IPs

                                                Public

                                                IPDomainCountryFlagASNASN NameMalicious
                                                54.225.165.85
                                                		elb097307-934924932.us-east-1.elb.amazonaws.comUnited States
                                                		14618AMAZON-AESUSfalse

                                                General Information

                                                Joe Sandbox Version:31.0.0 Emerald
                                                Analysis ID:385943
                                                Start date:13.04.2021
                                                Start time:10:21:11
                                                Joe Sandbox Product:CloudBasic
                                                Overall analysis duration:0h 9m 39s
                                                Hypervisor based Inspection enabled:false
                                                Report type:full
                                                Sample file name:Quot_466378-09.exe
                                                Cookbook file name:default.jbs
                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                Number of analysed new started processes analysed:26
                                                Number of new started drivers analysed:0
                                                Number of existing processes analysed:0
                                                Number of existing drivers analysed:0
                                                Number of injected processes analysed:0
                                                Technologies:
                                                • HCA enabled
                                                • EGA enabled
                                                • HDC enabled
                                                • AMSI enabled
                                                Analysis Mode:default
                                                Analysis stop reason:Timeout
                                                Detection:MAL
                                                Classification:mal100.troj.spyw.evad.winEXE@6/3@2/1
                                                EGA Information:
                                                • Successful, ratio: 100%
                                                HDC Information:
                                                • Successful, ratio: 1.6% (good quality ratio 0.7%)
                                                • Quality average: 27.7%
                                                • Quality standard deviation: 33.6%
                                                HCA Information:
                                                • Successful, ratio: 97%
                                                • Number of executed functions: 194
                                                • Number of non-executed functions: 10
                                                Cookbook Comments:
                                                • Adjust boot time
                                                • Enable AMSI
                                                • Found application associated with file extension: .exe
                                                Warnings:
                                                Show All
                                                • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                • Excluded IPs from analysis (whitelisted): 20.50.102.62, 131.253.33.200, 13.107.22.200, 93.184.220.29, 104.42.151.234, 92.122.145.220, 13.88.21.125, 184.30.24.56, 20.82.210.154, 23.32.238.234, 23.32.238.177, 2.20.142.210, 2.20.142.209, 2.18.213.56, 2.18.213.74, 20.54.26.129, 51.103.5.186
                                                • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, arc.msn.com.nsatc.net, cs9.wac.phicdn.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, ocsp.digicert.com, www-bing-com.dual-a-0001.a-msedge.net, audownload.windowsupdate.nsatc.net, arc.trafficmanager.net, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, www.bing.com, client.wns.windows.com, fs.microsoft.com, ris-prod.trafficmanager.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, dual-a-0001.dc-msedge.net, ris.api.iris.microsoft.com, a-0001.a-afdentry.net.trafficmanager.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, skypedataprdcolwus16.cloudapp.net, skypedataprdcolwus15.cloudapp.net
                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                Simulations

                                                Behavior and APIs

                                                TimeTypeDescription
                                                10:22:14API Interceptor771x Sleep call for process: Quot_466378-09.exe modified

                                                Joe Sandbox View / Context

                                                IPs

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                54.225.165.85dzDuodOG0V.exeGet hashmaliciousBrowse
                                                • api.ipify.org/?format=xml
                                                msals.dllGet hashmaliciousBrowse
                                                • api.ipify.org/?format=xml

                                                Domains

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                elb097307-934924932.us-east-1.elb.amazonaws.comMTCC169.DLLGet hashmaliciousBrowse
                                                • 54.225.222.160
                                                yHm3PFVYHK.exeGet hashmaliciousBrowse
                                                • 54.221.253.252
                                                C++ Dropper.exeGet hashmaliciousBrowse
                                                • 50.19.96.218
                                                IntegraL.exeGet hashmaliciousBrowse
                                                • 23.21.252.4
                                                UbhjHs1ak0.exeGet hashmaliciousBrowse
                                                • 50.19.252.36
                                                wininit.dllGet hashmaliciousBrowse
                                                • 50.19.252.36
                                                0408_391585988029.docGet hashmaliciousBrowse
                                                • 54.221.253.252
                                                msals.pumpl.dllGet hashmaliciousBrowse
                                                • 54.235.83.248
                                                frox0cheats.exeGet hashmaliciousBrowse
                                                • 54.225.222.160
                                                Lucky_Execute.exeGet hashmaliciousBrowse
                                                • 23.21.140.41
                                                Lucky Execute.exeGet hashmaliciousBrowse
                                                • 54.225.222.160
                                                0208_54741869750132.docGet hashmaliciousBrowse
                                                • 23.21.140.41
                                                X2xf6Qzl46.exeGet hashmaliciousBrowse
                                                • 107.22.233.72
                                                msals.pumpl.dllGet hashmaliciousBrowse
                                                • 50.19.252.36
                                                DropDll.dllGet hashmaliciousBrowse
                                                • 54.225.165.85
                                                Ordine d'acquisto 240517_04062021.exeGet hashmaliciousBrowse
                                                • 23.21.140.41
                                                msals.pumpl.dllGet hashmaliciousBrowse
                                                • 107.22.233.72
                                                0406_37400496097832.docGet hashmaliciousBrowse
                                                • 54.225.157.230
                                                FN vw Safety 1 & 2.exeGet hashmaliciousBrowse
                                                • 54.225.165.85
                                                MV TBN.uslfze.exeGet hashmaliciousBrowse
                                                • 23.21.48.44

                                                ASN

                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                AMAZON-AESUSProduct_Samples.xlsxGet hashmaliciousBrowse
                                                • 54.198.222.183
                                                MTCC169.DLLGet hashmaliciousBrowse
                                                • 54.225.222.160
                                                originfile8.docGet hashmaliciousBrowse
                                                • 23.20.114.125
                                                yHm3PFVYHK.exeGet hashmaliciousBrowse
                                                • 54.221.253.252
                                                commercial invoice & packing list doc.exeGet hashmaliciousBrowse
                                                • 52.20.197.7
                                                V3kT2daGkz.exeGet hashmaliciousBrowse
                                                • 34.238.79.100
                                                Bank Details.xlsxGet hashmaliciousBrowse
                                                • 3.230.51.235
                                                s6G3ZtvHZg.exeGet hashmaliciousBrowse
                                                • 52.206.71.220
                                                IntegraL.exeGet hashmaliciousBrowse
                                                • 23.21.252.4
                                                CIVIP-8287377.exeGet hashmaliciousBrowse
                                                • 54.165.198.12
                                                remittance info.xlsxGet hashmaliciousBrowse
                                                • 3.223.115.185
                                                782kQ15aYm.dllGet hashmaliciousBrowse
                                                • 54.197.173.238
                                                Five.exeGet hashmaliciousBrowse
                                                • 54.227.172.114
                                                Skype.exeGet hashmaliciousBrowse
                                                • 54.242.208.103
                                                UbhjHs1ak0.exeGet hashmaliciousBrowse
                                                • 50.19.252.36
                                                6BympvyPAv.exeGet hashmaliciousBrowse
                                                • 3.210.100.17
                                                Sales Invoice NO CN 6739.exeGet hashmaliciousBrowse
                                                • 54.147.194.143
                                                Open Invoice & Statements.htmGet hashmaliciousBrowse
                                                • 18.215.65.232
                                                Statement Of account.exeGet hashmaliciousBrowse
                                                • 3.223.115.185
                                                wininit.dllGet hashmaliciousBrowse
                                                • 50.19.252.36

                                                JA3 Fingerprints

                                                No context

                                                Dropped Files

                                                No context

                                                Created / dropped Files

                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quot_466378-09.exe.log
                                                Process:C:\Users\user\Desktop\Quot_466378-09.exe
                                                File Type:ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1216
                                                Entropy (8bit):5.355304211458859
                                                Encrypted:false
                                                SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                Malicious:true
                                                Reputation:high, very likely benign file
                                                Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                C:\Users\user\AppData\Local\Temp\tmp776F.tmp
                                                Process:C:\Users\user\Desktop\Quot_466378-09.exe
                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                Category:dropped
                                                Size (bytes):1645
                                                Entropy (8bit):5.165902702475025
                                                Encrypted:false
                                                SSDEEP:24:2dH4+SEqC/a7hTlNMFpH/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB40tn:cbhC7ZlNQF/rydbz9I3YODOLNdq3Wy
                                                MD5:0A79916553151A4288557B982AB69BB4
                                                SHA1:4118F388772E9E50C636D47B1D605DF804DFFA39
                                                SHA-256:D546CD7F5C63A7553C9DB8C7CF381464DB4EB17AF928A033A206A79A6DE70E8E
                                                SHA-512:1F044C0F5411D575CE044B33EF4418A674C78264E3F73A0526D8CD537F55D4552B53AECAFA93C3752AEAC08CBB711A2508D74C81738A03AF44E726BC88219CC1
                                                Malicious:true
                                                Reputation:low
                                                Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>t
                                                C:\Users\user\AppData\Roaming\LmiSveQi.exe
                                                Process:C:\Users\user\Desktop\Quot_466378-09.exe
                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Category:dropped
                                                Size (bytes):1579008
                                                Entropy (8bit):7.576354690732077
                                                Encrypted:false
                                                SSDEEP:24576:N4bQ/BCmjcC+o2jRV05soPpkQorPuibSZacLK8qxGipeNaMKH+:Cqtwm21V05RvorPVc5LKZxfpeN/C
                                                MD5:2E25F6173EF97A1511C8CC555DF962BA
                                                SHA1:B673C538655452E575CA290199CC2795DAB7A39F
                                                SHA-256:42B24542FA7AA0E423FE98AE7F4676C3B490D30EF2CBAA68A8CE41DDBE9E4534
                                                SHA-512:A1857CBABAA6619C95C3A8CFA105E6115F3F68B9D778AE9FDA36C54C26A741F13A99E91EEE229479493633A2378865EA0EBA62607FDF9D9FA0E7013BFA8A10B6
                                                Malicious:true
                                                Antivirus:
                                                • Antivirus: Metadefender, Detection: 27%, Browse
                                                • Antivirus: ReversingLabs, Detection: 66%
                                                Reputation:low
                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o`..............0.............n*... ...@....@.. ....................................@..................................*..W....@.......................`....................................................... ............... ..H............text...t.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................P*......H.......0....-......_...P....U...........................................N.I...Gf.......(..^.0.74.@.&.....r..Z.)..-......+&...,..M.q?s.. ....jHv$..o.O...e....5i5S........V..Y{{..1!..._LG{...3..t...!.43/Y.........*\5...E. ..|/.e....acn.1...xm.8f.f.}.n.p.@..e8.[...a.x>HI....x9&.c.9G<.m.L..:..`......!....J..U...........u/.5.AR.>.......@.4......H.uM............m..D.PW../..o....o...c ...YO.@......Ak..........r!=....>*5......z.`....%h.....t.:k.....}.~$..*.V(.....

                                                Static File Info

                                                General

                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                Entropy (8bit):7.576354690732077
                                                TrID:
                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                • Windows Screen Saver (13104/52) 0.07%
                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                File name:Quot_466378-09.exe
                                                File size:1579008
                                                MD5:2e25f6173ef97a1511c8cc555df962ba
                                                SHA1:b673c538655452e575ca290199cc2795dab7a39f
                                                SHA256:42b24542fa7aa0e423fe98ae7f4676c3b490d30ef2cbaa68a8ce41ddbe9e4534
                                                SHA512:a1857cbabaa6619c95c3a8cfa105e6115f3f68b9d778ae9fda36c54c26a741f13a99e91eee229479493633a2378865ea0eba62607fdf9d9fa0e7013bfa8a10b6
                                                SSDEEP:24576:N4bQ/BCmjcC+o2jRV05soPpkQorPuibSZacLK8qxGipeNaMKH+:Cqtwm21V05RvorPVc5LKZxfpeN/C
                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....o`..............0.............n*... ...@....@.. ....................................@................................

                                                File Icon

                                                Icon Hash:00828e8e8686b000

                                                Static PE Info

                                                General

                                                Entrypoint:0x582a6e
                                                Entrypoint Section:.text
                                                Digitally signed:false
                                                Imagebase:0x400000
                                                Subsystem:windows gui
                                                Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                Time Stamp:0x606FB0D5 [Fri Apr 9 01:41:41 2021 UTC]
                                                TLS Callbacks:
                                                CLR (.Net) Version:v4.0.30319
                                                OS Version Major:4
                                                OS Version Minor:0
                                                File Version Major:4
                                                File Version Minor:0
                                                Subsystem Version Major:4
                                                Subsystem Version Minor:0
                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                Entrypoint Preview

                                                Instruction
                                                jmp dword ptr [00402000h]
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al
                                                add byte ptr [eax], al

                                                Data Directories

                                                NameVirtual AddressVirtual Size Is in Section
                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x182a140x57.text
                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x1840000x608.rsrc
                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1860000xc.reloc
                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                Sections

                                                NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                .text0x20000x180a740x180c00False0.767822424261data7.58063381917IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                .rsrc0x1840000x6080x800False0.3427734375data3.45894523247IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                .reloc0x1860000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                Resources

                                                NameRVASizeTypeLanguageCountry
                                                RT_VERSION0x1840a00x37cdata
                                                RT_MANIFEST0x18441c0x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                Imports

                                                DLLImport
                                                mscoree.dll_CorExeMain

                                                Version Infos

                                                DescriptionData
                                                Translation0x0000 0x04b0
                                                LegalCopyrightCopyright Oleg Pylypchak 2017 - 2021
                                                Assembly Version2.1.0.0
                                                InternalNameDH7.exe
                                                FileVersion2.1.0.0
                                                CompanyNameLNU
                                                LegalTrademarks
                                                CommentsImage eritor
                                                ProductNamePicturesque Editor
                                                ProductVersion2.1.0.0
                                                FileDescriptionPicturesque Editor
                                                OriginalFilenameDH7.exe

                                                Network Behavior

                                                Network Port Distribution

                                                TCP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 13, 2021 10:22:28.870723963 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:22:28.999507904 CEST804970954.225.165.85192.168.2.5
                                                Apr 13, 2021 10:22:29.000170946 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:22:29.003149986 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:22:29.129940987 CEST804970954.225.165.85192.168.2.5
                                                Apr 13, 2021 10:22:29.265125036 CEST804970954.225.165.85192.168.2.5
                                                Apr 13, 2021 10:22:29.322102070 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:23:28.738123894 CEST804970954.225.165.85192.168.2.5
                                                Apr 13, 2021 10:23:28.739402056 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:24:09.287745953 CEST4970980192.168.2.554.225.165.85
                                                Apr 13, 2021 10:24:09.414606094 CEST804970954.225.165.85192.168.2.5

                                                UDP Packets

                                                TimestampSource PortDest PortSource IPDest IP
                                                Apr 13, 2021 10:21:55.704929113 CEST5378453192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:55.755337000 CEST53537848.8.8.8192.168.2.5
                                                Apr 13, 2021 10:21:55.979896069 CEST6530753192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:56.031290054 CEST53653078.8.8.8192.168.2.5
                                                Apr 13, 2021 10:21:56.196068048 CEST6434453192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:56.217278004 CEST6206053192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:56.263453007 CEST53643448.8.8.8192.168.2.5
                                                Apr 13, 2021 10:21:56.268526077 CEST53620608.8.8.8192.168.2.5
                                                Apr 13, 2021 10:21:57.304133892 CEST6180553192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:57.356873035 CEST53618058.8.8.8192.168.2.5
                                                Apr 13, 2021 10:21:59.790858984 CEST5479553192.168.2.58.8.8.8
                                                Apr 13, 2021 10:21:59.850008965 CEST53547958.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:00.453958035 CEST4955753192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:00.502548933 CEST53495578.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:01.781331062 CEST6173353192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:01.834779978 CEST53617338.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:02.906977892 CEST6544753192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:02.958575010 CEST53654478.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:04.309258938 CEST5244153192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:04.361150980 CEST53524418.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:05.955538988 CEST6217653192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:06.008827925 CEST53621768.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:11.507406950 CEST5959653192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:11.556149960 CEST53595968.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:14.912691116 CEST6529653192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:14.964261055 CEST53652968.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:16.030998945 CEST6318353192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:16.079778910 CEST53631838.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:21.752247095 CEST6015153192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:21.811811924 CEST53601518.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:28.685117006 CEST5696953192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:28.738163948 CEST53569698.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:28.761894941 CEST5516153192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:28.811614990 CEST53551618.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:31.142016888 CEST5475753192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:31.197168112 CEST53547578.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:32.794270039 CEST4999253192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:32.851629972 CEST53499928.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:35.810306072 CEST6007553192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:35.861742020 CEST53600758.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:49.559861898 CEST5501653192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:49.618632078 CEST53550168.8.8.8192.168.2.5
                                                Apr 13, 2021 10:22:51.458235025 CEST6434553192.168.2.58.8.8.8
                                                Apr 13, 2021 10:22:51.517025948 CEST53643458.8.8.8192.168.2.5
                                                Apr 13, 2021 10:23:21.554160118 CEST5712853192.168.2.58.8.8.8
                                                Apr 13, 2021 10:23:21.602869034 CEST53571288.8.8.8192.168.2.5
                                                Apr 13, 2021 10:23:25.032088041 CEST5479153192.168.2.58.8.8.8
                                                Apr 13, 2021 10:23:25.081012964 CEST53547918.8.8.8192.168.2.5
                                                Apr 13, 2021 10:23:42.734508991 CEST5046353192.168.2.58.8.8.8
                                                Apr 13, 2021 10:23:42.802889109 CEST53504638.8.8.8192.168.2.5
                                                Apr 13, 2021 10:24:01.103490114 CEST5039453192.168.2.58.8.8.8
                                                Apr 13, 2021 10:24:01.178112030 CEST53503948.8.8.8192.168.2.5
                                                Apr 13, 2021 10:24:02.268032074 CEST5853053192.168.2.58.8.8.8
                                                Apr 13, 2021 10:24:02.316755056 CEST53585308.8.8.8192.168.2.5

                                                DNS Queries

                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                Apr 13, 2021 10:22:28.685117006 CEST192.168.2.58.8.8.80x2604Standard query (0)api.ipify.orgA (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.761894941 CEST192.168.2.58.8.8.80x7605Standard query (0)api.ipify.orgA (IP address)IN (0x0001)

                                                DNS Answers

                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com107.22.233.72A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.83.248A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.242.215A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.222.160A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.738163948 CEST8.8.8.8192.168.2.50x2604No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.140.41A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)api.ipify.orgnagano-19599.herokussl.comCNAME (Canonical name)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)nagano-19599.herokussl.comelb097307-934924932.us-east-1.elb.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com23.21.252.4A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.235.175.90A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.165.85A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.157.230A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.242.215A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.222.160A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com50.19.96.218A (IP address)IN (0x0001)
                                                Apr 13, 2021 10:22:28.811614990 CEST8.8.8.8192.168.2.50x7605No error (0)elb097307-934924932.us-east-1.elb.amazonaws.com54.225.155.255A (IP address)IN (0x0001)

                                                HTTP Request Dependency Graph

                                                • api.ipify.org

                                                HTTP Packets

                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                0192.168.2.54970954.225.165.8580C:\Users\user\Desktop\Quot_466378-09.exe
                                                TimestampkBytes transferredDirectionData
                                                Apr 13, 2021 10:22:29.003149986 CEST1378OUTGET / HTTP/1.1
                                                Host: api.ipify.org
                                                Connection: Keep-Alive
                                                Apr 13, 2021 10:22:29.265125036 CEST1379INHTTP/1.1 200 OK
                                                Server: Cowboy
                                                Connection: keep-alive
                                                Content-Type: text/plain
                                                Vary: Origin
                                                Date: Tue, 13 Apr 2021 08:22:29 GMT
                                                Content-Length: 10
                                                Via: 1.1 vegur
                                                Data Raw: 38 34 2e 31 37 2e 35 32 2e 33
                                                Data Ascii: 84.17.52.3


                                                Code Manipulations

                                                Statistics

                                                CPU Usage

                                                Click to jump to process

                                                Memory Usage

                                                Click to jump to process

                                                High Level Behavior Distribution

                                                Click to dive into process behavior distribution

                                                Behavior

                                                Click to jump to process

                                                System Behavior

                                                Analysis Process: Quot_466378-09.exe PID: 2100 Parent PID: 5552

                                                General

                                                Start time:10:22:03
                                                Start date:13/04/2021
                                                Path:C:\Users\user\Desktop\Quot_466378-09.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Users\user\Desktop\Quot_466378-09.exe'
                                                Imagebase:0x700000
                                                File size:1579008 bytes
                                                MD5 hash:2E25F6173EF97A1511C8CC555DF962BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000000.00000002.272699387.0000000003B11000.00000004.00000001.sdmp, Author: Joe Security
                                                Reputation:low

                                                Chronological Activities

                                                Analysis Process: schtasks.exe PID: 6368 Parent PID: 2100

                                                General

                                                Start time:10:22:16
                                                Start date:13/04/2021
                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                Wow64 process (32bit):true
                                                Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LmiSveQi' /XML 'C:\Users\user\AppData\Local\Temp\tmp776F.tmp'
                                                Imagebase:0x10f0000
                                                File size:185856 bytes
                                                MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: conhost.exe PID: 6380 Parent PID: 6368

                                                General

                                                Start time:10:22:17
                                                Start date:13/04/2021
                                                Path:C:\Windows\System32\conhost.exe
                                                Wow64 process (32bit):false
                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                Imagebase:0x7ff7ecfc0000
                                                File size:625664 bytes
                                                MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:C, C++ or other language
                                                Reputation:high

                                                Chronological Activities

                                                Analysis Process: Quot_466378-09.exe PID: 6432 Parent PID: 2100

                                                General

                                                Start time:10:22:18
                                                Start date:13/04/2021
                                                Path:C:\Users\user\Desktop\Quot_466378-09.exe
                                                Wow64 process (32bit):true
                                                Commandline:{path}
                                                Imagebase:0xe50000
                                                File size:1579008 bytes
                                                MD5 hash:2E25F6173EF97A1511C8CC555DF962BA
                                                Has elevated privileges:true
                                                Has administrator privileges:true
                                                Programmed in:.Net C# or VB.NET
                                                Yara matches:
                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.501099806.00000000034A1000.00000004.00000001.sdmp, Author: Joe Security
                                                • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth
                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000006.00000002.496667665.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                Reputation:low

                                                Chronological Activities

                                                Disassembly

                                                Code Analysis

                                                Reset < >

                                                  Analysis Process: Quot_466378-09.exe PID: 2100 Parent PID: 5552 Quot_466378-09.exeCOMMON

                                                  Execution Graph

                                                  Execution Coverage:13.8%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:15.8%
                                                  Total number of Nodes:19
                                                  Total number of Limit Nodes:3

                                                  Graph

                                                  execution_graph 18601 1209b60 18603 1209b80 18601->18603 18602 1209bc3 18603->18602 18605 1209d68 18603->18605 18606 1209d8a 18605->18606 18607 1209d95 18606->18607 18609 1209e60 18606->18609 18607->18603 18610 1209ec5 18609->18610 18611 1209e6f 18609->18611 18610->18607 18615 1209f60 18611->18615 18619 1209f50 18611->18619 18617 1209f87 18615->18617 18616 120a064 18616->18616 18617->18616 18623 1209b00 18617->18623 18620 1209f56 18619->18620 18621 1209b00 CreateActCtxA 18620->18621 18622 120a064 18620->18622 18621->18622 18624 120b3f0 CreateActCtxA 18623->18624 18626 120b4b3 18624->18626

                                                  Executed Functions

                                                  Function 01203150, Relevance: 5.3, Strings: 4, Instructions: 302COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 1203150-1203175 1 1203177 0->1 2 120317c-12031ba call 1203778 0->2 1->2 4 12031c0 2->4 5 12031c7-12031e3 4->5 6 12031e5 5->6 7 12031ec-12031ed 5->7 6->4 6->7 8 1203521-1203527 6->8 9 1203422-1203439 6->9 10 12034a2-12034a6 6->10 11 12033b1-12033cf 6->11 12 12031f2-1203207 6->12 13 1203277-120328e 6->13 14 120323b-1203248 6->14 15 120337b-1203393 6->15 16 12034fc-120351c 6->16 17 120343e-1203453 6->17 18 12032c3-12032d5 6->18 19 1203348-120335a 6->19 20 1203588-120358f 6->20 21 1203488-120349d 6->21 22 1203209-1203212 6->22 23 120340b-120341d 6->23 24 120324d-1203259 6->24 25 12034d2-12034de 6->25 26 1203293-1203297 6->26 27 1203554-1203560 6->27 28 12033d4-12033e0 6->28 29 1203458-120345c 6->29 30 12032da-12032e6 6->30 31 120335f-1203376 6->31 7->20 56 120352f-120354f 8->56 9->5 32 12034a8-12034b7 10->32 33 12034b9-12034c0 10->33 11->5 12->5 13->5 14->5 38 1203395 15->38 39 120339a-12033ac 15->39 16->5 17->5 18->5 19->5 21->5 36 1203214-1203223 22->36 37 1203225-120322c 22->37 23->5 40 1203260-1203272 24->40 41 120325b 24->41 34 12034e0 25->34 35 12034e5 25->35 42 1203299-12032a8 26->42 43 12032aa-12032b1 26->43 44 1203562 27->44 45 1203567-1203583 27->45 46 12033e2 28->46 47 12033e7-1203406 28->47 50 120345e-120346d 29->50 51 120346f-1203476 29->51 48 12032e8 30->48 49 12032ed-1203303 30->49 31->5 53 12034c7-12034cd 32->53 33->53 34->35 59 12034ef-12034f7 35->59 54 1203233-1203239 36->54 37->54 38->39 39->5 40->5 41->40 58 12032b8-12032be 42->58 43->58 44->45 45->5 46->47 47->5 48->49 65 1203305 49->65 66 120330a-1203320 49->66 52 120347d-1203483 50->52 51->52 52->5 53->5 54->5 56->5 58->5 59->5 65->66 69 1203322 66->69 70 1203327-1203343 66->70 69->70 70->5
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ]&8$?S$?S$~4
                                                  • API String ID: 0-86696235
                                                  • Opcode ID: a1b4b69779e57ae231fab702ffb551d5070780ffc6e622e70420189a7bfbe1a2
                                                  • Instruction ID: 3ec3bdc90f1f86e3db4b32cd884b82d02606a44744869758193e68f26cf7fede
                                                  • Opcode Fuzzy Hash: a1b4b69779e57ae231fab702ffb551d5070780ffc6e622e70420189a7bfbe1a2
                                                  • Instruction Fuzzy Hash: 1FD15B74D2420ADFCB05CFA5C5818AEFBB2FF89300B14D669C516AB395D7749A82CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 012030C3, Relevance: 2.8, Strings: 2, Instructions: 337COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 73 12030c3-12030f0 74 12030f2-12030f4 73->74 75 120311c-1203175 73->75 74->75 76 12030f6-12030fa 74->76 77 1203177 75->77 78 120317c-12031ba call 1203778 75->78 76->75 77->78 80 12031c0 78->80 81 12031c7-12031e3 80->81 82 12031e5 81->82 83 12031ec-12031ed 81->83 82->80 82->83 84 1203521-1203527 82->84 85 1203422-1203439 82->85 86 12034a2-12034a6 82->86 87 12033b1-12033cf 82->87 88 12031f2-1203207 82->88 89 1203277-120328e 82->89 90 120323b-1203248 82->90 91 120337b-1203393 82->91 92 12034fc-120351c 82->92 93 120343e-1203453 82->93 94 12032c3-12032d5 82->94 95 1203348-120335a 82->95 96 1203588-120358f 82->96 97 1203488-120349d 82->97 98 1203209-1203212 82->98 99 120340b-120341d 82->99 100 120324d-1203259 82->100 101 12034d2-12034de 82->101 102 1203293-1203297 82->102 103 1203554-1203560 82->103 104 12033d4-12033e0 82->104 105 1203458-120345c 82->105 106 12032da-12032e6 82->106 107 120335f-1203376 82->107 83->96 132 120352f-120354f 84->132 85->81 108 12034a8-12034b7 86->108 109 12034b9-12034c0 86->109 87->81 88->81 89->81 90->81 114 1203395 91->114 115 120339a-12033ac 91->115 92->81 93->81 94->81 95->81 97->81 112 1203214-1203223 98->112 113 1203225-120322c 98->113 99->81 116 1203260-1203272 100->116 117 120325b 100->117 110 12034e0 101->110 111 12034e5 101->111 118 1203299-12032a8 102->118 119 12032aa-12032b1 102->119 120 1203562 103->120 121 1203567-1203583 103->121 122 12033e2 104->122 123 12033e7-1203406 104->123 126 120345e-120346d 105->126 127 120346f-1203476 105->127 124 12032e8 106->124 125 12032ed-1203303 106->125 107->81 129 12034c7-12034cd 108->129 109->129 110->111 135 12034ef-12034f7 111->135 130 1203233-1203239 112->130 113->130 114->115 115->81 116->81 117->116 134 12032b8-12032be 118->134 119->134 120->121 121->81 122->123 123->81 124->125 141 1203305 125->141 142 120330a-1203320 125->142 128 120347d-1203483 126->128 127->128 128->81 129->81 130->81 132->81 134->81 135->81 141->142 145 1203322 142->145 146 1203327-1203343 142->146 145->146 146->81
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: ]&8$~4
                                                  • API String ID: 0-3950840722
                                                  • Opcode ID: 5230af12464f24b4a749f72cb5c27ac16ce8a6e36d7b764ac72fd1c6856457a0
                                                  • Instruction ID: d35dfb9e86d9316099e0798ddf8e979e42e7216f5b1484521d52e83269e0d983
                                                  • Opcode Fuzzy Hash: 5230af12464f24b4a749f72cb5c27ac16ce8a6e36d7b764ac72fd1c6856457a0
                                                  • Instruction Fuzzy Hash: BDE17F74D2524ACFCB05CFA5C5858AEFBB2FF89300B14865AC415AB296D774A982CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01209B50, Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 486 1209b50-1209b7e 487 1209b80 486->487 488 1209b85-1209b96 486->488 487->488 489 1209b97 488->489 490 1209b9e-1209bba 489->490 491 1209bc3-1209bc4 490->491 492 1209bbc 490->492 496 1209d2f-1209d33 491->496 492->489 492->491 493 1209cc0-1209cd3 492->493 494 1209ca8-1209cbb 492->494 495 1209bc9-1209bd0 492->495 492->496 497 1209c90-1209ca3 492->497 498 1209c55 492->498 499 1209d16-1209d2a 492->499 500 1209cd8-1209ce1 call 1209d68 call 120b560 492->500 501 1209bf8-1209c0c 492->501 502 1209cfe-1209d11 492->502 503 1209c3f-1209c50 492->503 493->490 494->490 504 1209bd2 495->504 505 1209bd7-1209bf6 call 1209338 495->505 497->490 508 1209c5f-1209c65 call 1209708 498->508 499->490 516 1209ce7-1209cf9 500->516 506 1209c0e-1209c1d 501->506 507 1209c1f-1209c26 501->507 502->490 503->490 504->505 505->490 510 1209c2d-1209c3a 506->510 507->510 515 1209c6a-1209c8b 508->515 510->490 515->490 516->490
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: V*
                                                  • API String ID: 0-1750206612
                                                  • Opcode ID: c500b89fb05bbf0d111c23d5a1421d61e4b673d4d6589f97b0001dcffc97d26b
                                                  • Instruction ID: 6c46742a5f1256c78a33360ca2880fb05ee578f501dd89923e89dfc8f4e19ed3
                                                  • Opcode Fuzzy Hash: c500b89fb05bbf0d111c23d5a1421d61e4b673d4d6589f97b0001dcffc97d26b
                                                  • Instruction Fuzzy Hash: 85515C70D29309DFCB08CFA5C4855AEFBB2FB89214F14D56AC01AA7296E7789681CF10
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01209B60, Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 520 1209b60-1209b7e 521 1209b80 520->521 522 1209b85-1209b96 520->522 521->522 523 1209b97 522->523 524 1209b9e-1209bba 523->524 525 1209bc3-1209bc4 524->525 526 1209bbc 524->526 530 1209d2f-1209d33 525->530 526->523 526->525 527 1209cc0-1209cd3 526->527 528 1209ca8-1209cbb 526->528 529 1209bc9-1209bd0 526->529 526->530 531 1209c90-1209ca3 526->531 532 1209c55-1209c65 call 1209708 526->532 533 1209d16-1209d2a 526->533 534 1209cd8-1209ce1 call 1209d68 call 120b560 526->534 535 1209bf8-1209c0c 526->535 536 1209cfe-1209d11 526->536 537 1209c3f-1209c50 526->537 527->524 528->524 538 1209bd2 529->538 539 1209bd7-1209bf6 call 1209338 529->539 531->524 549 1209c6a-1209c8b 532->549 533->524 550 1209ce7-1209cf9 534->550 540 1209c0e-1209c1d 535->540 541 1209c1f-1209c26 535->541 536->524 537->524 538->539 539->524 544 1209c2d-1209c3a 540->544 541->544 544->524 549->524 550->524
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: V*
                                                  • API String ID: 0-1750206612
                                                  • Opcode ID: 4bc74345d2089ae0ceb9b89c128d522e2f987f072bc23c0f4ec88e5563dd80d2
                                                  • Instruction ID: 78127581514ee45a3f49cf774624919905746d7d88f638ab7bc73d1e9ef25c06
                                                  • Opcode Fuzzy Hash: 4bc74345d2089ae0ceb9b89c128d522e2f987f072bc23c0f4ec88e5563dd80d2
                                                  • Instruction Fuzzy Hash: C4514B70D29309DFCB48CFA5C4855AEFBF2FB89214F10D56AC01AA7296E7789681CF14
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B155A4, Relevance: .9, Instructions: 931COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 637 4b155a4-4b16ee1 642 4b16ee7-4b16f17 637->642 643 4b17146-4b171e4 637->643 650 4b170c4-4b170d2 642->650 651 4b16f1d-4b16f30 call 4b155e4 call 4b155f4 642->651 672 4b17257-4b17272 643->672 673 4b171e6-4b1724b 643->673 657 4b17120-4b17140 650->657 658 4b170d4-4b17117 650->658 663 4b16f32-4b16f49 call 4b15604 651->663 664 4b16faa-4b16ff7 651->664 657->642 657->643 658->657 674 4b16f77-4b16fa1 663->674 675 4b16f4b-4b16f5f 663->675 698 4b16ff9-4b17003 call 4b15614 664->698 699 4b17048-4b17076 call 4b15624 664->699 684 4b17274-4b17284 672->684 685 4b17286-4b17288 672->685 673->672 674->664 829 4b16f62 call 4b18098 675->829 830 4b16f62 call 4b18088 675->830 686 4b1728e-4b172b3 684->686 685->686 694 4b172b5-4b172c5 686->694 695 4b172c7-4b172c9 686->695 689 4b16f68-4b16f71 689->674 697 4b172cf-4b17401 694->697 695->697 737 4b17407-4b17422 697->737 738 4b1764f-4b1766a 697->738 704 4b17020-4b1702e 698->704 705 4b17005-4b1701e 698->705 716 4b1707b-4b1707d 699->716 707 4b17037-4b17044 704->707 705->707 707->699 716->657 718 4b17083-4b170c2 call 4b15624 716->718 718->657 737->738 741 4b17428-4b1764a 737->741 742 4b17670-4b1775f 738->742 743 4b17764-4b1777f 738->743 750 4b17899-4b17b28 741->750 742->750 747 4b17785-4b17895 743->747 748 4b17897 743->748 747->750 748->750 797 4b17c98-4b17caa 750->797 798 4b17b2e-4b17c96 750->798 801 4b17cad-4b17cd3 797->801 798->801 804 4b17cd5-4b17cd9 801->804 805 4b17cda-4b17dc3 801->805 804->805 819 4b17dc5-4b17dc9 805->819 820 4b17dca-4b17dfc 805->820 819->820 825 4b17e14-4b17e1b 820->825 826 4b17dfe-4b17e0f call 4b155b4 820->826 826->825 829->689 830->689
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f319179cd5051697360321cb4d3250145d3e3de32981c08f991691425424c767
                                                  • Instruction ID: 73e7d432d2b55053c10a2ba3697e80b4d28a02aa3eee7ff4d074b6601424d9e7
                                                  • Opcode Fuzzy Hash: f319179cd5051697360321cb4d3250145d3e3de32981c08f991691425424c767
                                                  • Instruction Fuzzy Hash: F0A22631E106198FCB15DFA8C8546EDB7B2FF89300F1486A9D90AA7251EF74AE85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01200F1B, Relevance: .2, Instructions: 244COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1284 1200f1b-1200f6c 1285 1200f74-1200fd3 1284->1285 1286 1200f6e-1200f72 1284->1286 1287 1200fd5 1285->1287 1288 1200fda-1201080 1285->1288 1286->1285 1287->1288 1295 1201081 1288->1295 1296 1201088-12010a4 1295->1296 1297 12010a6 1296->1297 1298 12010ad-12010ae 1296->1298 1297->1295 1299 12010b3-12010c8 1297->1299 1300 120119d-120120d 1297->1300 1301 1201161-1201178 1297->1301 1302 12010f7-12010ff call 12017f1 1297->1302 1303 12010ca-12010ce 1297->1303 1304 120111c-120115c 1297->1304 1305 120117d-1201198 1297->1305 1298->1299 1298->1300 1299->1296 1317 120120f call 1202ae2 1300->1317 1318 120120f call 1202208 1300->1318 1319 120120f call 1202efa 1300->1319 1320 120120f call 120293c 1300->1320 1301->1296 1309 1201105-1201117 1302->1309 1306 12010d0-12010df 1303->1306 1307 12010e1-12010e8 1303->1307 1304->1296 1305->1296 1308 12010ef-12010f5 1306->1308 1307->1308 1308->1296 1309->1296 1316 1201215-120121f 1317->1316 1318->1316 1319->1316 1320->1316
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3609b00ec68651511cfe487cb233c908d5a1f8cf0a92bb61822aae5ca761f5fa
                                                  • Instruction ID: 5b3303cce977228de6a8696cf40026cb74c7f40b9f2ea69ee1763704545b4aa4
                                                  • Opcode Fuzzy Hash: 3609b00ec68651511cfe487cb233c908d5a1f8cf0a92bb61822aae5ca761f5fa
                                                  • Instruction Fuzzy Hash: 73A18B71E153988FCB0ACFE5C8846DDBFB2FF8A300F14816AD855AB262D7709946CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01200FB0, Relevance: .2, Instructions: 189COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 731aaae598143723b8cb83fc18358bc2aadd7724b8b8210f77a8a646efa54db1
                                                  • Instruction ID: 58a45ad9bcbe70180241f809644bdf781be0a4d967e42c661d019dc03b76e450
                                                  • Opcode Fuzzy Hash: 731aaae598143723b8cb83fc18358bc2aadd7724b8b8210f77a8a646efa54db1
                                                  • Instruction Fuzzy Hash: 1981E274E14219DFDB08CFE9D884AAEFBB2FF88300F14812AD919AB354D7749946CB54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 012017F1, Relevance: .2, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 024aa313cb452e3b26d332fa489fe6a5a4f2807cc84aa0cf6bf1a0f6449645c0
                                                  • Instruction ID: 77d0eaff22cef9923d3a3b5ed712b9d3b09ee027d830ccfe635021b7e2166c8f
                                                  • Opcode Fuzzy Hash: 024aa313cb452e3b26d332fa489fe6a5a4f2807cc84aa0cf6bf1a0f6449645c0
                                                  • Instruction Fuzzy Hash: 44514870E1520A8FDB09CFAAC4415AEFBF2FF89300F14D16AD519A7295E7348A41CF94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01200470, Relevance: .1, Instructions: 76COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8dc406f6ff996ac8caab67b3e8df2f5456f247fdf9ad540cd4db7ba15824c50d
                                                  • Instruction ID: 0d22505103557b554e2768f739bf07b88effa19fd0322ec0540aa745a186097a
                                                  • Opcode Fuzzy Hash: 8dc406f6ff996ac8caab67b3e8df2f5456f247fdf9ad540cd4db7ba15824c50d
                                                  • Instruction Fuzzy Hash: 01312B71E156189FEB19CFABD9406DEFBF3AFC8200F04C1AAD518A6264EB300A458F51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01202208, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eed1349d630734d1d19497b2d7b12c3b0dcc621db1d3e6171559a2cefecdca37
                                                  • Instruction ID: 6339883c1a813c80d4368fd0b6ba52ea5e5d78b4a507f3df18c3346ba5293150
                                                  • Opcode Fuzzy Hash: eed1349d630734d1d19497b2d7b12c3b0dcc621db1d3e6171559a2cefecdca37
                                                  • Instruction Fuzzy Hash: 47212671E046588BEB19CFAAD8543DEFBF3AFC9310F14C16AD508AA259DB350949CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0120B3E5, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 452 120b3e5-120b3eb 453 120b3f0-120b4b1 CreateActCtxA 452->453 455 120b4b3-120b4b9 453->455 456 120b4ba-120b514 453->456 455->456 463 120b523-120b527 456->463 464 120b516-120b519 456->464 465 120b538 463->465 466 120b529-120b535 463->466 464->463 468 120b539 465->468 466->465 468->468
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 0120B4A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 301c973d515047a88ce4f0b5daeacf0791760f3b9e75e8abcc3066000d269b96
                                                  • Instruction ID: 7240171c1cd970e9425aca136cbd876ac20f49b4a617c10f48678d2ffd554e36
                                                  • Opcode Fuzzy Hash: 301c973d515047a88ce4f0b5daeacf0791760f3b9e75e8abcc3066000d269b96
                                                  • Instruction Fuzzy Hash: 3D4121B1C0421CCEDB24CFA9C944BDEBBB1BF48308F21856AD508AB241DB756949CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01209B00, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 469 1209b00-120b4b1 CreateActCtxA 472 120b4b3-120b4b9 469->472 473 120b4ba-120b514 469->473 472->473 480 120b523-120b527 473->480 481 120b516-120b519 473->481 482 120b538 480->482 483 120b529-120b535 480->483 481->480 485 120b539 482->485 483->482 485->485
                                                  APIs
                                                  • CreateActCtxA.KERNEL32(?), ref: 0120B4A1
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: Create
                                                  • String ID:
                                                  • API String ID: 2289755597-0
                                                  • Opcode ID: 95ed6a0547e23dffa291f909165669d7949c43a513d5f8b44bbc71b20fdc51b8
                                                  • Instruction ID: a356331b0b36b9e3e8c89c8d62d7b0a2a09964f036851398139b73272e2967a4
                                                  • Opcode Fuzzy Hash: 95ed6a0547e23dffa291f909165669d7949c43a513d5f8b44bbc71b20fdc51b8
                                                  • Instruction Fuzzy Hash: D74112B1C1421DCBDB24CFA9C844BDEBBB1FF48308F208569D508AB251DBB96945CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B181D0, Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 582 4b181d0-4b1821c call 4b15654 584 4b18221-4b18224 582->584 585 4b18319-4b1831c 584->585 586 4b1822a-4b1823f 584->586 587 4b18411-4b18419 585->587 588 4b18322-4b18337 585->588 590 4b18245-4b18251 586->590 591 4b1830f-4b18318 586->591 593 4b18407-4b18410 588->593 594 4b1833d-4b18349 588->594 597 4b18253-4b18279 590->597 598 4b1827e-4b182aa call 4b15664 590->598 599 4b18376-4b183a2 call 4b15664 594->599 600 4b1834b-4b18371 594->600 597->591 598->591 612 4b182ac-4b182de call 4b15674 call 4b15684 598->612 599->593 615 4b183a4-4b183b3 call 4b15674 599->615 600->593 624 4b182e0-4b182e4 612->624 625 4b18304-4b18307 612->625 618 4b183b8-4b183ca call 4b15684 615->618 622 4b183cf-4b183d6 618->622 628 4b183d8-4b183dc 622->628 629 4b183fc-4b183ff 622->629 624->625 627 4b182e6-4b182f5 624->627 625->591 627->625 632 4b182f7-4b18301 627->632 628->629 630 4b183de-4b183ed 628->630 629->593 630->629 634 4b183ef-4b183f9 630->634 632->625 634->629
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: W
                                                  • API String ID: 0-655174618
                                                  • Opcode ID: 9cd96a42985608663d98cb2567893020f8225ce3140d9f7dd2b8c65a88107fe0
                                                  • Instruction ID: 62182f6766a21eeb6f5620058f9d70c94953cdd81dc7724185076c98a49f92b9
                                                  • Opcode Fuzzy Hash: 9cd96a42985608663d98cb2567893020f8225ce3140d9f7dd2b8c65a88107fe0
                                                  • Instruction Fuzzy Hash: FC113A31A0E7C18FEB13677098102997F719F43208F0904E7D241DB1E2DA28585DC393
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16E10, Relevance: .8, Instructions: 802COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 831 4b16e10-4b16e11 832 4b16e13-4b16ee1 831->832 833 4b16dc5-4b16deb 831->833 840 4b16ee7-4b16f17 832->840 841 4b17146-4b171e4 832->841 838 4b16e04-4b16e0b 833->838 839 4b16ded-4b16dfb call 4b155d4 833->839 850 4b170c4-4b170d2 840->850 851 4b16f1d-4b16f22 call 4b155e4 840->851 872 4b17257-4b17272 841->872 873 4b171e6-4b1724b 841->873 857 4b17120-4b17140 850->857 858 4b170d4-4b17117 850->858 854 4b16f27-4b16f30 call 4b155f4 851->854 863 4b16f32-4b16f37 call 4b15604 854->863 864 4b16faa-4b16ff7 854->864 857->840 857->841 858->857 870 4b16f3c-4b16f49 863->870 898 4b16ff9-4b17003 call 4b15614 864->898 899 4b17048-4b1706b 864->899 874 4b16f77-4b16fa1 870->874 875 4b16f4b-4b16f53 870->875 884 4b17274-4b17284 872->884 885 4b17286-4b17288 872->885 873->872 874->864 880 4b16f58-4b16f5f 875->880 1029 4b16f62 call 4b18098 880->1029 1030 4b16f62 call 4b18088 880->1030 886 4b1728e-4b172b3 884->886 885->886 894 4b172b5-4b172c5 886->894 895 4b172c7-4b172c9 886->895 889 4b16f68-4b16f71 889->874 897 4b172cf-4b17401 894->897 895->897 937 4b17407-4b17422 897->937 938 4b1764f-4b1766a 897->938 904 4b17020-4b1702e 898->904 905 4b17005-4b1701e 898->905 913 4b17074-4b17076 call 4b15624 899->913 907 4b17037-4b17044 904->907 905->907 907->899 916 4b1707b-4b1707d 913->916 916->857 918 4b17083-4b170c2 call 4b15624 916->918 918->857 937->938 941 4b17428-4b1764a 937->941 942 4b17670-4b1775f 938->942 943 4b17764-4b1777f 938->943 950 4b17899-4b17b28 941->950 942->950 947 4b17785-4b17895 943->947 948 4b17897 943->948 947->950 948->950 997 4b17c98-4b17caa 950->997 998 4b17b2e-4b17c96 950->998 1001 4b17cad-4b17cd3 997->1001 998->1001 1004 4b17cd5-4b17cd9 1001->1004 1005 4b17cda-4b17dc3 1001->1005 1004->1005 1019 4b17dc5-4b17dc9 1005->1019 1020 4b17dca-4b17dfc 1005->1020 1019->1020 1025 4b17e14-4b17e1b 1020->1025 1026 4b17dfe-4b17e0f call 4b155b4 1020->1026 1026->1025 1029->889 1030->889
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60dd8438c29db6544926b60111030e73c634ab2ca340ae8fe6d159ccd9fc5c80
                                                  • Instruction ID: aa29a97a17f2771d7b47a29f12e633028eec55775231bf0de182e0fa6916bc6a
                                                  • Opcode Fuzzy Hash: 60dd8438c29db6544926b60111030e73c634ab2ca340ae8fe6d159ccd9fc5c80
                                                  • Instruction Fuzzy Hash: F5823631E006598FCB55DFA8C8586EDB7B2FF89300F1481A9D90AA7351EB74AE85CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1E690, Relevance: .5, Instructions: 464COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1031 4b1e690-4b1e69c 1032 4b1eca2-4b1eca6 1031->1032 1033 4b1e6a2-4b1e6b0 1031->1033 1035 4b1e6b2 1033->1035 1036 4b1e6b9-4b1e6e0 call 4b10510 1033->1036 1035->1036 1041 4b1e6e2 1036->1041 1042 4b1e6e9-4b1e710 call 4b1e460 1036->1042 1041->1042 1047 4b1e712 1042->1047 1048 4b1e719-4b1e740 call 4b1e470 1042->1048 1047->1048 1053 4b1e742 1048->1053 1054 4b1e749-4b1e770 call 4b124d0 1048->1054 1053->1054 1059 4b1e772 1054->1059 1060 4b1e779-4b1e7a0 call 4b124e0 1054->1060 1059->1060 1065 4b1e7a2 1060->1065 1066 4b1e7a9-4b1e7d0 call 4b124f0 1060->1066 1065->1066 1071 4b1e7d2 1066->1071 1072 4b1e7d9-4b1e800 call 4b1e480 1066->1072 1071->1072 1077 4b1e802 1072->1077 1078 4b1e809-4b1e830 call 4b1e490 1072->1078 1077->1078 1083 4b1e832 1078->1083 1084 4b1e839-4b1e860 call 4b1e4a0 1078->1084 1083->1084 1089 4b1e862 1084->1089 1090 4b1e869-4b1e890 call 4b1e4b0 1084->1090 1089->1090 1095 4b1e892 1090->1095 1096 4b1e899-4b1e8c0 call 4b1e4c0 1090->1096 1095->1096 1101 4b1e8c2 1096->1101 1102 4b1e8c9-4b1e8f0 call 4b1e4d0 1096->1102 1101->1102 1107 4b1e8f2 1102->1107 1108 4b1e8f9-4b1e920 call 4b1e4e0 1102->1108 1107->1108 1113 4b1e922 1108->1113 1114 4b1e929-4b1e950 call 4b1e4f0 1108->1114 1113->1114 1119 4b1e952 1114->1119 1120 4b1e959-4b1e980 1114->1120 1119->1120 1124 4b1e982 1120->1124 1125 4b1e989-4b1e9b0 1120->1125 1124->1125 1129 4b1e9b2 1125->1129 1130 4b1e9b9-4b1e9e0 1125->1130 1129->1130 1134 4b1e9e2 1130->1134 1135 4b1e9e9-4b1e9fd call 4b1e500 1130->1135 1134->1135 1138 4b1ea02-4b1ea10 1135->1138 1140 4b1ea12 1138->1140 1141 4b1ea19-4b1ea40 call 4b12550 1138->1141 1140->1141 1146 4b1ea42 1141->1146 1147 4b1ea49-4b1ea70 call 4b1e510 1141->1147 1146->1147 1152 4b1ea72 1147->1152 1153 4b1ea79-4b1eaa0 call 4b1e520 1147->1153 1152->1153 1158 4b1eaa2 1153->1158 1159 4b1eaa9-4b1ead0 call 4b12560 1153->1159 1158->1159 1164 4b1ead2 1159->1164 1165 4b1ead9-4b1eb00 call 4b12570 1159->1165 1164->1165 1170 4b1eb02 1165->1170 1171 4b1eb09-4b1eb30 call 4b12580 1165->1171 1170->1171 1176 4b1eb32 1171->1176 1177 4b1eb39-4b1eb60 call 4b12500 1171->1177 1176->1177 1182 4b1eb62 1177->1182 1183 4b1eb69-4b1eb90 call 4b1e530 1177->1183 1182->1183 1188 4b1eb92 1183->1188 1189 4b1eb99-4b1ebc0 call 4b1e540 1183->1189 1188->1189 1194 4b1ebc2 1189->1194 1195 4b1ebc9-4b1ebf0 1189->1195 1194->1195 1199 4b1ebf2 1195->1199 1200 4b1ebf9-4b1ec9d call 4b1e550 call 4b1e560 call 4b1e570 1195->1200 1199->1200 1200->1032
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e3d732660895f8bca5f21b4a56ebf73fc96cc9e30f6d0a6c61bfe4718206425b
                                                  • Instruction ID: cbb0e6e61d60dc1154e5958be22477797875fc812ab232d6df1c760f71e0e4bb
                                                  • Opcode Fuzzy Hash: e3d732660895f8bca5f21b4a56ebf73fc96cc9e30f6d0a6c61bfe4718206425b
                                                  • Instruction Fuzzy Hash: 1EE13030B0071247AB1EBF7958A011EA2839FD4648388DDBD991ADF76ADFB4ED0847D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19160, Relevance: .4, Instructions: 370COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 1217 4b19160-4b191f2 call 4b18dd0 1222 4b19690-4b196a8 1217->1222 1223 4b191f8-4b1921c 1217->1223 1227 4b19222-4b1922f 1223->1227 1228 4b1967c-4b1968a 1223->1228 1230 4b19235-4b1923f 1227->1230 1231 4b192f7-4b19313 1227->1231 1228->1222 1228->1223 1280 4b19242 call 4b196b0 1230->1280 1281 4b19242 call 4b196c0 1230->1281 1236 4b19315-4b1931a 1231->1236 1237 4b1931c 1231->1237 1233 4b19245-4b19265 1238 4b19267-4b1928c 1233->1238 1239 4b1928f-4b192ef 1233->1239 1240 4b1931e-4b19320 1236->1240 1237->1240 1238->1239 1282 4b192f2 call 4b197d8 1239->1282 1283 4b192f2 call 4b197c8 1239->1283 1242 4b19322-4b19324 1240->1242 1243 4b19327-4b1933a 1240->1243 1242->1243 1248 4b1933c-4b1934c 1243->1248 1249 4b1934f-4b19415 1243->1249 1247 4b192f5 1247->1249 1248->1249 1253 4b1941b-4b195f8 1249->1253 1254 4b195fe-4b1960d 1249->1254 1278 4b195fb call 4b1aa20 1253->1278 1279 4b195fb call 4b1aa10 1253->1279 1255 4b1960f-4b1961c call 4b18560 1254->1255 1256 4b1961e-4b19645 call 4b181a0 call 4b181c0 1254->1256 1255->1222 1255->1256 1268 4b19647-4b1964b 1256->1268 1269 4b19679 1256->1269 1268->1222 1270 4b1964d-4b19654 1268->1270 1269->1228 1270->1269 1272 4b19656-4b19661 1270->1272 1272->1269 1275 4b19663-4b19667 1272->1275 1276 4b19672-4b19677 1275->1276 1277 4b19669-4b19670 1275->1277 1276->1222 1277->1269 1278->1254 1279->1254 1280->1233 1281->1233 1282->1247 1283->1247
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7e02e82361d8aa16a1c3fd714496477c8d81aed418ba0157beee11e305d64f88
                                                  • Instruction ID: e42eebe0e147156df1872eb871b06f85a31f2cdf8dcc621f1074b05772eb77f3
                                                  • Opcode Fuzzy Hash: 7e02e82361d8aa16a1c3fd714496477c8d81aed418ba0157beee11e305d64f88
                                                  • Instruction Fuzzy Hash: D002C57191061ACFCF11DF68C894ADDB7B1FF59304F118699D959BB220EB30AA89CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15684, Relevance: .2, Instructions: 235COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 237e06d4be23f4eadeaeb1f679f989550df0d35bfa500b29694b673a679d72c9
                                                  • Instruction ID: fb8f7d010c455c452f06e566fc4c88f07625242f9cc9942ee3b87d22bcae0336
                                                  • Opcode Fuzzy Hash: 237e06d4be23f4eadeaeb1f679f989550df0d35bfa500b29694b673a679d72c9
                                                  • Instruction Fuzzy Hash: 34A16D34A047588FCB14DF64C840BAEBBB1FF89304F10859AD949A7351EB30AD86CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18B20, Relevance: .2, Instructions: 217COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 30cd54f720d0797f986bac78b209dc2173678bac5b96531cad175a69a7e4c3ec
                                                  • Instruction ID: 1aa6b49507f7674902aeb107ac3ef67a90846c18314cdff97d286c3b315b8965
                                                  • Opcode Fuzzy Hash: 30cd54f720d0797f986bac78b209dc2173678bac5b96531cad175a69a7e4c3ec
                                                  • Instruction Fuzzy Hash: 98A1D575A01249CFCB14DFA8D8949DDBBF5FF49300F208269E919AB361E731AA45CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1C700, Relevance: .2, Instructions: 210COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 43707f8d9c61a421c354979dfdfe2ee41d3fb28cddb63e7b987e9b6cf45f58e8
                                                  • Instruction ID: 91277e707819ed28fa3cc9d19a176dba292e16deadd13d2eb0b799f20c965745
                                                  • Opcode Fuzzy Hash: 43707f8d9c61a421c354979dfdfe2ee41d3fb28cddb63e7b987e9b6cf45f58e8
                                                  • Instruction Fuzzy Hash: 31914D34900759DFDB14DF64C840BAEBBB5FF89304F50819AD949A7350EB31AA86CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19974, Relevance: .2, Instructions: 208COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67591ccfd7f2da505017c578f8a4b466e1c08e8f7884460b4fa746a74aefab30
                                                  • Instruction ID: 02a0f934f43035d6760880190eca2e8ed32a8047bc496e34d2803b71fcec5819
                                                  • Opcode Fuzzy Hash: 67591ccfd7f2da505017c578f8a4b466e1c08e8f7884460b4fa746a74aefab30
                                                  • Instruction Fuzzy Hash: D8911C71E00209CFCF14DF68C890ADDB7B5FF49300F518699E919AB225EB31AA85CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BCF8, Relevance: .2, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a31621b9c90234ad52cb0cc6dd2ea37cbfc04b254e2ba4de1233d2e5f3a6ffd5
                                                  • Instruction ID: 8e709c9027043447af64ea32968d4815ec360cf4fd688e198d026930c7377bd2
                                                  • Opcode Fuzzy Hash: a31621b9c90234ad52cb0cc6dd2ea37cbfc04b254e2ba4de1233d2e5f3a6ffd5
                                                  • Instruction Fuzzy Hash: 8471E471A00209AFCF45CFA8D940AEEBBF6FF48314F14852AE919A7320D731A955DF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14DA0, Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ecaf3cc4876a5a17d528762ef6461f11d40c7474c1d667dc51581fcf33614566
                                                  • Instruction ID: ec9562fad93485ba173d19e07bbe6ec0c5f4ea597752c7388546855197dd2adc
                                                  • Opcode Fuzzy Hash: ecaf3cc4876a5a17d528762ef6461f11d40c7474c1d667dc51581fcf33614566
                                                  • Instruction Fuzzy Hash: DC519C317046018FC728DF68C594AAEB7F2FF89304B5189A9E01ADB7A0DB31EC41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1231C, Relevance: .2, Instructions: 173COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9cab93328e5a199a564cf36cc898cb745a79a2d8a1fa3bdcaf669dee1b551fd7
                                                  • Instruction ID: 384a253fd74a302e2c4e5d06695d78c04146eb8acd939eef0a08ad0e35cebd7e
                                                  • Opcode Fuzzy Hash: 9cab93328e5a199a564cf36cc898cb745a79a2d8a1fa3bdcaf669dee1b551fd7
                                                  • Instruction Fuzzy Hash: 3D51A3716007059FEB28DF69D48056EB7F2FF84304B548EADD15ADB6A0EB30F8458BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15624, Relevance: .2, Instructions: 168COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 60a9b18d51f68864e4c3ecb14b04f0b71d1c8fd87f054508c9623cf3566e0cc1
                                                  • Instruction ID: 56b0e0cc8142474f0b93ab214dac5531c479bf480b4165da19f52f27f21f824e
                                                  • Opcode Fuzzy Hash: 60a9b18d51f68864e4c3ecb14b04f0b71d1c8fd87f054508c9623cf3566e0cc1
                                                  • Instruction Fuzzy Hash: 0751F731A00605DFDB16EBA4D844ABDB3B2FF89304F4549A9E2219B3B0DF35E945CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B998, Relevance: .2, Instructions: 167COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d875c7f95be18c533390186d05b2fa4a0f8d7a5b81090c28ce31c44472590206
                                                  • Instruction ID: 4222a002aeb193a2972e87738978d03f27f304ab140d194eac530827dfeb9683
                                                  • Opcode Fuzzy Hash: d875c7f95be18c533390186d05b2fa4a0f8d7a5b81090c28ce31c44472590206
                                                  • Instruction Fuzzy Hash: 38615A71A00619DFDB14DFA8C494A9DBBF1FF88314F218169E509AB360DB70ED81CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1880F, Relevance: .1, Instructions: 145COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b3fb58d5812412fc5c9acbe3a71736e354e97fc3b4446c2f18979c75cdc2cde7
                                                  • Instruction ID: 52aa82439d36629d5e198d91d8d5e57a83867d4437f5ec8eaf4e1114234c321b
                                                  • Opcode Fuzzy Hash: b3fb58d5812412fc5c9acbe3a71736e354e97fc3b4446c2f18979c75cdc2cde7
                                                  • Instruction Fuzzy Hash: 28511A31D10709DFCB10EF68C8949DDFBB1FF89310F118699E5596B261EB70AA85CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18820, Relevance: .1, Instructions: 140COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1adfe5131aeadaae57b2144a7059455425382a0e23170720e5eece174d5587f4
                                                  • Instruction ID: 41331e8b5fa06b692558b1b5dc6aaa62d4442a79ec910f64e63685db5627261c
                                                  • Opcode Fuzzy Hash: 1adfe5131aeadaae57b2144a7059455425382a0e23170720e5eece174d5587f4
                                                  • Instruction Fuzzy Hash: CE511731910B0ADFCB10EF68C88499DF7B5FF89310F118699E5596B261EB30AA84CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BD18, Relevance: .1, Instructions: 131COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bbe5c814aebae7d327fc8bb9180f4fde6ddea310b229c1bf981a8c4642a9a83c
                                                  • Instruction ID: b18bc08ba78e752ddf7a5ee75f894e262ae667ae27f162edabca6fa7935b4d02
                                                  • Opcode Fuzzy Hash: bbe5c814aebae7d327fc8bb9180f4fde6ddea310b229c1bf981a8c4642a9a83c
                                                  • Instruction Fuzzy Hash: CE41A271A04348AFCB04CFA9D845ADEBFF9EB48314F14846AE905E7311D734E944CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B12D80, Relevance: .1, Instructions: 129COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9e92c167fd3269366dfc79226aa51988b8a64407a4050e64f66ab969e012f8e0
                                                  • Instruction ID: 84394e19066e102e8b296d759e3d42435de2e14df103164a2888479afc0488d8
                                                  • Opcode Fuzzy Hash: 9e92c167fd3269366dfc79226aa51988b8a64407a4050e64f66ab969e012f8e0
                                                  • Instruction Fuzzy Hash: 0C41B1716007018FDB28DF69D48056EB7F6FF84304B548AADD515EB6A4EB30F905CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15664, Relevance: .1, Instructions: 114COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: acd8b0546296a55b6d9cc4c25c286a0362a03bc259a572fc12315019bc04975c
                                                  • Instruction ID: befaa7ccc4a12f68a81eb7c81208ac15c895c224717733c8d44028736c75d25d
                                                  • Opcode Fuzzy Hash: acd8b0546296a55b6d9cc4c25c286a0362a03bc259a572fc12315019bc04975c
                                                  • Instruction Fuzzy Hash: 3231F2307152258FDB09EB78C85883E3BEBEFC921471584A9E906CB361DF34DC0687A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16D20, Relevance: .1, Instructions: 113COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4aba0c8208f660a13058b03f6f9501962c35068c0b51765ca41178f1aaeb3353
                                                  • Instruction ID: 868653768f349652e2b2a1d43bb8d01eb4e09114f9d98b6518c7beb303f20589
                                                  • Opcode Fuzzy Hash: 4aba0c8208f660a13058b03f6f9501962c35068c0b51765ca41178f1aaeb3353
                                                  • Instruction Fuzzy Hash: 4F415B35B106508FDB44DF69C488AAD7BF6EF89614B5580FAE506CB372DA31AC058B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BCDC, Relevance: .1, Instructions: 111COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88bca2d13f307e455af07f5067dc2024731d3c71dee165e58ea8c093b98d03cc
                                                  • Instruction ID: 4c7694fd2924ded1f4ec24fe54e65d801095490b67224c2e64fd2e49facbaabe
                                                  • Opcode Fuzzy Hash: 88bca2d13f307e455af07f5067dc2024731d3c71dee165e58ea8c093b98d03cc
                                                  • Instruction Fuzzy Hash: 3A31A0B1E083489FCB04DFB9D8486AEBFF5EF48214F1584AAD419E7251E734A905CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AA10, Relevance: .1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 62befe687a4c9bd2cbffb275ceffe9a6ee745e621b8d66130bc926b3795042e5
                                                  • Instruction ID: f7cac9287407b87f635e07fbc01411621b40b49b4e30b0cadebfa33ae2f22af1
                                                  • Opcode Fuzzy Hash: 62befe687a4c9bd2cbffb275ceffe9a6ee745e621b8d66130bc926b3795042e5
                                                  • Instruction Fuzzy Hash: 58411C74A012499FCB04DF68C59099ABBF1FF88314B14C1AAE819DB325E731E955CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15505, Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1124f62739294a5828561491d58985e33938a894079cc2e4c9ca1ace8ecb8c15
                                                  • Instruction ID: 21b292d56210d0ac3a9e6931a3be9901458bc5db02545ea6fdff5f6b47384216
                                                  • Opcode Fuzzy Hash: 1124f62739294a5828561491d58985e33938a894079cc2e4c9ca1ace8ecb8c15
                                                  • Instruction Fuzzy Hash: F3313931A14215DFD724DF2AD800A6AB7EAFBD2354B94C5BAD015C7660EB34E902CBD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19A28, Relevance: .1, Instructions: 105COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 28991e0a3f2ae03329266d4947b8f0b201f4884fd223922a63c81a54c8b060df
                                                  • Instruction ID: 393092c006b24c1e0e5dd943b6a27cbf043995966be945b133763febc67eb3b6
                                                  • Opcode Fuzzy Hash: 28991e0a3f2ae03329266d4947b8f0b201f4884fd223922a63c81a54c8b060df
                                                  • Instruction Fuzzy Hash: DE31EF31B106198FCB44EB69C4449AEB7F6FFC9214F15869AE519EB320EB30AD41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19EB8, Relevance: .1, Instructions: 104COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 35a0861eb5c126f78ffc829f5c95f1b7f77723a51f743e1c3980b2d6b3918560
                                                  • Instruction ID: fe6e74f13c8c701f92e34886750812a874f2bda43780ab1a9dd97f746fc3d1d1
                                                  • Opcode Fuzzy Hash: 35a0861eb5c126f78ffc829f5c95f1b7f77723a51f743e1c3980b2d6b3918560
                                                  • Instruction Fuzzy Hash: 0A31EEB2B002089BDB15DFA8D4906EEF7F2EFC4310F54816AE555AB350EB35B815CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A118, Relevance: .1, Instructions: 102COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9efbfb5b628efe19f2eeed4e420ac7c6295447694621398a16a26e9a1021b7d8
                                                  • Instruction ID: 7fcc86e948c823e777c64c61b5062a662be2282fa65f692a9feca8a85e655201
                                                  • Opcode Fuzzy Hash: 9efbfb5b628efe19f2eeed4e420ac7c6295447694621398a16a26e9a1021b7d8
                                                  • Instruction Fuzzy Hash: 0F415071A00209CBDB10DF64C8906E9F7B5FF89310F5482AAD919A7265EB31BD94CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1E5C0, Relevance: .1, Instructions: 101COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 089fc07a37a7093adca937d2857e10a7931c2ed5f820322b2cc97a0997f33e08
                                                  • Instruction ID: c81678e079f996383b77ce4e0dfb3a54386e9607f56b897ee0a9100c66daefab
                                                  • Opcode Fuzzy Hash: 089fc07a37a7093adca937d2857e10a7931c2ed5f820322b2cc97a0997f33e08
                                                  • Instruction Fuzzy Hash: F731E174B042089FDB04EBB8C84857F7BF6EFC8214B5085A9D825D7350EF34E9028BA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10E42, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f1b2090bca571a28e5241745393becf43988344b22efd3afccbde550540b0a06
                                                  • Instruction ID: d345658fbfe4f7bf23af878abe4c4166461e61a7d2f86c7e1ac7785d61584351
                                                  • Opcode Fuzzy Hash: f1b2090bca571a28e5241745393becf43988344b22efd3afccbde550540b0a06
                                                  • Instruction Fuzzy Hash: D5316B747101018FDB18EF79C884B6A7BA6AF8A304F5540F9E909CB7B2DA31EC45C760
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AF00, Relevance: .1, Instructions: 98COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 255fcecd778f60a0bd40a03c79ac4f2bf87f43e9f87f74a1fa0358db765860f0
                                                  • Instruction ID: 4a836d507c86a224410f8803e232a9491431ec81196e6fe8661655ab6031a69d
                                                  • Opcode Fuzzy Hash: 255fcecd778f60a0bd40a03c79ac4f2bf87f43e9f87f74a1fa0358db765860f0
                                                  • Instruction Fuzzy Hash: 9331B1B07145149FCB29EB78C4546BEB3E6EFC8604F1441A9E516DB3A0DB34ED02C792
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B102FC, Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 982e6e82f1714d3ee9153223a3bed721fe30a5a18f6c4cd192e6f32363c3162b
                                                  • Instruction ID: cd11b894b135fc0faed63a604bd19576222f89349ba02ae615f5ae4a0ca4ea24
                                                  • Opcode Fuzzy Hash: 982e6e82f1714d3ee9153223a3bed721fe30a5a18f6c4cd192e6f32363c3162b
                                                  • Instruction Fuzzy Hash: 3D318B747101018FDB18EB7AC884B6AB7A6EF8A704F5544E9E909CB7B2DB30EC41C750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AA20, Relevance: .1, Instructions: 96COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c02510940523d731aaa9ae1835341baade5d9b660cad7619bb19cc1260fdac4c
                                                  • Instruction ID: a7465e5a5e5e70aa1e48f4ada9828b275c3377382e84faba619410949c62b7c1
                                                  • Opcode Fuzzy Hash: c02510940523d731aaa9ae1835341baade5d9b660cad7619bb19cc1260fdac4c
                                                  • Instruction Fuzzy Hash: EA41DB74B016099FCB04DF68C5949AAB7F2FF88304B14C699E919DB365E770E941CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14EAB, Relevance: .1, Instructions: 95COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5885d79574c20508d449e873d3860937abbdda76c319f2032a15038ce8c92a21
                                                  • Instruction ID: 713bb945730b4babdfaafdcdd150d11929fa7cdb8596723a99eea3e1150727eb
                                                  • Opcode Fuzzy Hash: 5885d79574c20508d449e873d3860937abbdda76c319f2032a15038ce8c92a21
                                                  • Instruction Fuzzy Hash: B4319E357146008FC769DB28C458A6E77F2FF8A308B1581AAE10ACB770DB34EC42CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B12510, Relevance: .1, Instructions: 94COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 95d63a14949db6622f1e78076fb3e19ef4f63a68663903c3ce11479cac855574
                                                  • Instruction ID: 6e865bf772ae10f20facb1173ddc17af46da99298eb0de4a01518b7e8d6579b7
                                                  • Opcode Fuzzy Hash: 95d63a14949db6622f1e78076fb3e19ef4f63a68663903c3ce11479cac855574
                                                  • Instruction Fuzzy Hash: AB312470B046148FDB18DB68D450AAEB7E2FFC5704F0185AAD10ACB3A0DB34EC028B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19838, Relevance: .1, Instructions: 92COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4e0bcc425f9f8a511e787ea600f04bf9211b9aa895508fc962606955979bc381
                                                  • Instruction ID: 56efd1936fcd792ac162d7c2bce6815adc450267ed62697fc2c4b10483d38a0e
                                                  • Opcode Fuzzy Hash: 4e0bcc425f9f8a511e787ea600f04bf9211b9aa895508fc962606955979bc381
                                                  • Instruction Fuzzy Hash: F7314C75A10219DFCF00EF64C894CDDBBB6FF89314B0586A9E505AB331EB70A949CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1D0D0, Relevance: .1, Instructions: 88COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c107993234c893822a294145d821268588b460c2b9fcf006d9431c754c834e98
                                                  • Instruction ID: 7f33e4be865def66e9a43c290cd10bb6a41f6b1b6147e85f35874f04edf123aa
                                                  • Opcode Fuzzy Hash: c107993234c893822a294145d821268588b460c2b9fcf006d9431c754c834e98
                                                  • Instruction Fuzzy Hash: A831C272E01219AFCF05DFA8D8409EEBBB6FF4C210B14416AE914A3220D731A9659B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19848, Relevance: .1, Instructions: 86COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3aaa7434ee5bfb94b00f6603622117fce498f4f2b6170c8af284b362c35d0476
                                                  • Instruction ID: 3a724458ff81c63c47707077e57217668f4534e2990148c2e8c96cd6c6868ea6
                                                  • Opcode Fuzzy Hash: 3aaa7434ee5bfb94b00f6603622117fce498f4f2b6170c8af284b362c35d0476
                                                  • Instruction Fuzzy Hash: 4D311A35A10619DFCF00EF68C894CDDBBB5FF89314B058669E505AB230EB70B989CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14D90, Relevance: .1, Instructions: 85COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77f2820c18fc12db821a87457082dfd1568c2068645cf7e2cfa21f146de0aa58
                                                  • Instruction ID: 55c360b3c43bc951aa64a335dbc8d40eed6a9c8cc892eb5f222a388b43b713d0
                                                  • Opcode Fuzzy Hash: 77f2820c18fc12db821a87457082dfd1568c2068645cf7e2cfa21f146de0aa58
                                                  • Instruction Fuzzy Hash: F8318171A00206DFDB28DF68C6906DEB7B2FF88304F604969D016AB764DB71EC45CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BDCC, Relevance: .1, Instructions: 77COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 300fa603b944811ad675b9c5fd5b3ab840e584a6b4dce3f6e59070f320c0fea6
                                                  • Instruction ID: 3f0a9959be1e7b74e00990e71a2c4c1cb1ecee53052a2675529918a3cc53397e
                                                  • Opcode Fuzzy Hash: 300fa603b944811ad675b9c5fd5b3ab840e584a6b4dce3f6e59070f320c0fea6
                                                  • Instruction Fuzzy Hash: EA310375900208AFDF50CF98C944ADEBBF5FB48314F148419F919A7220D775E854CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14599, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0baab0c50544fda1cc72f8b9b259b683f25c714ed378d2735853a6781babd372
                                                  • Instruction ID: de4ce6618553f7632de07f5f295b13be80c081ee0f70262a3e64d68ffd887c2a
                                                  • Opcode Fuzzy Hash: 0baab0c50544fda1cc72f8b9b259b683f25c714ed378d2735853a6781babd372
                                                  • Instruction Fuzzy Hash: 5A21D175B006008FD714DF68D454BAEBBE2EFC5714F4581EAD10ACB3B5DA71E8428B91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0114D3D8, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268348434.000000000114D000.00000040.00000001.sdmp, Offset: 0114D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_114d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cfb6f75b4ac8b674f8586a3a322d90e3ed68c905290470265013fdec22f93839
                                                  • Instruction ID: a8954ab6c2be27f2a8e24e85e89eb20872f2a601e4c2cbc5c794d3c73d108971
                                                  • Opcode Fuzzy Hash: cfb6f75b4ac8b674f8586a3a322d90e3ed68c905290470265013fdec22f93839
                                                  • Instruction Fuzzy Hash: 01216AB1508204DFDF09CF54E9C0B66BB65FBA8724F28C568E9094B647C336E856C7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1CFE2, Relevance: .1, Instructions: 74COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b9056fadc8b690ade1a4bad979dac0bfdcad2955ba2def5cdeb0d79ed0ea6775
                                                  • Instruction ID: f914c60c77320671c3f2dde8647ad08b58cb1c102d6caafcc1ca1cfb8aee61c4
                                                  • Opcode Fuzzy Hash: b9056fadc8b690ade1a4bad979dac0bfdcad2955ba2def5cdeb0d79ed0ea6775
                                                  • Instruction Fuzzy Hash: 7E219A75914208CFCB24DFA9C448BEEBBF5EF88314F10842AD555AB750C735A945CFA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18F19, Relevance: .1, Instructions: 73COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c7287d266d7aa4c4b2addf9d419243f44afdcf463dc8397106a392ae28ada165
                                                  • Instruction ID: 2164999627e988f087cc1624a1725ddfa7b5b756881a60154ffd1267b509b250
                                                  • Opcode Fuzzy Hash: c7287d266d7aa4c4b2addf9d419243f44afdcf463dc8397106a392ae28ada165
                                                  • Instruction Fuzzy Hash: F7210CB590021AEFDB01DF99D8808DAFBB5FF4D310B14865AE919A7311E731E954CB60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D1D4, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b7747706cadb166fef0348e8aaa017109949ce58dad33b8bba92ef83686ecee
                                                  • Instruction ID: e8ad57a962400480720906e5122c0e37a93cee9c7f40795ba72ea2e93a3d41a6
                                                  • Opcode Fuzzy Hash: 7b7747706cadb166fef0348e8aaa017109949ce58dad33b8bba92ef83686ecee
                                                  • Instruction Fuzzy Hash: F3213771508204DFDF49CF94E9C0B26BBA5FB84364F24C56DED094B242C376D846CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D2D4, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d951de195ce39293f1427ef599d867f987beb838425200f5a8597eec841ec7e9
                                                  • Instruction ID: 854d8aaa4b64ce161e2ae827831f8dde73d1597668d4efb8ed2efb11a9fd596a
                                                  • Opcode Fuzzy Hash: d951de195ce39293f1427ef599d867f987beb838425200f5a8597eec841ec7e9
                                                  • Instruction Fuzzy Hash: 512107B1508244DFDF89DF54E9C0B2ABBA5FB84324F24C569DC094B247C336D845C762
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D01C, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5a104c7a3480b435e381569591c9633ec13d402c86a78d8e0dad13c7c5770aa0
                                                  • Instruction ID: 20af6018415f3595277b1611347db57d48b2c3184b3c94448e421cc4a899b6cd
                                                  • Opcode Fuzzy Hash: 5a104c7a3480b435e381569591c9633ec13d402c86a78d8e0dad13c7c5770aa0
                                                  • Instruction Fuzzy Hash: 42214271508200DFCF58CF54E8C0B26BBA5FB88364F20C5A9EC0A4B246C33AD847CB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15604, Relevance: .1, Instructions: 71COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 695a2a0b4ba1808633a82e2b4d44d917bc6716960fa34cfc3d2aa09c3ab1fa9f
                                                  • Instruction ID: addf931451db4f831468160ec99eb7531cb6bfe2036f882db3e7864898ddd966
                                                  • Opcode Fuzzy Hash: 695a2a0b4ba1808633a82e2b4d44d917bc6716960fa34cfc3d2aa09c3ab1fa9f
                                                  • Instruction Fuzzy Hash: 6A112932A006518BEB10AB6CE8406A6B3B4FF91325F54427AF54DA7260EF35F944C780
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1DA90, Relevance: .1, Instructions: 70COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1bf5200e9409d6bfc4f1d98c533347df4a8ee4b4410b19f471338c05517ed338
                                                  • Instruction ID: 071dc4bdf4f53a567c19239af2a9907329d684c77114420d430b96f937c2246e
                                                  • Opcode Fuzzy Hash: 1bf5200e9409d6bfc4f1d98c533347df4a8ee4b4410b19f471338c05517ed338
                                                  • Instruction Fuzzy Hash: 9C214C34A106098FCB44EB69C4459AEBBF6EF88714F15819AE509E7320EB70A941CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AC88, Relevance: .1, Instructions: 69COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1da0552ef1738f831364839dde359547eda198d52c9df84605cf2f278d24865f
                                                  • Instruction ID: 11480c6b9e262918e0fa8df7751c1b7165f5261eef6e95df5a07b7a684624dbf
                                                  • Opcode Fuzzy Hash: 1da0552ef1738f831364839dde359547eda198d52c9df84605cf2f278d24865f
                                                  • Instruction Fuzzy Hash: A21113323406508FDB59FB38942463D7396EFC5A59B5588BDD00ADB3A0CE76AD02C745
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B198, Relevance: .1, Instructions: 68COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 27c5819f9770a811cf9f9ecd9ce82932d602fd8d4eadd834548d8497f636ca1c
                                                  • Instruction ID: 210c13843867a80c5b1b0eb03c68ea0bd09e41e48767ff56caca4596d6d20966
                                                  • Opcode Fuzzy Hash: 27c5819f9770a811cf9f9ecd9ce82932d602fd8d4eadd834548d8497f636ca1c
                                                  • Instruction Fuzzy Hash: 8D11BC71B106219FDB18DA6AC88496F7BEAFFC861475584A8E906DB330DE30EC018BD0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16CB8, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5f40ff8c5e03917ebca004a530ea02fe7268785bce0d89eb2fc03919c0f671e9
                                                  • Instruction ID: 12b708d3c9c5654740583d19a556575ef196c79b9164ca01b0b62d3fae06e6e9
                                                  • Opcode Fuzzy Hash: 5f40ff8c5e03917ebca004a530ea02fe7268785bce0d89eb2fc03919c0f671e9
                                                  • Instruction Fuzzy Hash: 6F113A327006509FE715DB2AD445A6D3BF6EFC6A14B5580FBD40ACB361DE62AC0387D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B157AC, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b0cb64245293ec2a8bb32bffb03aec5c2d117ba92577b156612533b45adad659
                                                  • Instruction ID: 9cdb91882e1c1a9384d2f58b657277d43a4b98b5aa2c493b6aeb7cb18e0dc491
                                                  • Opcode Fuzzy Hash: b0cb64245293ec2a8bb32bffb03aec5c2d117ba92577b156612533b45adad659
                                                  • Instruction Fuzzy Hash: 8531E0B0D052189FDB20CFA9C588BDEBBF4EB48314F648059E505BB250C7B5A845CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B3AD, Relevance: .1, Instructions: 67COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c8e7e0b92c5c7ebbb8df44f3757441e46a08b6578ff4162905cf8338ab885e1
                                                  • Instruction ID: fd06e3e597190bb5c8e6b5c330c0e3f46fa27ddfdf6d0e54dd5ec5904b62bc8f
                                                  • Opcode Fuzzy Hash: 7c8e7e0b92c5c7ebbb8df44f3757441e46a08b6578ff4162905cf8338ab885e1
                                                  • Instruction Fuzzy Hash: 7731C0B0D152189FDB20CFA9D589BDEBFB4AB48314F24806AD505BB260C775A845CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B155E4, Relevance: .1, Instructions: 66COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 494fc64d13e5936c5e788d2e7a5bcff440befaf4e6393ffab2082faef453281c
                                                  • Instruction ID: 46001f612a1bc153541ea1c67d48ff6187276a63c20f669f4ca29fd96af8a585
                                                  • Opcode Fuzzy Hash: 494fc64d13e5936c5e788d2e7a5bcff440befaf4e6393ffab2082faef453281c
                                                  • Instruction Fuzzy Hash: 8A118E366106048FCB109B6DD8449A5BBE8EF45325B1546AAE50AD7331EF21ED44C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B106C0, Relevance: .1, Instructions: 63COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 16949c216023645c52fbdfa8cd413860fec1b205606bc1b38be4d05c1d3e2852
                                                  • Instruction ID: a91bbf9754287914473fc7169d2b6f32cfcecdc0ed4842de18095414f82c0f07
                                                  • Opcode Fuzzy Hash: 16949c216023645c52fbdfa8cd413860fec1b205606bc1b38be4d05c1d3e2852
                                                  • Instruction Fuzzy Hash: 77110A32300B024BE725AA79D88536AB7D6EFC4714F088579D11DCFBA5CF78D8408BA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18A80, Relevance: .1, Instructions: 62COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1d9b3bdc3adeb9559aecf6075ebb336c7d63742b734614648b0528d1106e5d1
                                                  • Instruction ID: cc81e9a1d7eadccf373afbd803c735d5a8f5d4e7b18bc82be4bd97e77320466d
                                                  • Opcode Fuzzy Hash: b1d9b3bdc3adeb9559aecf6075ebb336c7d63742b734614648b0528d1106e5d1
                                                  • Instruction Fuzzy Hash: B4116371A0020AAFDB04DF94C8848EFBBB6FF88310F108555E914E7250D771AE45CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F997, Relevance: .1, Instructions: 61COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 251bab1489f4c7bb66c3c0be59238968e84ecc3d902900e6dd2339ce019548a6
                                                  • Instruction ID: ddc4a9cb92e0cc31eed92f5223672369c1d7d014f62146cfb4adb6e5439f61ff
                                                  • Opcode Fuzzy Hash: 251bab1489f4c7bb66c3c0be59238968e84ecc3d902900e6dd2339ce019548a6
                                                  • Instruction Fuzzy Hash: 3E11E5B5A002095B9B14DE798C406BFBBFBEFC8264B54453DE818D3350EF30E90687A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D006, Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f558784838d829a07b701e60283d05faafef8d8eead49b8e5e3736500fe7de10
                                                  • Instruction ID: edcd7b46bcbcc90d5a03b5b58e7ae6ae7441bf07c4fa2189ebfaca900f18b8c6
                                                  • Opcode Fuzzy Hash: f558784838d829a07b701e60283d05faafef8d8eead49b8e5e3736500fe7de10
                                                  • Instruction Fuzzy Hash: 4221AE75509380CFDB07CF24D990B15BF71EB46214F28C5EAD8498B6A7C33AD84ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14F20, Relevance: .1, Instructions: 60COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ea9160c3a04d5a1b56fd58508f18dccd41b5644715f4965a5ae09d5e7812a9ca
                                                  • Instruction ID: 2945740a57813f28eb1a1f5d3f2de55037a7f3f70e799749cea8ada31fdc7852
                                                  • Opcode Fuzzy Hash: ea9160c3a04d5a1b56fd58508f18dccd41b5644715f4965a5ae09d5e7812a9ca
                                                  • Instruction Fuzzy Hash: 0511F3352506008FD729CF29D488A5AB3F5EF8A714B6585AAF14ACB770DBB4FC41CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F8C8, Relevance: .1, Instructions: 58COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1b524a0abd001c48a26594d5f11473100fe13dfe55f3a4224cb91aeadfa5369
                                                  • Instruction ID: 8b95f1b1084aaa9b07b05b58d3bbea8e2b1bf8db9f81845a5485b2f8e3164bbd
                                                  • Opcode Fuzzy Hash: b1b524a0abd001c48a26594d5f11473100fe13dfe55f3a4224cb91aeadfa5369
                                                  • Instruction Fuzzy Hash: 11118831B002198B8B14EBA899116FEB6B6EB88294B90007AC504EB750EB31DD06CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BD50, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d654b283b0cad1eea8a5f60f3acd196815aa588119a7067af7f5269e6ebbce35
                                                  • Instruction ID: 22e11bd7e3fbd2b5da30741afc421def82e0a58ad04911d30b26acc10e3f943b
                                                  • Opcode Fuzzy Hash: d654b283b0cad1eea8a5f60f3acd196815aa588119a7067af7f5269e6ebbce35
                                                  • Instruction Fuzzy Hash: DC2103B6900349AFCB10CF9AD884BDEBFF4FB48324F40845AE919A7210D374A954CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B020, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: cb4e9a3854fededb96082d0d8b1a0f5a1b87d129a9535191fccb7d642b5a7102
                                                  • Instruction ID: 4752820d8be7b12af2b12e5a09257845d3787b4ad5b3f2205688892b227f1291
                                                  • Opcode Fuzzy Hash: cb4e9a3854fededb96082d0d8b1a0f5a1b87d129a9535191fccb7d642b5a7102
                                                  • Instruction Fuzzy Hash: 6C116D759002199BDB10DBA5C840BEFB7B6EF84314F01841DDA99A7350EB389949CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0114D3D3, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268348434.000000000114D000.00000040.00000001.sdmp, Offset: 0114D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_114d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: deac191434135470ec4011e3758ba82af0038852f0979ee31e94792e76cfbc84
                                                  • Instruction ID: 8d738bb1a62a61d53bafe894e94c75bc6dd277b8618e50d2d9116bf538cff47f
                                                  • Opcode Fuzzy Hash: deac191434135470ec4011e3758ba82af0038852f0979ee31e94792e76cfbc84
                                                  • Instruction Fuzzy Hash: 8D11DF76404280CFCF06CF54D5C0B56BF71FB94320F2882A9D8090B656C33AE456CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BCEC, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d63de5b137559f2eb1c6777e75fc7760f4695010f0945fc721996c53bf553f9e
                                                  • Instruction ID: 41bea216243d1e9fb1af9fbe8613f15ecb11e128f6e348b8d075d8062cdf0ca9
                                                  • Opcode Fuzzy Hash: d63de5b137559f2eb1c6777e75fc7760f4695010f0945fc721996c53bf553f9e
                                                  • Instruction Fuzzy Hash: 7B118BB68002099FCB10CFA9D848BDFBBF8EF48324F54845AE405B7210D378A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B146BA, Relevance: .1, Instructions: 54COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 46ad4dbae2d38f593d990673edc4a00caad1fc6dcceb98a7d993171fe6c5eb79
                                                  • Instruction ID: a58aee0f3788a4244fa1069dfe6d642b63bff89bb577a25646b09bb5c776830a
                                                  • Opcode Fuzzy Hash: 46ad4dbae2d38f593d990673edc4a00caad1fc6dcceb98a7d993171fe6c5eb79
                                                  • Instruction Fuzzy Hash: A0110435B097848FCB12EB74A8250DDBB75EF83218B4500DBC5499B262DB346A19C7D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D1CF, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction ID: c3b73565aac5e5e51f0161218610fc4ca4152824862da36d3b8b81977c515494
                                                  • Opcode Fuzzy Hash: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction Fuzzy Hash: FE11BB75904280DFCF46CF54D5C0B15BBB1FB84224F28C6ADDC494B656C33AD45ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0115D2CF, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268368290.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_115d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be4352f1225d50819bad75acc8bb636508d85c1b858079697209287b255d2f20
                                                  • Instruction ID: 8c67ff7bfcf9f91acc9ecd719ac307ca777c3045dc1400d724e87855e89f77d5
                                                  • Opcode Fuzzy Hash: be4352f1225d50819bad75acc8bb636508d85c1b858079697209287b255d2f20
                                                  • Instruction Fuzzy Hash: BF1190B5508280DFDB56CF14E5C4B19BBA1FB84324F28C6A9D8494B647C33AD456CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18098, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e9e44364f3939c6b42ba6039de844c979a1674891beccc389a18e9e3dda83511
                                                  • Instruction ID: f671f1e4f52f8aa62544bf13ad07c6109014b13b5bb1a237b9ae271ed77b5c65
                                                  • Opcode Fuzzy Hash: e9e44364f3939c6b42ba6039de844c979a1674891beccc389a18e9e3dda83511
                                                  • Instruction Fuzzy Hash: 9D117072D00219CBDF24ABA9C4146EEB7B2FF88311F54C579D8117B250DB766954CBA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B189F0, Relevance: .1, Instructions: 52COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7f363e05966ec69b485dbd73dd224ba0c8e7d5a8f4509c9437e067d5ba36fcee
                                                  • Instruction ID: b3de84eeb72b12d6bbdb49ccec5d1cf8f7b996a66f1ffc8c37e822a201d6f3cd
                                                  • Opcode Fuzzy Hash: 7f363e05966ec69b485dbd73dd224ba0c8e7d5a8f4509c9437e067d5ba36fcee
                                                  • Instruction Fuzzy Hash: 96117071D1161A8FCB00EFB8C9445EEBBF4FF59310B10826AD914F7220EB306A058BE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AEF0, Relevance: .1, Instructions: 51COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 23479ed3d8d0a50a3a04ae2dbd9298751480bbcec187d456f139a959660f4ca8
                                                  • Instruction ID: c9e24be12008b8efe345b0b713225892b0dacc53211438f98f8f72296190ea40
                                                  • Opcode Fuzzy Hash: 23479ed3d8d0a50a3a04ae2dbd9298751480bbcec187d456f139a959660f4ca8
                                                  • Instruction Fuzzy Hash: C501D4B17105048FCB28EA69D4546FD73A6EFC9A14F5400BAE505CB3A0EB35EC02CB82
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15654, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a3cca03cfe4f1cd5d07c2a36326c9e3f550b3cbb4c1c0d3749df43306b78d7e4
                                                  • Instruction ID: 93cae32bec9afe12f125a449dabca85f22d9318f07f524a052ac9d38d280b3ee
                                                  • Opcode Fuzzy Hash: a3cca03cfe4f1cd5d07c2a36326c9e3f550b3cbb4c1c0d3749df43306b78d7e4
                                                  • Instruction Fuzzy Hash: 5D01FC71B04315AFD318EFAAD40065A73E5FB85254B00897AE114C3A50EF34E4458B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A080, Relevance: .0, Instructions: 50COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a816593ffca5e554d119ca394a40cf9df362747aa522592ade7946c5a387894a
                                                  • Instruction ID: 958e3e5dadb1e6a054e6fe462abfb024ddc726bd2200806a6bb637bb5f9cc924
                                                  • Opcode Fuzzy Hash: a816593ffca5e554d119ca394a40cf9df362747aa522592ade7946c5a387894a
                                                  • Instruction Fuzzy Hash: 10113DB5D046499FDB01EFA8C5505EEBBF0FF09200F00869AE895A7351E730AA50CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10DB2, Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5b2045fbc16deed151b6d73108494633515c98d2cacc755c5a59348e7d0b0941
                                                  • Instruction ID: fbab486ba82d7e7bff7dff406d4d5ef452d1c791f29b32bac07dcf96bc7f1cb4
                                                  • Opcode Fuzzy Hash: 5b2045fbc16deed151b6d73108494633515c98d2cacc755c5a59348e7d0b0941
                                                  • Instruction Fuzzy Hash: AF01D4717443518FE714AB3594907BA7BA6FF8A604F4548FAE405CB772CA24EC019790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B030, Relevance: .0, Instructions: 49COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 24b4431ccff7af4b3763a721b767184c3adcb4e25134650e06eb6626ace53dcc
                                                  • Instruction ID: f8d12980e54dcebb32952c41fe7f6ea5a5aaf52a8a51d85b034a956dfc5aa5b5
                                                  • Opcode Fuzzy Hash: 24b4431ccff7af4b3763a721b767184c3adcb4e25134650e06eb6626ace53dcc
                                                  • Instruction Fuzzy Hash: D4115A75A002199BDB10DBA5C840BBFB7B6FFC4314F41841CD659A7360DB359949CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B102EC, Relevance: .0, Instructions: 48COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da0a4967257567ae80e97b0d961efa60a720f28ba9110f515d3983327bb485ae
                                                  • Instruction ID: d92eea9282bf33fc00d3de38698a5ac1e8b9a4c29e16526856bea1815ceac4df
                                                  • Opcode Fuzzy Hash: da0a4967257567ae80e97b0d961efa60a720f28ba9110f515d3983327bb485ae
                                                  • Instruction Fuzzy Hash: A701D6713442259FE728BB39D890BBA7796FF89710F8448A9F415CB7B1CA24FC419391
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16520, Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fa4678e9b52c44aa1c652b89f571fa3f40b51fe081f541f1e817283f13ac464c
                                                  • Instruction ID: 698fc0c5e6a8505b91360e01fa9b836da9585b534c5d0eee026ec34ce825074b
                                                  • Opcode Fuzzy Hash: fa4678e9b52c44aa1c652b89f571fa3f40b51fe081f541f1e817283f13ac464c
                                                  • Instruction Fuzzy Hash: 2001D1313062208FE7346A7CA4207EA3392DFD1219F5900BED246CB359CA72EC42C785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B106B0, Relevance: .0, Instructions: 47COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 3cd0c0a6ebe387ccb921833bf5934b43a46304e46363c4e22fb359952bf2c977
                                                  • Instruction ID: cd2d8f4d2355ad182caf06fad2a28376fae61e7bac6ef95c251742b0a6257abe
                                                  • Opcode Fuzzy Hash: 3cd0c0a6ebe387ccb921833bf5934b43a46304e46363c4e22fb359952bf2c977
                                                  • Instruction Fuzzy Hash: 36012B323146024BE7356A298C953A96797EFC1714F0884BAD049CF7AACA38DC458B60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18A00, Relevance: .0, Instructions: 46COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2588392ad796761a9450f5d959c8086a32bf8fccf309ce4ab005022a9e00d03d
                                                  • Instruction ID: a9c041c40aaf7560a1b0c151da88d4bd3a139294524a037eb2e78cb118a1f897
                                                  • Opcode Fuzzy Hash: 2588392ad796761a9450f5d959c8086a32bf8fccf309ce4ab005022a9e00d03d
                                                  • Instruction Fuzzy Hash: AE014071E116199FCB00EFA8C8445EEBBF4FF59310B10826AD918F7314EB30AA058BE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0114D759, Relevance: .0, Instructions: 45COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268348434.000000000114D000.00000040.00000001.sdmp, Offset: 0114D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_114d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6c19ed9fa02369c8cd86deab5c5c0d1145e5c1c51c1507a1c4e9436738bb1914
                                                  • Instruction ID: 0c897772d47054c2e64425db488975a48f84e6059bb948df70682c85cd09f244
                                                  • Opcode Fuzzy Hash: 6c19ed9fa02369c8cd86deab5c5c0d1145e5c1c51c1507a1c4e9436738bb1914
                                                  • Instruction Fuzzy Hash: 7C012B7140C7C49BEF18CB55EC80762FBD8EF61A6DF09845AEE045A287C378E444C6B2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A4B9, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fdd52a0d04782779193e2fe5b2e8ea5b2a09d500e6ede1a71e3872af71c7f529
                                                  • Instruction ID: 1d25e2a64c28a741c33bbb81cc985716436e395a368f4d0588a90476a5cead9f
                                                  • Opcode Fuzzy Hash: fdd52a0d04782779193e2fe5b2e8ea5b2a09d500e6ede1a71e3872af71c7f529
                                                  • Instruction Fuzzy Hash: 51012435A046049BCB14EB64C8449EEF7B9FFC9310F4082AAE5055B241EB316A46CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B155B4, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0a134d528ba011a6138cf183724313f15aa96f417515c6b62503e150d3a9561d
                                                  • Instruction ID: 9dca30cca14c948fdf1aed8ca823ef2345c2435c0ab7365abbdfce860a9bb146
                                                  • Opcode Fuzzy Hash: 0a134d528ba011a6138cf183724313f15aa96f417515c6b62503e150d3a9561d
                                                  • Instruction Fuzzy Hash: 7101A4B1B106199F8B10FA68C9408AFF7B9FFC5200B504A6AE905A3304FB70BE0487E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1863B, Relevance: .0, Instructions: 44COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 558be33f4f71d306b10a6f74b9cc023d6bd67b2718534e49f8ff39b8d1f05dc2
                                                  • Instruction ID: 921262ab747f40eb20e00f300fc3835a3a2b1dbf221df18cb65726f4ad8ebafd
                                                  • Opcode Fuzzy Hash: 558be33f4f71d306b10a6f74b9cc023d6bd67b2718534e49f8ff39b8d1f05dc2
                                                  • Instruction Fuzzy Hash: F401D675E106468FDB11EB64C9848AFF7B5FFC920471046AAD905A7305E770AE0487E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1649F, Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 520fe10687938db71aa2abb2cf92a3188615b5400dd128d5e324fc6b0c0b7f37
                                                  • Instruction ID: 0e6d9297335d1155f46e3c2874d7df97e998b87cd8e0b61bb98e3feedab7f005
                                                  • Opcode Fuzzy Hash: 520fe10687938db71aa2abb2cf92a3188615b5400dd128d5e324fc6b0c0b7f37
                                                  • Instruction Fuzzy Hash: FB014B347013148FD738AB39C01479AB3A6EFC6619F5000ADD6468B326DB71E842C785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A400, Relevance: .0, Instructions: 43COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6edd17edb0d1983896883920d33f49176c9e3be5e9e42f9965b3eaf58e748ef9
                                                  • Instruction ID: 594a1c35e4db8d2ad913716f3ea46b8de538aa511b46c112c8f240e5df66a4bc
                                                  • Opcode Fuzzy Hash: 6edd17edb0d1983896883920d33f49176c9e3be5e9e42f9965b3eaf58e748ef9
                                                  • Instruction Fuzzy Hash: D9018671E002158FCF10EFACD4156EEBBB8EF88720F04816AD519E7210EB70AA55CBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B197C8, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7b5398d2c98eb8344b50048e8b802e5ddb594e1c32514209938012157f7e7ef8
                                                  • Instruction ID: 585a8d407598aaa29f9219e73048203a71407cd45a941a5871bd79540d21dbba
                                                  • Opcode Fuzzy Hash: 7b5398d2c98eb8344b50048e8b802e5ddb594e1c32514209938012157f7e7ef8
                                                  • Instruction Fuzzy Hash: 6301F971C142458FDB01FF74D8948EEBB75FF96304B0582A7D055AB221EB30694DC7A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18020, Relevance: .0, Instructions: 42COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8d8452a6044b6a71a9ae7ae4246eac3affa4ef7d63a532f59937e137e7be1f23
                                                  • Instruction ID: 09733e1e3e9029edaaf5535301f044e548adedfb764a48486807a0bfa641c7fc
                                                  • Opcode Fuzzy Hash: 8d8452a6044b6a71a9ae7ae4246eac3affa4ef7d63a532f59937e137e7be1f23
                                                  • Instruction Fuzzy Hash: C8F059763002248BDB6875BEB4002BDB2D9EBC02A9B48447BD608C7700DB26D80183B0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A4C8, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0023ff67136a2587c160dfd30ffefb4eba76693dbd4ee847d2c27faacbf076c5
                                                  • Instruction ID: 5cc27090d3ae7d54b4f93313379a31e04292a4ad435faf02be64b7f3e490b08d
                                                  • Opcode Fuzzy Hash: 0023ff67136a2587c160dfd30ffefb4eba76693dbd4ee847d2c27faacbf076c5
                                                  • Instruction Fuzzy Hash: 9F01D635A002049BCB14FB64C8448EEF7B9EFC9210F40829AE50557254EB316A42CBE1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1023F, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 6b444377fb84baad3bb06aa327b2eceeb9845ee97bc2151ca5474045130bfa87
                                                  • Instruction ID: ac397e5bed92a305db028798df5baaafe5b4b903b252b4f637a1c79c4e868772
                                                  • Opcode Fuzzy Hash: 6b444377fb84baad3bb06aa327b2eceeb9845ee97bc2151ca5474045130bfa87
                                                  • Instruction Fuzzy Hash: D5F0C2307011218BDF28BF79D458A3A33A99F84A1030545E9E916CB7B5DB60EC81D790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AB30, Relevance: .0, Instructions: 41COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4f9c92a1bad574a3ab20077de55f088d22637bf9438d027fa1a2f7b594606ff3
                                                  • Instruction ID: 161662e070f19186b8f2c8432270f2b3a7fcc6a0a6f41059d6605540ccabee15
                                                  • Opcode Fuzzy Hash: 4f9c92a1bad574a3ab20077de55f088d22637bf9438d027fa1a2f7b594606ff3
                                                  • Instruction Fuzzy Hash: DF01D676C042499FDB00EFA4D8808DAFF75FF89210B05C7AAE9556B312E731A945C7E1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18420, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 062ac87bf6b97fd568d5f62e6d6a627cc305fd246aadc0c919957b03cb0142cc
                                                  • Instruction ID: ce812d6ac90d8150ac4c0e1222c51a02de57600698076d9b533b7428ba028849
                                                  • Opcode Fuzzy Hash: 062ac87bf6b97fd568d5f62e6d6a627cc305fd246aadc0c919957b03cb0142cc
                                                  • Instruction Fuzzy Hash: A4F0F4B1A083566FE318EE75982069A7BF6FF83214B0085BEC014D7690EA349546CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10250, Relevance: .0, Instructions: 40COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: de6e82fe735652855528e88d9f84735bdb1954776753510443d0e3ae013bd239
                                                  • Instruction ID: cb9c35d374fdcf2944768f4e0471a2d8fcfefeddc806f1d8c3d9f84b54578576
                                                  • Opcode Fuzzy Hash: de6e82fe735652855528e88d9f84735bdb1954776753510443d0e3ae013bd239
                                                  • Instruction Fuzzy Hash: 8AF0B4303011218BDF28BE7AC448E3A33DE9FC4A5134544ADE806C77B4EE61EC8197D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F7C9, Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f49de2c89d4b193c9a7d4c98958d89976c5df658e03e76843faf6c2377009bf4
                                                  • Instruction ID: ffe71f794529a77a8c1256c58e5532a15b57eeb5f54023b9533ea5153e772d1b
                                                  • Opcode Fuzzy Hash: f49de2c89d4b193c9a7d4c98958d89976c5df658e03e76843faf6c2377009bf4
                                                  • Instruction Fuzzy Hash: 8801F430304204CFC724EF69C85496AB7F5EFC6209B1444AAE505C7772DB31EC09CB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A0A8, Relevance: .0, Instructions: 39COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 930afc1b56ba4c3c98cc75464534a7b154f8f85c52b4507db3a16730bfaf3aa3
                                                  • Instruction ID: 00b588cec40d0aa5f641f40a225fcd5157d6ef1c597a51872361b02c7a9557f8
                                                  • Opcode Fuzzy Hash: 930afc1b56ba4c3c98cc75464534a7b154f8f85c52b4507db3a16730bfaf3aa3
                                                  • Instruction Fuzzy Hash: F90193B5D00619AF8F40EFA8C5409EEBBF5FF48200F10865AE858B7310E770AA50CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B164B0, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: da3e2052e3818c0fc7e110f862e47073762e43825c192abb86b985d8632e8b1a
                                                  • Instruction ID: 551bcd2bd4debc2496566641e519f6af130cc2dac0fcd4ccb82d9d90f1cd4c52
                                                  • Opcode Fuzzy Hash: da3e2052e3818c0fc7e110f862e47073762e43825c192abb86b985d8632e8b1a
                                                  • Instruction Fuzzy Hash: 64F0FF347017148FDB34AA39C41075A73E6EFC6619F5044BDD6468B365DBB1F841C785
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15694, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 96dc110404809c0a8bda79ebfe0b4cb3b9f7f39edb42c57f292639a02f752162
                                                  • Instruction ID: 6bf33cf43b1ee5184c735b15a397093c87fce76b17e066bfd327c8346b3284e8
                                                  • Opcode Fuzzy Hash: 96dc110404809c0a8bda79ebfe0b4cb3b9f7f39edb42c57f292639a02f752162
                                                  • Instruction Fuzzy Hash: CEF01732714A108FC704EF6DE44486AB7E9FF8972575589AAE609C7B30EB71E8108B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19E00, Relevance: .0, Instructions: 38COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52940085048c7630e0bc76441836c6ab44afed604a670f0df18dfcbfcb47b79e
                                                  • Instruction ID: 3c5fb73e95be8e8d90cd4e8f1547fd82a25166ef33732ec20ed6df7ad7030817
                                                  • Opcode Fuzzy Hash: 52940085048c7630e0bc76441836c6ab44afed604a670f0df18dfcbfcb47b79e
                                                  • Instruction Fuzzy Hash: 43F0B4327012048B8744BA7DE4109AA77EAEFD5351714807FE645C7360EF60DC0AC7A5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1A538, Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2bfac4d452b1d19c9fc9ac115187cb1a8e4f285825ef0d499a8cc20d0c046915
                                                  • Instruction ID: 4c82f502db3220ab50d46f68d27ab96b3f4c1bf76fe5061b11ea02151f7ad5c3
                                                  • Opcode Fuzzy Hash: 2bfac4d452b1d19c9fc9ac115187cb1a8e4f285825ef0d499a8cc20d0c046915
                                                  • Instruction Fuzzy Hash: 54F02B716043408FDB11E720C4945EDF7B2EFC9204F4182ABD4055B751DB35AE47C761
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0114D758, Relevance: .0, Instructions: 36COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268348434.000000000114D000.00000040.00000001.sdmp, Offset: 0114D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_114d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a2f2605a81b1a10d61157b970cfc84b38d517bed2a7505e569664b20a4ee4a75
                                                  • Instruction ID: 0a250136133922e94c9975f3f0a547a278a96fb40feabf56f33fabec6b7d5168
                                                  • Opcode Fuzzy Hash: a2f2605a81b1a10d61157b970cfc84b38d517bed2a7505e569664b20a4ee4a75
                                                  • Instruction Fuzzy Hash: 7CF0C8714043849FEB148A09DC84762FFA8EF51639F18C45AED081F287C375A844CAB0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B12474, Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 56c524c2a4b9beafd37dc97741da91f0d57bf5463d20eba19b1fb34bf303275c
                                                  • Instruction ID: 6ff724c2a69a7057ed9676fb352f620c6346dfdc0e4f987b5881104566a2deab
                                                  • Opcode Fuzzy Hash: 56c524c2a4b9beafd37dc97741da91f0d57bf5463d20eba19b1fb34bf303275c
                                                  • Instruction Fuzzy Hash: 14F02B323046268BD725729D948097FB7DAEFC9A54F6101AAF60DC3370DD68AC0142D5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F7D8, Relevance: .0, Instructions: 35COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8caa25ff61e8cd9ca27f887985bc5a19e9950543782e2bb8c3f30d38ba210c07
                                                  • Instruction ID: 4d3afc6ff6de93f17381b3316f17327900ee7e21377a33cbd71acdfcdaee9294
                                                  • Opcode Fuzzy Hash: 8caa25ff61e8cd9ca27f887985bc5a19e9950543782e2bb8c3f30d38ba210c07
                                                  • Instruction Fuzzy Hash: FFF09030300204CFC724EB6AD44896BB3E9EFC9619B5049AAD105C7771DB71EC0ACB80
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B13C20, Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 937eaa3740eb5ac03d59601b9ae9b69e6ced06e8c1b4b699f826db69f3e7aee0
                                                  • Instruction ID: d9058038433d4c46f748d944a36774ac1574d3ea2568fb1ffe9f6c05c7c3f64c
                                                  • Opcode Fuzzy Hash: 937eaa3740eb5ac03d59601b9ae9b69e6ced06e8c1b4b699f826db69f3e7aee0
                                                  • Instruction Fuzzy Hash: F8F05C723046928BD326729894905BFFFAAEFCA650B6501EAE54CC73B2DD549C0143D1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B197D8, Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 37a3a187b4cc46ae74c528efab0d2202337bc1248f8c9425ca81d035df8f21bf
                                                  • Instruction ID: 06300035ac55d9c257a9916318026afa978ecd854632c897a0771024cbe1613e
                                                  • Opcode Fuzzy Hash: 37a3a187b4cc46ae74c528efab0d2202337bc1248f8c9425ca81d035df8f21bf
                                                  • Instruction Fuzzy Hash: 4EF096719106099FCB00FBA8D8848EEF778FF85310F40C26AE51567110FB306A48C7E2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AB40, Relevance: .0, Instructions: 34COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6e2230a275480aa6a491c7528001fa89081befdc1277d9844ccba56c7c65762
                                                  • Instruction ID: 9e462c43af83f35f6a97d06d6d0d15732b1015e3e121f636865ef55ee7139acf
                                                  • Opcode Fuzzy Hash: b6e2230a275480aa6a491c7528001fa89081befdc1277d9844ccba56c7c65762
                                                  • Instruction Fuzzy Hash: A7F062769002099FCB10EFA4C884CDBFB79FF89310B05C75AE95567211E730A985CBA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1BCCC, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b3933a4cd6e0adc0cee1bf0dd54125f61ba8ec9f474bf6fa71c68aea9ba5a2e
                                                  • Instruction ID: fb626ce3343d08a8f0f84ec085ba588c2305cfed0ef1c57c931db2420e1a0151
                                                  • Opcode Fuzzy Hash: 2b3933a4cd6e0adc0cee1bf0dd54125f61ba8ec9f474bf6fa71c68aea9ba5a2e
                                                  • Instruction Fuzzy Hash: 46F08271604108BFAB08DF58DC4189E7FBEEB58214B1081AAE504D3220E631ED408794
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B718, Relevance: .0, Instructions: 33COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4314d95b5a83215fd9c8d6860e6efa8a04b8ffe4e9d2faf35c90e97491c77f23
                                                  • Instruction ID: ef87aa2504701a7112d455cd1e3418e9df3195398b8d8814bf888f5fa29588dd
                                                  • Opcode Fuzzy Hash: 4314d95b5a83215fd9c8d6860e6efa8a04b8ffe4e9d2faf35c90e97491c77f23
                                                  • Instruction Fuzzy Hash: 1EF0E271210B006FC318CB6AE840D96F7E9EFC9324710C57FE60AC7751DA71A8048B60
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1D4B0, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ffd82a124fd0d2daae5658e2cc1e90405360c1f69cc570509eaa3947aa30217d
                                                  • Instruction ID: 8e17459f2497cc58ad2405f2eb11638da2d07b3541655cf042f68b3614d8529f
                                                  • Opcode Fuzzy Hash: ffd82a124fd0d2daae5658e2cc1e90405360c1f69cc570509eaa3947aa30217d
                                                  • Instruction Fuzzy Hash: 47F037B0D0020A9FCB04DFACE542AAEBBF4BB08304F5049A9D815E7251D770E6458F91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16CC8, Relevance: .0, Instructions: 32COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a38f616d30bcfbb2603a64c56685b2da0d1a6b064f9d82456a0dc44c24dd77b2
                                                  • Instruction ID: 77d47d79f6a960f88206c96cbbd666db1bcc87d59b40416fd11c1362448ea046
                                                  • Opcode Fuzzy Hash: a38f616d30bcfbb2603a64c56685b2da0d1a6b064f9d82456a0dc44c24dd77b2
                                                  • Instruction Fuzzy Hash: BEF0FE317105508FD758DA2AD454A6E77EAAFC5A14B5580B9E10ACB370DE61A8028B90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1ADC8, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 74408eacec227bcb4b068306f15daef3555abc8a1dd724f1653ffe482aecfdbe
                                                  • Instruction ID: 9d10ff5d71ed3bbf48eb0aa1fdfbcba411d647c32400e704239e7c09d80fb66f
                                                  • Opcode Fuzzy Hash: 74408eacec227bcb4b068306f15daef3555abc8a1dd724f1653ffe482aecfdbe
                                                  • Instruction Fuzzy Hash: 73F082316053108FE3519A7484506EAB7AADBD5718F15047EC149CB350DF716846C790
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B186A9, Relevance: .0, Instructions: 31COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8a660bb3fb8102582f8e5002f7c6e4a45a2f87844d93743d7c6912f8019063bb
                                                  • Instruction ID: c94f9778fa89f6b1f40dfee0f24897cd847651e91a247ce5ae004e82ec935b36
                                                  • Opcode Fuzzy Hash: 8a660bb3fb8102582f8e5002f7c6e4a45a2f87844d93743d7c6912f8019063bb
                                                  • Instruction Fuzzy Hash: 26F0A075B00A059F8B10FA64D5408BEF3B5FFC92047408A69D905A7354FB30FD0586A1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B11C51, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b4de1bc8d421553c4cdfaff6bb97ce85ad54250a920fc87f8fd0c1276361851
                                                  • Instruction ID: ca87841cfbffcf58f8b8dbbd3054f1fd91b65a790f997d82fe2702040740818a
                                                  • Opcode Fuzzy Hash: 8b4de1bc8d421553c4cdfaff6bb97ce85ad54250a920fc87f8fd0c1276361851
                                                  • Instruction Fuzzy Hash: 35E020723061506FE305165DA8D04BE7F6BEFC6218705407BE609CB352C9B25C0A87A0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AE68, Relevance: .0, Instructions: 30COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f183d234d3bcd4f33ad70b40a8de5942182cdbb60046d78d882af15e1abfdecf
                                                  • Instruction ID: 2d13de41f7c357119478c44190b83cb9ca5917a73a6312b6fc698550c894d495
                                                  • Opcode Fuzzy Hash: f183d234d3bcd4f33ad70b40a8de5942182cdbb60046d78d882af15e1abfdecf
                                                  • Instruction Fuzzy Hash: 5DE0EC61B161A447C71437F864285AD37568BC6518B6600BBD509C3391EE241D0983D3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1D4C0, Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 77c2491b00ecc6c8f589143c8dbcdd9e8f8d0f6180bceb9f662d46b0b8671a0b
                                                  • Instruction ID: 0b3ddabfaff3089dbda1ae01251e581c563a47a0b38a6873b8015eae1e7f291b
                                                  • Opcode Fuzzy Hash: 77c2491b00ecc6c8f589143c8dbcdd9e8f8d0f6180bceb9f662d46b0b8671a0b
                                                  • Instruction Fuzzy Hash: CFF0DAB0E0420A9FDB44DFA9D842AAEBBF8FB48304F5045A9D919E7211E774A6018F91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F838, Relevance: .0, Instructions: 29COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0c88f25cbff6d8059c639b53e56c332711ae0d10b828cdfbab36be0dd4dcc320
                                                  • Instruction ID: 56d45ea8643d78e7b9102ef2d09f00fffdb5cc2045b330f48fb8bc8b5d376933
                                                  • Opcode Fuzzy Hash: 0c88f25cbff6d8059c639b53e56c332711ae0d10b828cdfbab36be0dd4dcc320
                                                  • Instruction Fuzzy Hash: 03F02776A053908FDB01DFA4DC405967B74FFC5328700057BD80857246C6B55814CB50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16412, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 872395b2ecc6fa7674eb55e05b757e3ae0b10f715f811ab747844581af5bb94b
                                                  • Instruction ID: c36a8ec7a62c9900ce2b546ebd0a61871e4a068d74991758bda13be78476c8e4
                                                  • Opcode Fuzzy Hash: 872395b2ecc6fa7674eb55e05b757e3ae0b10f715f811ab747844581af5bb94b
                                                  • Instruction Fuzzy Hash: 2EE09B3150D3945FD711DF78E8400CDBBB0EB4219974149F7D459CB622D736A509C751
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B11C09, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 57e62b9531368b744bdb396dadbdc3c1e65c3986e7341717f1becf14bb6d611d
                                                  • Instruction ID: c1a6e7c6db4834198ddadf9cdb3c6459e9a30f5b5a3dbac1677b42d3483225f9
                                                  • Opcode Fuzzy Hash: 57e62b9531368b744bdb396dadbdc3c1e65c3986e7341717f1becf14bb6d611d
                                                  • Instruction Fuzzy Hash: FAF0A070C09348AFD7159FA4A48069C7F71EB0A345F4081FAC54093210D2319584CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B186AB, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f66a09cc46cafe1ba0061029b82cd91dc2caf10b46ff929f5960715562558287
                                                  • Instruction ID: 4facf0b021df6076707e39324733ee4a13e1dfc35a5bbb59be59af6d94b84d30
                                                  • Opcode Fuzzy Hash: f66a09cc46cafe1ba0061029b82cd91dc2caf10b46ff929f5960715562558287
                                                  • Instruction Fuzzy Hash: 83F08532B246408FC700DF2CD894868BBB8FF8A60430A00EAE104CB272EAA0DC058B40
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B199A4, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c669172b6c2ae7f359d831d9bd9e1005156401df027316aae44efa4173e0886e
                                                  • Instruction ID: b131a42805999930986fcb0117c2a28b5b69fa3c739df5431aeb3c30e44e8c91
                                                  • Opcode Fuzzy Hash: c669172b6c2ae7f359d831d9bd9e1005156401df027316aae44efa4173e0886e
                                                  • Instruction Fuzzy Hash: EAE0ED312093189BD3A5A67884407EBB3CAEFD5B25F11086DD219C3700CF60B882C3D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B199C4, Relevance: .0, Instructions: 28COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b1940edeb7706c775d36393fc8d4b6a77052d7bba88cc01e5f771c976cd82664
                                                  • Instruction ID: 2db9ef4c34601723dba0e406fa6550ce1aed48149ad27637f70807d3086f3218
                                                  • Opcode Fuzzy Hash: b1940edeb7706c775d36393fc8d4b6a77052d7bba88cc01e5f771c976cd82664
                                                  • Instruction Fuzzy Hash: 08E06D316083189BD324AA7984406ABB396EBC6714F41896DD21A87310DF70A801C7C0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F53F, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 34ff662e5cde1fb0061ec15d7c9de01607ca96bec9c8278e387eae6c410480aa
                                                  • Instruction ID: a32cdfe302e0cbe845748cfcda62de66000e48db3ae118042878418afaa5094e
                                                  • Opcode Fuzzy Hash: 34ff662e5cde1fb0061ec15d7c9de01607ca96bec9c8278e387eae6c410480aa
                                                  • Instruction Fuzzy Hash: B6F0A031A083048FD3249B7584106EAB7E2EFC6318F1988BEC159CB641DB749806CBC0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B196B0, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d8482cb2f2490a7c6bccf3a4e7369656101d4ea6c72c2746367690ef5091a64d
                                                  • Instruction ID: 3285889002a1ec6e83ed10d2547c7dbd9e0df41f35f6b92b31b93eebcdfea94d
                                                  • Opcode Fuzzy Hash: d8482cb2f2490a7c6bccf3a4e7369656101d4ea6c72c2746367690ef5091a64d
                                                  • Instruction Fuzzy Hash: 56F08232910A869FDB01EFB8C4014EABB71EF92304F06879AD549A71A1E721D986CB81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B728, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 486c024dcb3583c1e250c7c5f8f35e50c0219efda428b50b3a9de7af64a183c0
                                                  • Instruction ID: 1512efbf4d435dc77932bc95dba949e0f4173a9a94287a930e91b563c4dd6b58
                                                  • Opcode Fuzzy Hash: 486c024dcb3583c1e250c7c5f8f35e50c0219efda428b50b3a9de7af64a183c0
                                                  • Instruction Fuzzy Hash: C7E03972700A105B8328DB6AA840816F7EAEBC8624711C53EE60AC7311DA71A8058A90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F848, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1229968323b369036b25bc59b9afa18c7a2f799fecf170829da8c5bf52175d49
                                                  • Instruction ID: 9cc183de3ce09be22d63fbe1122d1c4f9bc33486653452101ae1fd04805e4e5f
                                                  • Opcode Fuzzy Hash: 1229968323b369036b25bc59b9afa18c7a2f799fecf170829da8c5bf52175d49
                                                  • Instruction Fuzzy Hash: 50E0D832B013559BDB00AF95EC4199AB7B9FFC8324710463AD91967345DBB2BC4487D0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B102E0, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7c8fdbbbaf0139b5271824a0f7f05920708447960b5a9402c5219b68937da676
                                                  • Instruction ID: 8c852ca833444514c3adb988271cf6640219bb22b3516f7f51bdefb9e058a2b4
                                                  • Opcode Fuzzy Hash: 7c8fdbbbaf0139b5271824a0f7f05920708447960b5a9402c5219b68937da676
                                                  • Instruction Fuzzy Hash: 17E06D303040208FDB14BF799454AB93355AF8065530104AAD105CB5B1EB11D8819690
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B103E8, Relevance: .0, Instructions: 27COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be70d0e996955208884814389ce89706ccb3cd190f697a7b8029830b93116f11
                                                  • Instruction ID: 9e01512cdd7740c504986cbc844d8cc3d7d0800b5c01473e14f309d0bcdfc431
                                                  • Opcode Fuzzy Hash: be70d0e996955208884814389ce89706ccb3cd190f697a7b8029830b93116f11
                                                  • Instruction Fuzzy Hash: 6BE07D72306014375308354E6C9087FB78EEBC9364B40803AF308C7340CE717C0182E4
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1CED0, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 67b60e492599eb9d8278d7be0bcbbf9d58511229e42f591efd0d2bb888f6fa5a
                                                  • Instruction ID: f451b0ef73c85adf8b662021177fa59bd21e014aba2659e40caa66f5c1c20631
                                                  • Opcode Fuzzy Hash: 67b60e492599eb9d8278d7be0bcbbf9d58511229e42f591efd0d2bb888f6fa5a
                                                  • Instruction Fuzzy Hash: FAE092315092485BCB08DBA698405CE7FF9DE45420F1980EBD405D3261E630990583C5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1FF91, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5610d00f164e53ea9e774c0b575a8a60a9864ccb205a7872b14063fecb91c131
                                                  • Instruction ID: 44627772365d4edcaedf2365e93fd3732e8ba928a71d9e075e3d3ebfe6ad05c1
                                                  • Opcode Fuzzy Hash: 5610d00f164e53ea9e774c0b575a8a60a9864ccb205a7872b14063fecb91c131
                                                  • Instruction Fuzzy Hash: 8FF0583140A388AFCB069FB8D808A99BFB5FF06204F1981EAD9448B163E3319594DB12
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F70F, Relevance: .0, Instructions: 26COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 55a4998fb3697686bed62e55db87b7bcef044331d5d1c9d873866c340b51e9b7
                                                  • Instruction ID: ac9078d0673fa499f22fa613b54c3a180dee65f09f4296e3b8cb381366322b5e
                                                  • Opcode Fuzzy Hash: 55a4998fb3697686bed62e55db87b7bcef044331d5d1c9d873866c340b51e9b7
                                                  • Instruction Fuzzy Hash: 87F05E309182889FC701EFB8D4589A8BFB0EF46201F0581EAD98497261E730A584CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B12D37, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4290b6c0b83faae5746c4914e62f8ba19eed3c7afdf3267a90b946cf1a3d464c
                                                  • Instruction ID: ec873b99fb8a5692184aad9f122b7158ed1bf5ed9fc6ead644f34c5f431d81e4
                                                  • Opcode Fuzzy Hash: 4290b6c0b83faae5746c4914e62f8ba19eed3c7afdf3267a90b946cf1a3d464c
                                                  • Instruction Fuzzy Hash: ACE09230D0930CAFC7189FB4F4406ED7BB5EB41304F1041F9C50493240E7349984CB96
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10D68, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bcb1bb47f057d3df6e23c60c9b0775fde6a0718b3f9766ab3f39d5d481d1c67d
                                                  • Instruction ID: a9c5096d62a348490476c9d7ff83250fe8ba05d5854348c4d1f36d11ec61dce1
                                                  • Opcode Fuzzy Hash: bcb1bb47f057d3df6e23c60c9b0775fde6a0718b3f9766ab3f39d5d481d1c67d
                                                  • Instruction Fuzzy Hash: 0FE09270D0D35CAFC716ABF4A41139D7FF4AB46200F1141FAD54493655D7355A80CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14551, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 52064aa420ffa847bbbc79f552e807b2f0bbb6d2744a6c73e93608a11b7d0569
                                                  • Instruction ID: bd743bdb7cae4487da288e8649cf9eaf11e44b0df51237558207570a72c0e12e
                                                  • Opcode Fuzzy Hash: 52064aa420ffa847bbbc79f552e807b2f0bbb6d2744a6c73e93608a11b7d0569
                                                  • Instruction Fuzzy Hash: F5E092B1D0D348EFC716DFB4E4A428DBBB1EB42304F8082FAC854936A1E7356A45CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F780, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 8b37830b181fdddf817ef0571b4b922c75ecdc11eafdb87c61e587cb1782f67d
                                                  • Instruction ID: 77ee244afc3defb618eedd1d33ee5f26e542697f27c808a4d2beedf55b1c17ce
                                                  • Opcode Fuzzy Hash: 8b37830b181fdddf817ef0571b4b922c75ecdc11eafdb87c61e587cb1782f67d
                                                  • Instruction Fuzzy Hash: C3E01274D04208AFCB54DFA4E4997DDBBB0FB49341F2541E5D91893350E7319581CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B107D0, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5d7fbc1db76d6803c1a125f8a52e8cafd7cd5a3c18e2a99880ac1497fc8a558c
                                                  • Instruction ID: 79fbb0153a6a1cf31e1adf621201ae2604045be69114ed5b3c2771d5f98ce7af
                                                  • Opcode Fuzzy Hash: 5d7fbc1db76d6803c1a125f8a52e8cafd7cd5a3c18e2a99880ac1497fc8a558c
                                                  • Instruction Fuzzy Hash: 4FF0A9309193489FC301EBB8E80159DBB74AB02200F0002BAD900A2541EB3485C8CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10178, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 690c7aff968070f310752eb87462394154868ed6c8bcfa7ccbdf89568a96f15b
                                                  • Instruction ID: 798c004e9aef961e5fbb0474a5174abd718f4a53a327c372b97d46ec57da7767
                                                  • Opcode Fuzzy Hash: 690c7aff968070f310752eb87462394154868ed6c8bcfa7ccbdf89568a96f15b
                                                  • Instruction Fuzzy Hash: 6BF06574908348EFC714DFA8E855A9A7BB4FF05304F1141EAD504D7722D7349990CB95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B13BD8, Relevance: .0, Instructions: 25COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2a0ea257b112f044abbe03374097909a10578fb8968ed5178ede16357103ba29
                                                  • Instruction ID: acee45fbb654cf8d6656d029f7e381fcf93af74f23d00ebb049a0cb505302248
                                                  • Opcode Fuzzy Hash: 2a0ea257b112f044abbe03374097909a10578fb8968ed5178ede16357103ba29
                                                  • Instruction Fuzzy Hash: F2E02270C0D3989FD32A9BB4A44029CBFF0AB02304F8041EAC494537A2E3795A80CB52
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14D48, Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 54d2dae30ba632ce520f8d3cb921e6c635960fc3bc2cf04b619466c79c850157
                                                  • Instruction ID: dd3251a8aa9a9ea1673337788931eb8933bd4e9923aa816cbec37911676d888d
                                                  • Opcode Fuzzy Hash: 54d2dae30ba632ce520f8d3cb921e6c635960fc3bc2cf04b619466c79c850157
                                                  • Instruction Fuzzy Hash: ABE06D30C0A308AFC71ADFB4E4452DC7FB0FB46305F0042EAD40493251D7359985CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B13F88, Relevance: .0, Instructions: 24COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1add0aa7af37176a49fc3018a8270b62dc120bd912535b9674c5ee0ef00f7378
                                                  • Instruction ID: 7dfec49f251607fe9330c82ea81fa4c2e1fda8cb9735e01f5d80f048c5966c4a
                                                  • Opcode Fuzzy Hash: 1add0aa7af37176a49fc3018a8270b62dc120bd912535b9674c5ee0ef00f7378
                                                  • Instruction Fuzzy Hash: CBF0A07090C3589FC705DBB8E498A5CBFF0FF46300F0482EAD458832A2E2345A48CB11
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15F28, Relevance: .0, Instructions: 23COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 36f18bbad17a1ae460a612f22427f7e19d3adc217629c15129aedae9476ad062
                                                  • Instruction ID: 2b6cdc6ce088c1133b306f76f3b8a2cdd86224de7493570059cb54606488f141
                                                  • Opcode Fuzzy Hash: 36f18bbad17a1ae460a612f22427f7e19d3adc217629c15129aedae9476ad062
                                                  • Instruction Fuzzy Hash: A3E06D70D09308EFCB15DBB8E45419DBBB0FB86304F5082EAC414936A5E3356A85CB42
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16430, Relevance: .0, Instructions: 22COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 88dd411f39137a16c8941cb68fc38ced067d14ab8c61208c739553cdc1762a0b
                                                  • Instruction ID: 4e67ae8c3ceba9bbcb3b21b11ae3058cc3af9206df772d7f8a827884620e8733
                                                  • Opcode Fuzzy Hash: 88dd411f39137a16c8941cb68fc38ced067d14ab8c61208c739553cdc1762a0b
                                                  • Instruction Fuzzy Hash: 8EE03930D19208AFCB54DFB8D05438CBBB4EB05205F8082E9C91892611E3316640CF86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B196C0, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1515c36fb87a0c8ababd25750dc68cb59fc57c56782f8b85a632df9cfbffd71d
                                                  • Instruction ID: ee38c71470e61812c205b0424e8a8a0daf674757ac0208111c93b994d3cc5051
                                                  • Opcode Fuzzy Hash: 1515c36fb87a0c8ababd25750dc68cb59fc57c56782f8b85a632df9cfbffd71d
                                                  • Instruction Fuzzy Hash: 94E0123191064ADBCB04FBA8D4054EEFB74FF85214F018699D54927121FB319595C7C2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15634, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 5211e2e532e69471c2fe00fe58b2507c6abf3b83c897e4b0d6969175ff41238b
                                                  • Instruction ID: 091ca7de87e26999bf1c74699b77d23eddbd5933082d56805ba1477726f7c598
                                                  • Opcode Fuzzy Hash: 5211e2e532e69471c2fe00fe58b2507c6abf3b83c897e4b0d6969175ff41238b
                                                  • Instruction Fuzzy Hash: 7FE0C2303087588BCB10AB74C854B9B7397EB41318F400D59F26A83610DF79B90087D2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1FFA0, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 61986041241cdba09c373de1ea57444e1b5bf44936612d58051a1a3dcaf6a293
                                                  • Instruction ID: 18fcaadfd873ddf8be5fabe149f86a658775415bc14aa865b9e440d37082c88f
                                                  • Opcode Fuzzy Hash: 61986041241cdba09c373de1ea57444e1b5bf44936612d58051a1a3dcaf6a293
                                                  • Instruction Fuzzy Hash: 6BE01A36415218EFCB05EFA4D844A99BBB5FB09300F5081A9DA0447271E732D5A0EB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B17FC8, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 393c273f8b915734e1f3b01e598871c4def23b6b5ab5eaf03ee817edb1bea83e
                                                  • Instruction ID: bf7eadcc80891ae89a6f4b9557235d2d9f227169301d5e5052398d7c857a8b7b
                                                  • Opcode Fuzzy Hash: 393c273f8b915734e1f3b01e598871c4def23b6b5ab5eaf03ee817edb1bea83e
                                                  • Instruction Fuzzy Hash: C6E0DF716087818FD701DB70E9946CA7B63AB5121CF014899E1AA9B243D728AA128782
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F720, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 565efbeb06c84a64f1f5fe354d16aae09a4db4189609dc2dda3aa39197b70010
                                                  • Instruction ID: 88acb18f3e71ba030844783e8d5029a9fc6123426e725d5542ecae4008c13318
                                                  • Opcode Fuzzy Hash: 565efbeb06c84a64f1f5fe354d16aae09a4db4189609dc2dda3aa39197b70010
                                                  • Instruction Fuzzy Hash: 79E04F3092460CDFC704EFB8E449A9CBBF4FF06301F4042A9D944A7220FB30AA94CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18710, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f0a135335f23a2916c6477d3a4320cd1648fc17977ef56efbd3151ee92e7896a
                                                  • Instruction ID: 814a84dcf004f44f5f755312b3fae3e3e85b8a325d46db9d79cbdc76c454d925
                                                  • Opcode Fuzzy Hash: f0a135335f23a2916c6477d3a4320cd1648fc17977ef56efbd3151ee92e7896a
                                                  • Instruction Fuzzy Hash: 3FE0C231718680CFC301AF6CE4504687B70FF86204B0505E7D206CF332E621E8098750
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B199F4, Relevance: .0, Instructions: 21COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ccd3d3f786e16fb00c4e0017937a9a45fbeb3cc545fcfa949e1bc9d41b872556
                                                  • Instruction ID: b85b90cfca37be3b714381983d389851e64108dd2de6b07240ad5eade3c2e462
                                                  • Opcode Fuzzy Hash: ccd3d3f786e16fb00c4e0017937a9a45fbeb3cc545fcfa949e1bc9d41b872556
                                                  • Instruction Fuzzy Hash: EBD02B3138F3B417D315622D24642D7FBCA9F6A225F80095AF14DC3311D989784882A3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B6D4, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: aa6ef66b6c0f92c5c03dc7c46dfcd1152af1c2d6e2d7e4bb568de26b516bed62
                                                  • Instruction ID: b336555e39219e983fd8000376acc210d1ec387247b70351b84d3b6e6ed700c5
                                                  • Opcode Fuzzy Hash: aa6ef66b6c0f92c5c03dc7c46dfcd1152af1c2d6e2d7e4bb568de26b516bed62
                                                  • Instruction Fuzzy Hash: ACE08C72D00128AB8B009FE9D8098EFFF38EF0A600B4044A6ED14AB010E2302A21DBC0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AE29, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5b37bd5d1580cdd0da53c79c6d20467c0291af0263bb8968650e9e62df76363
                                                  • Instruction ID: b03ea0579b9edb8a051e5c31f8a4faacfe15a5a248bb91750be6b822d57d5f29
                                                  • Opcode Fuzzy Hash: e5b37bd5d1580cdd0da53c79c6d20467c0291af0263bb8968650e9e62df76363
                                                  • Instruction Fuzzy Hash: 6AE0CD715CE7F04EC329923C68253DABFD58B57225F4402AFE49DC33A2D5990449C712
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B107E0, Relevance: .0, Instructions: 20COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1a4bf517ee9a0f42e2720c5ae175d0c58d6f893187690ad29af43effe1f7667f
                                                  • Instruction ID: 7b395ba1e71440a6cb5b632af55c51cd28a85f62aed47fbfd97cc4a35e6fb648
                                                  • Opcode Fuzzy Hash: 1a4bf517ee9a0f42e2720c5ae175d0c58d6f893187690ad29af43effe1f7667f
                                                  • Instruction Fuzzy Hash: 40E0463082920CDFC704FFB8E44469DBBB4FB42301F4042BAC90462254FB3096D8CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B11C18, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 93b008306953cac693816a696dad5dec6201edb0bfa1d0ad29dcb33eb78da835
                                                  • Instruction ID: 744cf3de3ec03c1ac0c88eb1e74529ad633a6260c4047b61701e59b0ea6003fd
                                                  • Opcode Fuzzy Hash: 93b008306953cac693816a696dad5dec6201edb0bfa1d0ad29dcb33eb78da835
                                                  • Instruction Fuzzy Hash: 3AE04630D0930CEBCB18EFA8E44069DBBB1EB49300F5082B9C90462210E731A690CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F790, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a6e0606672b78715fae03e3187746e7be22b9ad3fd27792e80b7a9103bb4b219
                                                  • Instruction ID: b006695738b9e511f538ce6b29730663203d4902eda20404eb7ac4d23faab9e7
                                                  • Opcode Fuzzy Hash: a6e0606672b78715fae03e3187746e7be22b9ad3fd27792e80b7a9103bb4b219
                                                  • Instruction Fuzzy Hash: 86E04630E08208EFC704DFA8E484AADBBB0FB49300F1081E9D91893360E731A940CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B13F98, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: f7588bf8319ec65ed83bc69a5ea5fd8248db58ecff927747d9a79f2220ae07a0
                                                  • Instruction ID: 03f938940b02bcbe057b16e74cc38ef7bfc1c0603e9272972430404908bf3c33
                                                  • Opcode Fuzzy Hash: f7588bf8319ec65ed83bc69a5ea5fd8248db58ecff927747d9a79f2220ae07a0
                                                  • Instruction Fuzzy Hash: 18E04670D08228EFC704DFA8E458AACBBF0FB4A301F1081EAD81893364E7345A44CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10188, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a8b95acd9dc13a48a99aeb7ecd63c6dd62de18e07d9730cdef0d115babde2df
                                                  • Instruction ID: c5d5cd96e93ac951db70238e17135c8afb98d80af9be3e5106effa6c1edc1ec9
                                                  • Opcode Fuzzy Hash: 7a8b95acd9dc13a48a99aeb7ecd63c6dd62de18e07d9730cdef0d115babde2df
                                                  • Instruction Fuzzy Hash: 50E04634E08208EFC704EFA8E484A5DBBB4FF49300F1081EAD80893320E730AA90CF81
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B18158, Relevance: .0, Instructions: 19COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 9356b47b104fa58d22fa38f4007d0b6c8e2119b3c3a821e20ebaf45a907fee44
                                                  • Instruction ID: 5ca5b1dc1f85cc734d35b916e28c8bf3d6e9048f96b6d49203aa88ef244cbbde
                                                  • Opcode Fuzzy Hash: 9356b47b104fa58d22fa38f4007d0b6c8e2119b3c3a821e20ebaf45a907fee44
                                                  • Instruction Fuzzy Hash: 46E0C236444308ABDB017BB9ED019987F34AF02334F804B02F5649A9B2DA31919482A2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B16440, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e30dc2271654ffa38dc2b784a1748f3fa7e583eff7343c9e3f9c9226c915aeb5
                                                  • Instruction ID: 07da699e1ca4f98683ce7f8175cb0299863e0368cfafa3866243ef41ff5f08b1
                                                  • Opcode Fuzzy Hash: e30dc2271654ffa38dc2b784a1748f3fa7e583eff7343c9e3f9c9226c915aeb5
                                                  • Instruction Fuzzy Hash: A6E0B670D1521CEFCB94EFB8E05429CBBB4EB45205F4081EAC91892254E7355680CF85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B10D78, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 4bfe557a8c8cb62b1542706031e00e4daad4453f6075e08f3d1b85d1e9bac653
                                                  • Instruction ID: 7e47f21fb1299661174127d1f39bdd450cf3b45dd8a8a32e95ce66b44e6e0b70
                                                  • Opcode Fuzzy Hash: 4bfe557a8c8cb62b1542706031e00e4daad4453f6075e08f3d1b85d1e9bac653
                                                  • Instruction Fuzzy Hash: 83E08C30C0921CEACB14EFF4A00025CBBB4EB45304F5081F9C80452244E7355A80DB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14560, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: b6a772c371407ac613abd693cc362915e161445d51073edd83c1fbabefa537d3
                                                  • Instruction ID: d25d7dec2137f5dd21e837edfdfe05cab64b0201b7900abacecce7b8db00d899
                                                  • Opcode Fuzzy Hash: b6a772c371407ac613abd693cc362915e161445d51073edd83c1fbabefa537d3
                                                  • Instruction Fuzzy Hash: 74E0EC70D0920CEBC758EFB4E45465DB7B5EB45305F5085F9C81463254E7355A41CB85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B14D58, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fb3b87b47b9d0129c541178ee75d475d19af3a1768ca6c534690f8a3235dbca2
                                                  • Instruction ID: e778716efefb265b12d972b732bcd80ae88a2c9c527c5bed5a4464e35b39389b
                                                  • Opcode Fuzzy Hash: fb3b87b47b9d0129c541178ee75d475d19af3a1768ca6c534690f8a3235dbca2
                                                  • Instruction Fuzzy Hash: 9FE0EC30D0930CEFCB18DFB4E44565DBBB5FB45305F5082A9D81893244E7359981CF85
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B12D48, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e2e2eeb1dac09dc9078b1aa6756afdc3e64aae168490215e3cac11c376f91095
                                                  • Instruction ID: efb092a08caa4d5abd6ba3f440bca8249cb6f917d6acd1deddf6cd5b33db3fc2
                                                  • Opcode Fuzzy Hash: e2e2eeb1dac09dc9078b1aa6756afdc3e64aae168490215e3cac11c376f91095
                                                  • Instruction Fuzzy Hash: 2AE0EC30D0930CEFD718EFB4E44465DBBB5EB45304F5082E9C40463254E7355581CB86
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15F38, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 1e155221b29faa8bb25766724c996083319e0572c091219dcb0b031bfce65f55
                                                  • Instruction ID: e4aaaf9d2692d3831b983cf4aa51124901cd529ba851d7b5a4eceed68ebce727
                                                  • Opcode Fuzzy Hash: 1e155221b29faa8bb25766724c996083319e0572c091219dcb0b031bfce65f55
                                                  • Instruction Fuzzy Hash: A4E0EC30D0931CEFCB24EFB8E45469DB7B5EB85305F5081E9C80893254E7355A45DF95
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B13BE8, Relevance: .0, Instructions: 18COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 755b643560a4e9aa73478fe2d28d4bbdc9c8f2986fe474b16968a8f99f5affdc
                                                  • Instruction ID: cdfd6ac6dca2ae40c67f406691dcc2fc177c7f33ed55a3f8037902e987abe35e
                                                  • Opcode Fuzzy Hash: 755b643560a4e9aa73478fe2d28d4bbdc9c8f2986fe474b16968a8f99f5affdc
                                                  • Instruction Fuzzy Hash: BCE08C30C0935CEBC718EBB8E00026CBBF0EB45304F5082E9C81462254E7355A40CB51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B15644, Relevance: .0, Instructions: 17COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: c293d5f561b06fc92b6329748f0e33681708230eadd77e06746cee13d3080583
                                                  • Instruction ID: c793ce33b20a95ff0b4ddb0c67d206216671a8942454cd7fc7e20dd6418cf494
                                                  • Opcode Fuzzy Hash: c293d5f561b06fc92b6329748f0e33681708230eadd77e06746cee13d3080583
                                                  • Instruction Fuzzy Hash: 6BD02E3228830CEBD7003BA8D800A193B38FF26300F808600F9849AA20EB31E0A09292
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1B6E0, Relevance: .0, Instructions: 16COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                  • Instruction ID: 9df23621747d83fbfa3fb5bef9627f6538f88040bfddb499d332465ab3ceefc3
                                                  • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                                                  • Instruction Fuzzy Hash: 56D09E76D04139978B10AFE9DC054DFFF78EF05650B418166E915A7110D3716A21DBD1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1647A, Relevance: .0, Instructions: 15COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: dee4555e87e3436d9d6db458126cc95d62a1f3163c0e74c2228de7969c08b935
                                                  • Instruction ID: 443ff5b9b7e5f705b8e28f2acf645c573eac8a61a632f6363c365963ac996fd2
                                                  • Opcode Fuzzy Hash: dee4555e87e3436d9d6db458126cc95d62a1f3163c0e74c2228de7969c08b935
                                                  • Instruction Fuzzy Hash: 1AD0A7201087C45FE3419B78C4447983FA95F4750CF4600F6D14DCB3A3C536B8048314
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1D560, Relevance: .0, Instructions: 14COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0d54a579d3f0fb6416ab76bac6a999e49ae4d90ea5fa77274766b80918196223
                                                  • Instruction ID: 42ff956ac35ae06669bc5ae5a8d321cfdb727c8a62255a98da72a91e594df5e7
                                                  • Opcode Fuzzy Hash: 0d54a579d3f0fb6416ab76bac6a999e49ae4d90ea5fa77274766b80918196223
                                                  • Instruction Fuzzy Hash: 42D012332442085E9B41FFE4E880C5277ECAB1474478488A2E604CA430EA21F474E755
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1545C, Relevance: .0, Instructions: 13COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 02878326cc7f34417fc3db3527f7940f6dbc284a4a69c2b313a2ca2ef403525f
                                                  • Instruction ID: f858327f3d8c493afe7cd8b27023c3f123a420adeb493db6ab3aa9a621e75fdd
                                                  • Opcode Fuzzy Hash: 02878326cc7f34417fc3db3527f7940f6dbc284a4a69c2b313a2ca2ef403525f
                                                  • Instruction Fuzzy Hash: 59C080703441099FD640BBBCD44596433DCFF55604B4205E1B10DD7731DA30EC004710
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1F892, Relevance: .0, Instructions: 10COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 7a32522935a0c73ef73c2af4870d19dc2e8ef5c8e285d9b9276f010a538dfcf4
                                                  • Instruction ID: 3d607cb90673e8f67851a90d994465772098c863f19ebb33d8d87b23edbdea3d
                                                  • Opcode Fuzzy Hash: 7a32522935a0c73ef73c2af4870d19dc2e8ef5c8e285d9b9276f010a538dfcf4
                                                  • Instruction Fuzzy Hash: 97C08C2A0000008AEB612F10C80AB847A22FB00224F815AA094F2040F0EA1090114206
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1E5A0, Relevance: .0, Instructions: 9COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e7dab83750251bc18910fe9b1253ceb002d72bd4ef5cfcf6b29884f4959a0e01
                                                  • Instruction ID: 26287e8e0d822f8aaa24e64706bdeafd3e9d570e9bc7ad1ed047adb426517206
                                                  • Opcode Fuzzy Hash: e7dab83750251bc18910fe9b1253ceb002d72bd4ef5cfcf6b29884f4959a0e01
                                                  • Instruction Fuzzy Hash: EEC09B3611D004DF6702A750C944C157796FF753047C1CD95E255C7170E731D419E711
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1AED1, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 0dc0321fd1aa7f08a87b363dbd69c77f2bc8ff195c4f5740a3590bbb8ff2fbb6
                                                  • Instruction ID: 1361334b2b6c9e50c9e37b4b37150c196d46e80f5996bd082771767c064a54e8
                                                  • Opcode Fuzzy Hash: 0dc0321fd1aa7f08a87b363dbd69c77f2bc8ff195c4f5740a3590bbb8ff2fbb6
                                                  • Instruction Fuzzy Hash: A8B092620892C68FCA519620D8507F43720FB53209BA800D68148850A2D6245808CE17
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B19A38, Relevance: .0, Instructions: 6COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2c659baee521dab0037b1bf2aa6176db4641aa00cd2aa398308699b15b5e72dd
                                                  • Instruction ID: 9e406db13f51613bcbd3378716255b07c80aaf1930ffc176a0cbea9cf2e3ae00
                                                  • Opcode Fuzzy Hash: 2c659baee521dab0037b1bf2aa6176db4641aa00cd2aa398308699b15b5e72dd
                                                  • Instruction Fuzzy Hash: 04A0220228F00A823C00B2A000882B80203BBA02003E00E82C280C0A20CA0CB00880B3
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions

                                                  Function 01204ED9, Relevance: 2.7, Strings: 2, Instructions: 160COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: o?N$o?N
                                                  • API String ID: 0-1870023466
                                                  • Opcode ID: f31dd153aa3471e19e7b108c03a4f219e33408d92c84357c49c22a0c943dd8ab
                                                  • Instruction ID: 6e00b8191b0889fe8379fa3f1fae98bce7d3deff9811f85846867ab6f1a16c57
                                                  • Opcode Fuzzy Hash: f31dd153aa3471e19e7b108c03a4f219e33408d92c84357c49c22a0c943dd8ab
                                                  • Instruction Fuzzy Hash: 01618AB0D2424AEFCB05CFA5D4855EEFBB2BF48304F14C65AD615AB245D3789A42CF90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01202041, Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: N*|U$N*|U
                                                  • API String ID: 0-230647747
                                                  • Opcode ID: 3c5fdaf64c638751208bbfe836d64f2ad25846f31fd917c5825ee9e534535025
                                                  • Instruction ID: 62699884fd49e70092ab035bcc94de077c7d04271f4fe5001617e1b003c1d1b0
                                                  • Opcode Fuzzy Hash: 3c5fdaf64c638751208bbfe836d64f2ad25846f31fd917c5825ee9e534535025
                                                  • Instruction Fuzzy Hash: F8516B74E2121ADFCB05CF94D8858EEFBB2FF99310F248616E501BB255D770AA41CB90
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 012052C8, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: {Uak
                                                  • API String ID: 0-1368127212
                                                  • Opcode ID: aa205d2a4ba2404a88b1711667dc5774c08cc379897adeb8b36211148ccaede2
                                                  • Instruction ID: 4ef0389ab13257e70593cae88a6b48895490f576de6f9c059d76318da293b08a
                                                  • Opcode Fuzzy Hash: aa205d2a4ba2404a88b1711667dc5774c08cc379897adeb8b36211148ccaede2
                                                  • Instruction Fuzzy Hash: B7412670E1464A9FCB49CFAAC8815AEFBF2FF88300F14D16AC514B7255E3749A428F54
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 012052D8, Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                  Download Yara Rule
                                                  Strings
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID: {Uak
                                                  • API String ID: 0-1368127212
                                                  • Opcode ID: 9b4b2679890973feaa0bc6ca318f2b4b1f3ff8aadcbb39452951c8dcc9bd8ff4
                                                  • Instruction ID: aa2d243b472425dc7b91bad564490591949b61a76ef4183c16f0fc4fc3077e7d
                                                  • Opcode Fuzzy Hash: 9b4b2679890973feaa0bc6ca318f2b4b1f3ff8aadcbb39452951c8dcc9bd8ff4
                                                  • Instruction Fuzzy Hash: 054104B0E2464ADBCB48CFAAD4815AEFBF2FB88310F14D12AC514B7255D7749A428F94
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1C150, Relevance: .3, Instructions: 270COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: bd20cd2e7ec79c77b85c507b6b3d3021582b38b8e0c875570e6b403d104e7219
                                                  • Instruction ID: 00f79d883d0fdb8116e846aba323b3abe8de1ba6146c9c72adbfb548177959a0
                                                  • Opcode Fuzzy Hash: bd20cd2e7ec79c77b85c507b6b3d3021582b38b8e0c875570e6b403d104e7219
                                                  • Instruction Fuzzy Hash: 1FD10A30C2175A8BCB14EB64C950AADB375FFA9300F61DB9AD54977220EB706AC4CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 04B1C160, Relevance: .3, Instructions: 264COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.276782757.0000000004B10000.00000040.00000001.sdmp, Offset: 04B10000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_4b10000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: a00fb792fa65b8c34f38d23922b2a0fc1c9139585396794e71347670740ea479
                                                  • Instruction ID: d58fed83a7c8138b2548eea210069482d0e57933d374f3c7504298fa63c0d460
                                                  • Opcode Fuzzy Hash: a00fb792fa65b8c34f38d23922b2a0fc1c9139585396794e71347670740ea479
                                                  • Instruction Fuzzy Hash: 21D10A30C2175A8BCB14EB64C950AADB375FF99300F61DB9AD15977220EB706AC4CF91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01204088, Relevance: .2, Instructions: 185COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 91e6fe4dd21157392311f036f58a104153a4e983b0ab670908e22c081c07b271
                                                  • Instruction ID: 8c51aa557580d307ae3075838ddd9fbfd96127a8dd4a02701ae3fee73c1fd076
                                                  • Opcode Fuzzy Hash: 91e6fe4dd21157392311f036f58a104153a4e983b0ab670908e22c081c07b271
                                                  • Instruction Fuzzy Hash: 2B813274E21249CFCB09CFA9C58589EFBF2FF88210B14C66AD515AB365D330AA42CF50
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01204098, Relevance: .2, Instructions: 184COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: d595793af089f9eb4f958357e253e9895bd1aa1579ccbce4e8edc49f3fb21118
                                                  • Instruction ID: 8f3f8a9ec780ec422f27deb999ea8e4738b6231e5e8695739939980483129baf
                                                  • Opcode Fuzzy Hash: d595793af089f9eb4f958357e253e9895bd1aa1579ccbce4e8edc49f3fb21118
                                                  • Instruction Fuzzy Hash: 9481E274E21249CFCB04CFA9C58599EFBF2FF88210B14C65AE515AB265D370AA42CF51
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01205469, Relevance: .2, Instructions: 156COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: e5d36c24f1ef943ae41caadea58de0df102b195b766e7ed20320410a61e12d23
                                                  • Instruction ID: 6e664c46bf19ed30851bf6419736477b96b96052dcb685dfa0342b93e0c65c86
                                                  • Opcode Fuzzy Hash: e5d36c24f1ef943ae41caadea58de0df102b195b766e7ed20320410a61e12d23
                                                  • Instruction Fuzzy Hash: BB613474E2920A8FCB09CFA9C5815DEFBF2FF89300F28956AD405BB255D3749A418F64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 01205478, Relevance: .2, Instructions: 155COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000000.00000002.268463083.0000000001200000.00000040.00000001.sdmp, Offset: 01200000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_0_2_1200000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 17d40837118a57b07a43f51ac8414ae6a4ee9dce0de6c8c96f97e3f68b3f9d6d
                                                  • Instruction ID: 0e7d9c215a7b1045c88273db05bcbacf7bc96cff46cd6355e885dc42677d9fd5
                                                  • Opcode Fuzzy Hash: 17d40837118a57b07a43f51ac8414ae6a4ee9dce0de6c8c96f97e3f68b3f9d6d
                                                  • Instruction Fuzzy Hash: 57612374E292098FCB08CFA9C5819DEFBF2FF88310F24916AD415BB255D3749A418F64
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Analysis Process: Quot_466378-09.exe PID: 6432 Parent PID: 2100 Quot_466378-09.exeCOMMON

                                                  Execution Graph

                                                  Execution Coverage:9.5%
                                                  Dynamic/Decrypted Code Coverage:100%
                                                  Signature Coverage:0%
                                                  Total number of Nodes:15
                                                  Total number of Limit Nodes:0

                                                  Graph

                                                  execution_graph 18465 348dd38 18466 348dd7c SetWindowsHookExW 18465->18466 18468 348ddc2 18466->18468 18461 3489920 18462 3489966 KiUserCallbackDispatcher 18461->18462 18464 34899b9 18462->18464 18453 17fd6e0 18454 17fd6fe 18453->18454 18457 17fc8f8 18454->18457 18456 17fd735 18459 17ff200 LoadLibraryA 18457->18459 18460 17ff2dc 18459->18460 18469 17f8480 18470 17f84c8 VirtualProtect 18469->18470 18471 17f8502 18470->18471

                                                  Executed Functions

                                                  Function 017F83A0, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 0 17f83a0-17f83a6 1 17f83ca-17f83d6 0->1 2 17f83a8-17f83ac 0->2 3 17f83d8-17f83dd 1->3 4 17f83e1-17f8432 1->4 5 17f83df 3->5 6 17f83ad-17f83c9 3->6 10 17f843e-17f845e 4->10 11 17f8434-17f843a 4->11 5->2 6->1 18 17f8461-17f8500 VirtualProtect 10->18 19 17f8460 10->19 13 17f843c 11->13 14 17f8418-17f8425 11->14 22 17f8509-17f852a 18->22 23 17f8502-17f8508 18->23 19->18 23->22
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500246407.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_17f0000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 11426e15d2434db834bc8c6685e02aa6a415e3716b60e801ae605b491c836a78
                                                  • Instruction ID: 8db859b66deee90c14451bae87f20bf9aa62905e43eb07a98e75a15f0c9f0d5f
                                                  • Opcode Fuzzy Hash: 11426e15d2434db834bc8c6685e02aa6a415e3716b60e801ae605b491c836a78
                                                  • Instruction Fuzzy Hash: 5541A235A042088FCB11DFA9D884AEEFBF1EF88314F19806DD90997352D735A845CB92
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017FC8F8, Relevance: 1.6, APIs: 1, Instructions: 89libraryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 26 17fc8f8-17ff257 28 17ff259-17ff263 26->28 29 17ff290-17ff2da LoadLibraryA 26->29 28->29 30 17ff265-17ff267 28->30 34 17ff2dc-17ff2e2 29->34 35 17ff2e3-17ff314 29->35 32 17ff28a-17ff28d 30->32 33 17ff269-17ff273 30->33 32->29 36 17ff277-17ff286 33->36 37 17ff275 33->37 34->35 41 17ff316-17ff31a 35->41 42 17ff324 35->42 36->36 39 17ff288 36->39 37->36 39->32 41->42 43 17ff31c 41->43 43->42
                                                  APIs
                                                  • LoadLibraryA.KERNELBASE(?), ref: 017FF2CA
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500246407.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_17f0000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: LibraryLoad
                                                  • String ID:
                                                  • API String ID: 1029625771-0
                                                  • Opcode ID: 1c7c5afc2a9499f967da3f799aebeff1bf7402cf4fed2834cd9c2f6d6650b7e2
                                                  • Instruction ID: 5fccd1f96bcb1f95ffb99a4f48b4e8721a52e2941b4a758c6855a2ad0f1535fe
                                                  • Opcode Fuzzy Hash: 1c7c5afc2a9499f967da3f799aebeff1bf7402cf4fed2834cd9c2f6d6650b7e2
                                                  • Instruction Fuzzy Hash: D63121BAD042489FDB14CFA9D8847AEFBF1FB08314F14852EE915AB380DB749445CB91
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03489910, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 665 3489910-3489974 669 348997f-34899b7 KiUserCallbackDispatcher 665->669 670 34899b9-34899bf 669->670 671 34899c0-34899e6 669->671 670->671
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000050), ref: 034899A3
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.501004599.0000000003480000.00000040.00000001.sdmp, Offset: 03480000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_3480000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 7ae2884340e3cb23220026815c39684a81d36c6a32bb5b18c24a58792b64f237
                                                  • Instruction ID: 0ffbd79c1b00fe2afc9a2f4da920d74e9a8ae3524ba41a4c7b2ce3a6988537a8
                                                  • Opcode Fuzzy Hash: 7ae2884340e3cb23220026815c39684a81d36c6a32bb5b18c24a58792b64f237
                                                  • Instruction Fuzzy Hash: EC2155B1D042498FCB00DFA9D8497EEBBF4EB59324F04845AD425BB380D778A909CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0348DD33, Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 674 348dd33-348dd82 677 348dd8e-348ddc0 SetWindowsHookExW 674->677 678 348dd84-348dd8c 674->678 679 348ddc9-348ddee 677->679 680 348ddc2-348ddc8 677->680 678->677 680->679
                                                  APIs
                                                  • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 0348DDB3
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.501004599.0000000003480000.00000040.00000001.sdmp, Offset: 03480000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_3480000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: HookWindows
                                                  • String ID:
                                                  • API String ID: 2559412058-0
                                                  • Opcode ID: 9663c8bcaf9b80ee57f99bec0fcc6f68695528abe521f47d3b33266ad3545eca
                                                  • Instruction ID: 4281a26fd855a5369c489624658cc443e2f75f03865eae8acbce675bd3826dd8
                                                  • Opcode Fuzzy Hash: 9663c8bcaf9b80ee57f99bec0fcc6f68695528abe521f47d3b33266ad3545eca
                                                  • Instruction Fuzzy Hash: 85213275D04208DFCB10DFA9D944BEEFBF4AB88318F04842AE419A7390CB74A944CFA0
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0348DD38, Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 685 348dd38-348dd82 687 348dd8e-348ddc0 SetWindowsHookExW 685->687 688 348dd84-348dd8c 685->688 689 348ddc9-348ddee 687->689 690 348ddc2-348ddc8 687->690 688->687 690->689
                                                  APIs
                                                  • SetWindowsHookExW.USER32(?,00000000,?,?), ref: 0348DDB3
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.501004599.0000000003480000.00000040.00000001.sdmp, Offset: 03480000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_3480000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: HookWindows
                                                  • String ID:
                                                  • API String ID: 2559412058-0
                                                  • Opcode ID: 005a48fc19d92c6ffdf7f2b45649a544aaf8f3755bb7f4f61ddfcd403fdf8831
                                                  • Instruction ID: b90c813ba7854a954a589dce5dbe8789a2f4f6ee6dcaffaa342dfa4e213a657e
                                                  • Opcode Fuzzy Hash: 005a48fc19d92c6ffdf7f2b45649a544aaf8f3755bb7f4f61ddfcd403fdf8831
                                                  • Instruction Fuzzy Hash: 93211375D04209DFCB10DFA9D944BEEFBF5AB88318F14842AD419A7790CB74A944CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 03489920, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 695 3489920-34899b7 KiUserCallbackDispatcher 699 34899b9-34899bf 695->699 700 34899c0-34899e6 695->700 699->700
                                                  APIs
                                                  • KiUserCallbackDispatcher.NTDLL(00000050), ref: 034899A3
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.501004599.0000000003480000.00000040.00000001.sdmp, Offset: 03480000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_3480000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: CallbackDispatcherUser
                                                  • String ID:
                                                  • API String ID: 2492992576-0
                                                  • Opcode ID: 945f08103c407ca5f1633efa71ad22c724a046e227ead9f12420687c2bc35512
                                                  • Instruction ID: da7220cb87b2080cf9274594a01cda9b035f8f56402478757d9a9b7355b85880
                                                  • Opcode Fuzzy Hash: 945f08103c407ca5f1633efa71ad22c724a046e227ead9f12420687c2bc35512
                                                  • Instruction Fuzzy Hash: A02138B0D142198FCB00DFA9D9446EEBBF4FB49324F04855AD429BB380D738A945CFA5
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 017F8480, Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                  Download Yara Rule

                                                  Control-flow Graph

                                                  • Executed
                                                  • Not Executed
                                                  control_flow_graph 703 17f8480-17f8500 VirtualProtect 705 17f8509-17f852a 703->705 706 17f8502-17f8508 703->706 706->705
                                                  APIs
                                                  • VirtualProtect.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 017F84F3
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500246407.00000000017F0000.00000040.00000001.sdmp, Offset: 017F0000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_17f0000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID: ProtectVirtual
                                                  • String ID:
                                                  • API String ID: 544645111-0
                                                  • Opcode ID: 6d1ba1da7db94f2432b850d72383167ae7dd1a8e95f82107638f0ffd56f9cae2
                                                  • Instruction ID: b559c5e8d579052d07ff4b938717bb434e5edf3a58aa3e43535ccec9a0c47aba
                                                  • Opcode Fuzzy Hash: 6d1ba1da7db94f2432b850d72383167ae7dd1a8e95f82107638f0ffd56f9cae2
                                                  • Instruction Fuzzy Hash: AC2114B5D042499FCB10CF9AC984BDEFBF4FB48324F118029E968A7240D378A644CFA1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0178D4B4, Relevance: .1, Instructions: 75COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500009162.000000000178D000.00000040.00000001.sdmp, Offset: 0178D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_178d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: fc12e14aa6d712be5e6a2fd4e8ab75e340a7326575803a09e6c8684630eaac3a
                                                  • Instruction ID: be925b0e66f3aa05c7ee54062d6105b374aae24bbc2b6371509277c53ea73c02
                                                  • Opcode Fuzzy Hash: fc12e14aa6d712be5e6a2fd4e8ab75e340a7326575803a09e6c8684630eaac3a
                                                  • Instruction Fuzzy Hash: 392136B1544240DFCB21EF54D8C0B26FB65FB88328F34C5AAE9094B286C336D855C6B1
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D01C, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: eae5e44d41ee29c9758785937791504649327d3a72e7e750cf682fd7b1c3ab8d
                                                  • Instruction ID: c7f9bb6523282880c0dde56ed9cd5e5a3ff8f5721566a18b6ba2bee3c0c45c5c
                                                  • Opcode Fuzzy Hash: eae5e44d41ee29c9758785937791504649327d3a72e7e750cf682fd7b1c3ab8d
                                                  • Instruction Fuzzy Hash: AF213B71508244DFDF21CF58E9C4B26FB65FB84364F24C5A9D9494B242C376D44BC662
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D468, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 643abd27237eb98fcb4a68c701eb2172dc7a0a38f7c703741427fff4915bd417
                                                  • Instruction ID: 1637bc1713f829b5bba2ef661eddf0315c40d3696c71f881d162a781ffd5901e
                                                  • Opcode Fuzzy Hash: 643abd27237eb98fcb4a68c701eb2172dc7a0a38f7c703741427fff4915bd417
                                                  • Instruction Fuzzy Hash: 29210A71508244DFDF15CF94E9C4B26FB65FB84318F24C5ADD9094B256C336E84ACB61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D1CC, Relevance: .1, Instructions: 72COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: ddebc992befd63833c6eeddc0948c98f6104bda36a9b35a053b5626474d3a6ec
                                                  • Instruction ID: 7f331d0c84f70d3e22ccbc1b59428780fedfec7c71b12abd4ffc2c70f82555ce
                                                  • Opcode Fuzzy Hash: ddebc992befd63833c6eeddc0948c98f6104bda36a9b35a053b5626474d3a6ec
                                                  • Instruction Fuzzy Hash: 8921F5B550C244DFDF11DF94E9C0B26FBA5FB88324F24C5A9D9094B246C736D84ACA61
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0178D4AF, Relevance: .1, Instructions: 56COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500009162.000000000178D000.00000040.00000001.sdmp, Offset: 0178D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_178d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: deac191434135470ec4011e3758ba82af0038852f0979ee31e94792e76cfbc84
                                                  • Instruction ID: 60cacbdb9f2d3da9328a123e923827d7a9566fd4e43d264f80370483bb1699b3
                                                  • Opcode Fuzzy Hash: deac191434135470ec4011e3758ba82af0038852f0979ee31e94792e76cfbc84
                                                  • Instruction Fuzzy Hash: D011B176844280DFCB12DF54D5C4B16FF71FB84324F28C6AAD8054B656C336D556CBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D017, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: be4352f1225d50819bad75acc8bb636508d85c1b858079697209287b255d2f20
                                                  • Instruction ID: 2ebccfdc031929c877da66a0ff6d3f3f467dc25b86ebe404cedd5cbf9ee0b636
                                                  • Opcode Fuzzy Hash: be4352f1225d50819bad75acc8bb636508d85c1b858079697209287b255d2f20
                                                  • Instruction Fuzzy Hash: 0A116075504284DFDF22CF18E5C4B16FB61FB84324F28C6A9D8494B656C33AD45ACBA2
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D463, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction ID: 3fcb712da0ad707d9f01ce9c2d80a1be04b3840af34f17a090934a70f1fff10e
                                                  • Opcode Fuzzy Hash: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction Fuzzy Hash: 4311BB76504280CFCB12CF64E5C4B15FBB1FB84328F28C6AAD8094B656C33AD45ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Function 0179D1C7, Relevance: .1, Instructions: 53COMMON
                                                  Download Yara Rule
                                                  Memory Dump Source
                                                  • Source File: 00000006.00000002.500044342.000000000179D000.00000040.00000001.sdmp, Offset: 0179D000, based on PE: false
                                                  Joe Sandbox IDA Plugin
                                                  • Snapshot File: hcaresult_6_2_179d000_Quot_466378-09.jbxd
                                                  Similarity
                                                  • API ID:
                                                  • String ID:
                                                  • API String ID:
                                                  • Opcode ID: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction ID: 692c5bbbfa5682b5d6ddc0699398765edfabe13e47d990b306f8c3c9b16ffcc0
                                                  • Opcode Fuzzy Hash: 2b8c1de1df9e1e9de3bb126e76660bc12f45e491b39e16848e08cf26b9ff2aa6
                                                  • Instruction Fuzzy Hash: 69118B75908280DFDB12CF54E5C4B15FBA1FB84324F28C6AAD8494B656C33AD85ACB62
                                                  Uniqueness

                                                  Uniqueness Score: -1.00%

                                                  Non-executed Functions